[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-surveillance.de.htm...
|
From: |
GNUN |
|
Subject: |
www/proprietary proprietary-surveillance.de.htm... |
|
Date: |
Fri, 26 Oct 2018 21:58:21 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 18/10/26 21:58:21
Modified files:
proprietary : proprietary-surveillance.de.html
proprietary/po : proprietary-surveillance.de-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-surveillance.de.html?cvsroot=www&r1=1.36&r2=1.37
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.de-diff.html?cvsroot=www&r1=1.11&r2=1.12
Patches:
Index: proprietary-surveillance.de.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-surveillance.de.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -b -r1.36 -r1.37
--- proprietary-surveillance.de.html 27 Jul 2018 03:01:21 -0000 1.36
+++ proprietary-surveillance.de.html 27 Oct 2018 01:58:21 -0000 1.37
@@ -3,7 +3,7 @@
https://www.gnu.org/proprietary/po/proprietary-surveillance.de.po</a>'
--><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-surveillance.html"
--><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-surveillance.de-diff.html"
- --><!--#set var="OUTDATED_SINCE" value="2018-05-19" -->
+ --><!--#set var="OUTDATED_SINCE" value="2018-08-28" -->
<!--#include virtual="/server/header.de.html" -->
<!-- Parent-Version: 1.84 -->
@@ -2007,7 +2007,7 @@
<p class="unprintable"><!-- timestamp start -->
Letzte Ãnderung:
-$Date: 2018/07/27 03:01:21 $
+$Date: 2018/10/27 01:58:21 $
<!-- timestamp end -->
</p>
Index: po/proprietary-surveillance.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.de-diff.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- po/proprietary-surveillance.de-diff.html 2 Aug 2018 07:32:59 -0000
1.11
+++ po/proprietary-surveillance.de-diff.html 27 Oct 2018 01:58:21 -0000
1.12
@@ -19,13 +19,14 @@
}
#surveillance div.toc {
width: 24.5em; max-width: 94%;
- margin-bottom: 1em;
+ <span class="removed"><del><strong>margin-bottom: 1em;</strong></del></span>
+ <span class="inserted"><ins><em>margin: 1em 0;</em></ins></span>
}
@media (min-width: 48em) {
#surveillance div.toc {
float: left;
width: auto; max-width: 48%;
- margin: .2em 0 1em;
+ margin: <span class="removed"><del><strong>.2em</strong></del></span>
<span class="inserted"><ins><em>1.2em</em></ins></span> 0 1em;
}
#surveillance .medium {
width: 43%;
@@ -39,26 +40,43 @@
<h2>Proprietary Surveillance</h2>
+<span class="inserted"><ins><em><p><a
href="/proprietary/proprietary.html">
+ Other examples of proprietary malware</a></p>
+
+<div class="comment"></em></ins></span>
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
-basic injustice</a>. The developers often exercise that power to the
-detriment of the users they ought to serve.</p>
+basic injustice</a>. The developers <span class="inserted"><ins><em>and
manufacturers</em></ins></span> often exercise
+that power to the detriment of the users they ought to serve.</p>
+
+<span class="removed"><del><strong><div class="announcement">
+<p>This document attempts</strong></del></span>
-<div class="announcement">
-<p>This document attempts to
-track <strong>clearly established cases of proprietary software that
-spies on or tracks users</strong>.</p>
+<span class="inserted"><ins><em><p>One common form of mistreatment
is</em></ins></span> to
+<span class="removed"><del><strong>track</strong></del></span> <span
class="inserted"><ins><em>snoop on the user. This page
+records</em></ins></span> <strong>clearly established cases of
proprietary software that
+spies on or tracks <span
class="removed"><del><strong>users</strong>.</p>
<p><a href="/proprietary/proprietary.html">
- Other examples of proprietary malware</a></p>
+ Other examples</strong></del></span> <span
class="inserted"><ins><em>users</strong>. Manufacturers even refuse
+to <a
href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say
+whether they snoop on users for the state</a>.</p>
+
+<p>All appliances and applications that are tethered to a specific
+server are snoopers by nature. We do not list them in this page
+because they have their own
+page: <a href="/proprietary/proprietary-tethers.html">Proprietary
+Tethers</a>.</p>
-<span class="inserted"><ins><em><p>If you know of an example that ought
to be in this page but isn't
+<div class="important" style="margin-bottom: 2em">
+<p>If you know</em></ins></span> of <span
class="removed"><del><strong>proprietary
malware</a></p></strong></del></span> <span
class="inserted"><ins><em>an example that ought to be in this page but isn't
here, please write
to <a href="mailto:address@hidden"><address@hidden></a>
to inform us. Please include the URL of a trustworthy reference or two
-to present the specifics.</p></em></ins></span>
+to serve as specific substantiation.</p>
+</div></em></ins></span>
</div>
<div id="surveillance">
@@ -70,65 +88,72 @@
</div>
<div class="toc">
- <h3 id="TableOfContents">Table of Contents</h3>
- <ul>
+<h3 id="TableOfContents">Table of Contents</h3>
+<ul>
<li><a href="#Introduction">Introduction</a></li>
- <li><a href="#OSSpyware">Spyware in Operating Systems</a>
+ <li><a href="#OSSpyware">Spyware in <span
class="removed"><del><strong>Operating Systems</a></strong></del></span>
<span class="inserted"><ins><em>Laptops and Desktops</a></em></ins></span>
<ul>
- <li><a href="#SpywareInWindows">Spyware in
Windows</a></li>
- <li><a href="#SpywareInMacOS">Spyware in
MacOS</a></li>
- <li><a href="#SpywareInAndroid">Spyware in
Android</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInWindows">Spyware in
Windows</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInWindows">Windows</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInMacOS">Spyware in
MacOS</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInMacOS">MacOS</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInAndroid">Spyware in
Android</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInBIOS">BIOS</a></li></em></ins></span>
</ul>
</li>
<li><a href="#SpywareOnMobiles">Spyware on Mobiles</a>
<ul>
- <li><a href="#SpywareIniThings">Spyware in
iThings</a></li>
- <li><a href="#SpywareInTelephones">Spyware in
Telephones</a></li>
- <li><a href="#SpywareInMobileApps">Spyware in Mobile
Applications</a></li>
- <li><a href="#SpywareInToys">Spyware in
Toys</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareIniThings">Spyware in
iThings</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInTelephones">All
“Smart” Phones</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInTelephones">Spyware in
Telephones</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareIniThings">iThings</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInMobileApps">Spyware in Mobile
Applications</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInAndroid">Android
Telephones</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInToys">Spyware in
Toys</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInElectronicReaders">E-Readers</a></li></em></ins></span>
</ul>
</li>
- <li><a href="#SpywareOnSmartWatches">Spyware on Smart
Watches</a></li>
- <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a>
+ <li><a <span
class="removed"><del><strong>href="#SpywareOnSmartWatches">Spyware on Smart
Watches</a></li>
+ <li><a href="#SpywareAtLowLevel">Spyware at Low
Level</a></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInApplications">Spyware in
Applications</a></em></ins></span>
<ul>
- <li><a href="#SpywareInBIOS">Spyware in
BIOS</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInBIOS">Spyware in
BIOS</a></li>
</ul>
- </li>
- <li><a href="#SpywareAtWork">Spyware at Work</a>
- <ul>
- <li><a href="#SpywareInSkype">Spyware in
Skype</a></li>
+ </li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInMobileApps">Mobile
Apps</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareAtWork">Spyware at Work</a>
+ <ul></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInSkype">Skype</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInSkype">Spyware in
Skype</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInGames">Games</a></li></em></ins></span>
</ul>
</li>
- <li><a href="#SpywareOnTheRoad">Spyware on the Road</a>
+ <li><a <span
class="removed"><del><strong>href="#SpywareOnTheRoad">Spyware on the
Road</a></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInEquipment">Spyware in Connected
Equipment</a></em></ins></span>
<ul>
- <li><a href="#SpywareInCameras">Spyware in
Cameras</a></li>
- <li><a href="#SpywareInElectronicReaders">Spyware in
e-Readers</a></li>
- <li><a href="#SpywareInVehicles">Spyware in
Vehicles</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInCameras">Spyware in
Cameras</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInTVSets">TV
Sets</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInElectronicReaders">Spyware in
e-Readers</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInCameras">Cameras</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInVehicles">Spyware in
Vehicles</a></li>
</ul>
- </li>
- <li><a href="#SpywareAtHome">Spyware at Home</a>
+ </li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInToys">Toys</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareAtHome">Spyware at
Home</a></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInDrones">Drones</a></li>
+ <li><a href="#SpywareAtHome">Other
Appliances</a></li>
+ <li><a
href="#SpywareOnWearables">Wearables</a></em></ins></span>
<ul>
- <li><a href="#SpywareInTVSets">Spyware in TV
Sets</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInTVSets">Spyware in TV
Sets</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareOnSmartWatches">“Smart”
Watches</a></li></em></ins></span>
</ul>
</li>
- <li><a href="#SpywareInGames">Spyware in
Games</a></li>
- <li><a href="#SpywareInRecreation">Spyware in
Recreation</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInGames">Spyware in
Games</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInVehicles">Vehicles</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInRecreation">Spyware in
Recreation</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInVR">Virtual
Reality</a></li>
+ </ul>
+ </li></em></ins></span>
<li><a href="#SpywareOnTheWeb">Spyware on the Web</a>
<ul>
- <li><a href="#SpywareInChrome">Spyware in
Chrome</a></li>
- <li><a href="#SpywareInFlash">Spyware in JavaScript and
Flash</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInChrome">Spyware in
Chrome</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInChrome">Chrome</a></li></em></ins></span>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInFlash">Spyware in JavaScript
and Flash</a></li></strong></del></span> <span
class="inserted"><ins><em>href="#SpywareInJavaScript">JavaScript</a></li>
+ <li><a
href="#SpywareInFlash">Flash</a></li></em></ins></span>
</ul>
</li>
- <li><a href="#SpywareInDrones">Spyware in
Drones</a></li>
+ <li><a <span
class="removed"><del><strong>href="#SpywareInDrones">Spyware</strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInNetworks">Spyware</em></ins></span>
in <span class="removed"><del><strong>Drones</a></li>
<li><a href="#SpywareEverywhere">Spyware
Everywhere</a></li>
- <li><a href="#SpywareInVR">Spyware In VR</a></li>
- </ul>
+ <li><a href="#SpywareInVR">Spyware In
VR</a></li></strong></del></span> <span
class="inserted"><ins><em>Networks</a></li></em></ins></span>
+</ul>
</div>
-</div>
+<span class="removed"><del><strong></div></strong></del></span>
<div style="clear: left;"></div>
-<!-- #Introduction -->
+<span class="removed"><del><strong><!-- #Introduction
--></strong></del></span>
+
+<span class="inserted"><ins><em></div></em></ins></span>
<div class="big-section">
<h3 id="Introduction">Introduction</h3>
@@ -149,7 +174,9 @@
keyboard, in the mobile computing industry, in the office, at home, in
transportation systems, and in the classroom.</p>
-<h3 id="AggregateInfoCollection">Aggregate or anonymized data</h3>
+<span class="removed"><del><strong><h3</strong></del></span>
+
+<span class="inserted"><ins><em><h4</em></ins></span>
id="AggregateInfoCollection">Aggregate or anonymized <span
class="removed"><del><strong>data</h3></strong></del></span> <span
class="inserted"><ins><em>data</h4></em></ins></span>
<p>Many companies, in their privacy policy, have a clause that claims
they share aggregate, non-personally identifiable information with
@@ -171,85 +198,153 @@
they will <em>do</em> with the data they collect. The wrong is that
they collect it at all.</p>
-<h3 id="LatestAdditions">Latest additions</h3>
+<span class="removed"><del><strong><h3</strong></del></span>
+
+<span class="inserted"><ins><em><h4</em></ins></span>
id="LatestAdditions">Latest <span
class="removed"><del><strong>additions</h3></strong></del></span> <span
class="inserted"><ins><em>additions</h4></em></ins></span>
<p>Latest additions are found on top under each category.</p>
-<!-- #OSSpyware -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<span class="removed"><del><strong><!-- #OSSpyware -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
--></strong></del></span>
+
+
<div class="big-section">
- <h3 id="OSSpyware">Spyware in Operating Systems</h3>
+ <h3 id="OSSpyware">Spyware in <span
class="removed"><del><strong>Operating Systems</h3></strong></del></span>
<span class="inserted"><ins><em>Laptops and
Desktops</h3></em></ins></span>
<span class="anchor-reference-id">(<a
href="#OSSpyware">#OSSpyware</a>)</span>
</div>
<div style="clear: left;"></div>
-
<div class="big-subsection">
- <h4 id="SpywareInWindows">Spyware in Windows</h4>
+ <h4 <span class="removed"><del><strong>id="SpywareInWindows">Spyware
in Windows</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInWindows">Windows</h4></em></ins></span>
<span class="anchor-reference-id">(<a
href="#SpywareInWindows">#SpywareInWindows</a>)</span>
</div>
-<ul>
- <li><p>Windows 10 telemetry program sends information to
Microsoft about the
- user's computer and their use of the computer.</p>
+<span class="removed"><del><strong><ul>
+ <li><p>Windows</strong></del></span>
- <p>Furthermore, for users who installed the fourth stable build of
- Windows 10, called the “Creators Update,” Windows maximized
the
- surveillance<a
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201712110">
+ <p>HP's proprietary operating system <a
+ href="http://www.bbc.com/news/technology-42309371">includes a
+ proprietary keyboard driver with a key logger in it</a>.</p>
+ </li>
+
+ <li id="M201710134">
+ <p>Windows</em></ins></span> 10 telemetry program sends information
to Microsoft about
+ the user's computer and their use of the computer.</p>
+
+ <p>Furthermore, for users who installed the
+ fourth stable build of Windows 10, called the
+ “Creators Update,” Windows maximized the
+ <span
class="removed"><del><strong>surveillance<a</strong></del></span> <span
class="inserted"><ins><em>surveillance <a</em></ins></span>
+
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
by force setting the telemetry mode to
“Full”</a>.</p>
-<p>The <a
+ <p>The <a
<span
class="removed"><del><strong>href="https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#full-level"></strong></del></span>
-<span
class="inserted"><ins><em>href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level"></em></ins></span>
+ <span
class="inserted"><ins><em>href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level"></em></ins></span>
“Full” telemetry mode</a> allows Microsoft Windows
- engineers to access, among other things, registry keys
- <a
href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
+ engineers to access, among other things, registry keys <a
+ href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
can contain sensitive information like administrator's login
- password</a>.</p></li>
+ <span class="removed"><del><strong>password</a>.</p></li>
- <li><p>Windows DRM
- files <a
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can
- be used to identify people browsing through Tor</a>. The
- vulnerability exists only if you use Windows.
+ <li><p>Windows DRM</strong></del></span>
+ <span class="inserted"><ins><em>password</a>.</p>
+ </li>
+
+ <li id="M201702020">
+ <p>DRM-restricted</em></ins></span> files <span
class="removed"><del><strong><a
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can</strong></del></span>
<span class="inserted"><ins><em>can</em></ins></span> be used to <span
class="inserted"><ins><em><a
+
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users"></em></ins></span>
+ identify people browsing through Tor</a>. The vulnerability exists
+ only if you use <span class="removed"><del><strong>Windows.
</p></li>
- <li><p>By default, Windows 10 <a
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
- debugging information to Microsoft, including core dumps</a>.
Microsoft now distributes them to another company.</p></li>
+ <li><p>By</strong></del></span> <span
class="inserted"><ins><em>Windows.</p>
+ </li>
-<li>In order to increase Windows 10's install base, Microsoft
-<a
-href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
-blatantly disregards user choice and privacy</a>.
-</li>
+ <li id="M201611240">
+ <p>By</em></ins></span> default, Windows 10 <a
+
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
+ debugging information to Microsoft, including core dumps</a>.
Microsoft
+ now distributes them to another <span
class="removed"><del><strong>company.</p></li>
- <li><p><a
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
- Windows 10 comes with 13 screens of snooping options</a>, all
enabled by default,
- and turning them off would be daunting to most
users.</p></li>
+<li>In</strong></del></span> <span
class="inserted"><ins><em>company.</p>
+ </li>
+
+ <li id="M201608171">
+ <p>In</em></ins></span> order to increase Windows 10's install base,
Microsoft <a
+
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
+ blatantly disregards user choice and <span
class="removed"><del><strong>privacy</a>.</strong></del></span> <span
class="inserted"><ins><em>privacy</a>.</p></em></ins></span>
+ </li>
+
+ <span
class="removed"><del><strong><li><p><a</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201603170">
+ <p><a</em></ins></span>
+
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
+ Windows 10 comes with 13 screens of snooping options</a>, all enabled
+ by default, and turning them off would be daunting to most <span
class="removed"><del><strong>users.</p></li>
<li><p><a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
Microsoft has already backdoored its disk
encryption</a>.</p></li>
- <li>It appears
- <a
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
+ <li>It</strong></del></span> <span
class="inserted"><ins><em>users.</p>
+ </li>
+
+ <li id="M201601050">
+ <p>It</em></ins></span> appears <a
+
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
Windows 10 sends data to Microsoft about what applications are
- running</a>.</li>
- <li><p>A downgrade to Windows 10 deleted surveillance-detection
+ <span class="removed"><del><strong>running</a>.</li>
+ <li><p>A</strong></del></span>
+ <span class="inserted"><ins><em>running</a>.</p>
+ </li>
+
+ <li id="M201512280">
+ <p>Microsoft has <a
+
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
+ backdoored its disk encryption</a>.</p>
+ </li>
+
+ <li id="M201511264">
+ <p>A</em></ins></span> downgrade to Windows 10 deleted
surveillance-detection
applications. Then another downgrade inserted a general spying
- program. Users noticed this and complained, so Microsoft
- renamed it
- <a
href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
+ program. Users noticed this and complained, so Microsoft renamed it <a
<span
class="removed"><del><strong>href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"></em></ins></span>
to give users the impression it was gone</a>.</p>
+
<p>To use proprietary software is to invite such
treatment.</p>
</li>
- <li><p>
+ <span class="removed"><del><strong><li><p>
Windows 10 <a
href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
- ships with default settings that show no regard for the
- privacy of its users</a>, giving Microsoft the “right”
- to snoop on the users' files, text input, voice input,
- location info, contacts, calendar records and web browsing
- history, as well as automatically connecting the machines to open
- hotspots and showing targeted ads.</p></li>
+ ships with default settings that show no regard</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201508180">
+ <p><a
+
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
+ Intel devices will be able to listen</em></ins></span> for <span
class="inserted"><ins><em>speech all the time, even
+ when “off.”</a></p>
+ </li>
+
+ <li id="M201508130">
+ <p><a
+
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
+ Windows 10 sends identifiable information to Microsoft</a>, even if
+ a user turns off its Bing search and Cortana features, and activates
+ the privacy-protection settings.</p>
+ </li>
+
+ <li id="M201507300">
+ <p>Windows 10 <a
+
href="https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
+ ships with default settings that show no regard for the privacy of
+ its users</a>, giving Microsoft</em></ins></span> the
+ <span class="removed"><del><strong>privacy of its users</a>, giving
Microsoft the</strong></del></span> “right” to snoop on
+ the users' files, text input, voice input, location info, contacts,
+ calendar records and web browsing history, as well as automatically
+ connecting the machines to open hotspots and showing targeted <span
class="removed"><del><strong>ads.</p></li>
<li><p>
<a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
@@ -257,163 +352,298 @@
turns off its Bing search and Cortana features, and activates the
privacy-protection settings.</p></li>
- <li><p>
- Microsoft uses Windows 10's “privacy policy” to overtly impose a
- “right” to look at users' files at any time. Windows 10 full disk
- encryption <a
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
+ <li><p></strong></del></span> <span
class="inserted"><ins><em>ads.</p>
+
+ <p>We can suppose</em></ins></span> Microsoft <span
class="inserted"><ins><em>look at users' files for the US government
+ on demand, though the “privacy policy” does not explicitly
+ say so. Will it look at users' files for the Chinese government
+ on demand?</p>
+ </li>
+
+ <li id="M201506170">
+ <p>Microsoft</em></ins></span> uses Windows 10's “privacy
policy”
+ to overtly impose a “right” to look at
+ users' files at any time. Windows 10 full disk encryption <a
+
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
gives Microsoft a key</a>.</p>
- <p>Thus, Windows is overt malware in regard to surveillance,
- as in other issues.</p>
+ <p>Thus, Windows is overt malware in regard to surveillance, as in
+ other issues.</p>
- <p>We can suppose Microsoft look at users' files for the US government
on
- demand, though the “privacy policy” does not explicit say so.
Will it
- look at users' files for the Chinese government on demand?</p>
+ <p>We can suppose Microsoft look at users' files for the US
government
+ on demand, though the “privacy policy” does not explicit
+ say so. Will it look at users' files for the Chinese government
+ on demand?</p>
- <p>The unique “advertising ID” for each user enables other
companies to
- track the browsing of each specific user.</p>
+ <p>The unique “advertising ID” for each user enables
+ other companies to track the browsing of each specific user.</p>
<p>It's as if Microsoft has deliberately chosen to make Windows 10
maximally evil on every dimension; to make a grab for total power
- over anyone that doesn't drop Windows now.</p></li>
+ over anyone that doesn't drop Windows <span
class="removed"><del><strong>now.</p></li>
+
+ <li><p>It</strong></del></span> <span
class="inserted"><ins><em>now.</p>
+ </li>
- <li><p>It only gets worse with time.
- <a
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
+ <li id="M201410040">
+ <p>It</em></ins></span> only gets worse with time. <a
+
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
Windows 10 requires users to give permission for total
snooping</a>,
including their files, their commands, their text input, and their
voice input.</p>
</li>
- <li><p><a
href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
- Windows 8.1 snoops on local searches.</a>.</p>
+ <span class="removed"><del><strong><li><p><a
href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201401150">
+ <p id="baidu-ime"><a
+
href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
+ Baidu's Japanese-input and Chinese-input apps spy on
users</a>.</p>
+ </li>
+
+ <li id="M201307080">
+ <p>Spyware in older versions of Windows: <a
+
href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
+ Windows Update snoops on the user</a>. <a
+
href="https://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"></em></ins></span>
+ Windows 8.1 snoops on local <span
class="removed"><del><strong>searches.</a>.</p>
</li>
- <li><p>And there's a
- <a href="http://www.marketoracle.co.uk/Article40836.html">
- secret NSA key in Windows</a>, whose functions we don't
know.</p>
+ <li><p>And</strong></del></span> <span
class="inserted"><ins><em>searches</a>. And</em></ins></span> there's a
<a
+ href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
+ key in Windows</a>, whose functions we don't know.</p>
</li>
- <li>HP's proprietary
+ <span class="removed"><del><strong><li>HP's proprietary
operating system <a
href="http://www.bbc.com/news/technology-42309371">includes
- a proprietary keyboard driver with a key logger in it</a>.</li>
+ a proprietary keyboard driver with a key logger in
it</a>.</li></strong></del></span>
</ul>
+
<p>Microsoft's snooping on users did not start with Windows 10.
There's a lot more <a href="/proprietary/malware-microsoft.html">
Microsoft malware</a>.</p>
<div class="big-subsection">
- <h4 id="SpywareInMacOS">Spyware in MacOS</h4>
+ <h4 <span class="removed"><del><strong>id="SpywareInMacOS">Spyware in
MacOS</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInMacOS">MacOS</h4></em></ins></span>
<span class="anchor-reference-id">(<a
href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
</div>
-<ul>
+<span class="removed"><del><strong><ul>
<li><p><a
href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
MacOS automatically sends to Apple servers unsaved documents being
- edited</a>. The <a
-
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
- things you have not decided to save are even more sensitive than
- the things you have stored in files</a>.</p>
- </li>
+ edited</a>. The</strong></del></span>
- <li><p>Apple has made various
- <a
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201809070">
+ <p>Adware Doctor, an ad blocker for MacOS,</em></ins></span> <a
+ <span
class="removed"><del><strong>href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
+ things you have not decided to save are even more sensitive
than</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports</em></ins></span>
+ the <span class="removed"><del><strong>things you have stored in
files</a>.</p></strong></del></span> <span
class="inserted"><ins><em>user's browsing
history</a>.</p></em></ins></span>
+ </li>
+
+ <span
class="removed"><del><strong><li><p>Apple</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201411040">
+ <p>Apple</em></ins></span> has made various <a
+
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
MacOS programs send files to Apple servers without asking
- permission</a>. This exposes the files to Big Brother and perhaps
to
- other snoops.</p>
+ permission</a>. This exposes the files to Big Brother and perhaps
+ to other snoops.</p>
<p>It also demonstrates how you can't trust proprietary software,
- because even if today's version doesn't have a malicious
- functionality, tomorrow's version might add it. The developer won't
- remove the malfeature unless many users push back hard, and the users
- can't remove it themselves.</p>
+ because even if today's version doesn't have a malicious functionality,
+ tomorrow's version might add it. The developer won't remove the
+ malfeature unless many users push back hard, and the users can't
+ remove it themselves.</p>
</li>
- <li><p>Various operations in
+ <span class="removed"><del><strong><li><p>Various operations in
<a
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
- the latest MacOS send reports to Apple</a> servers.</p>
+ the latest</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201410300">
+ <p></em></ins></span> MacOS <span class="removed"><del><strong>send
reports</strong></del></span> <span class="inserted"><ins><em>automatically
<a
+
href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
+ sends</em></ins></span> to <span
class="removed"><del><strong>Apple</a>
servers.</p></strong></del></span> <span class="inserted"><ins><em>Apple
servers unsaved documents being edited</a>. The
+ things you have not decided to save are <a
+
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
+ even more sensitive</a> than the things you have stored in
files.</p></em></ins></span>
</li>
- <li><p>Apple admits the
- <a
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
- spying in a search facility</a>, but there's a lot
- <a href="https://github.com/fix-macosx/yosemite-phone-home">
- more snooping that Apple has not talked about</a>.</p>
+ <span
class="removed"><del><strong><li><p>Apple</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201410220">
+ <p>Apple</em></ins></span> admits the <a
+
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
+ spying in a search facility</a>, but there's a lot <a
+ href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping
+ that Apple has not talked about</a>.</p>
</li>
- <li><p><a
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ <span
class="removed"><del><strong><li><p><a</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201410200">
+ <p>Various operations in <a
+
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
+ the latest MacOS send reports to Apple</a> servers.</p>
+ </li>
+
+ <li id="M201401101">
+ <p><a</em></ins></span>
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
Spotlight search</a> sends users' search terms to Apple.</p>
</li>
</ul>
+
<p>There's a lot more <a href="#SpywareIniThings">iThing
spyware</a>, and
<a href="/proprietary/malware-apple.html">Apple
malware</a>.</p>
<div class="big-subsection">
- <h4 id="SpywareInAndroid">Spyware in Android</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
+ <span class="inserted"><ins><em><span
id="SpywareAtLowLevel"></span></em></ins></span>
+ <h4 <span class="removed"><del><strong>id="SpywareInAndroid">Spyware
in Android</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInBIOS">BIOS</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInAndroid">#SpywareInAndroid</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInBIOS">#SpywareInBIOS</a>)</span></em></ins></span>
</div>
-<ul>
+<span class="removed"><del><strong><ul>
<li>
- <span class="inserted"><ins><em><p>More
- than <a
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
- of the 5,855 Android apps studied by researchers were found to
- snoop and collect information about its users</a>. 40% of the
- apps were found to insecurely snitch on its users. Furthermore,
- they could detect only some methods of snooping, in these
- proprietary apps whose source code they cannot look at. The other
- apps might be snooping in other ways.</p>
-
- <p>This is evidence that proprietary apps generally work against
- their users. To protect their privacy and freedom, Android users need
- to get rid of the proprietary software—both proprietary Android
- by <a href="https://replicant.us">switching to Replicant</a>,
and
- the proprietary apps by getting apps from the free software
- only <a href="https://f-droid.org/">F-Droid store</a>
- that <a href="https://f-droid.org/wiki/page/Antifeatures">
- prominently warns the user if an app contains
- anti-features</a>.</p>
-</li>
-
-<li></em></ins></span>
<p>20 dishonest Android apps
recorded <a
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
- calls and sent them and text messages and emails to
+ calls and sent them and text messages</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201509220">
+ <p><a
+
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+ Lenovo stealthily installed crapware</em></ins></span> and <span
class="removed"><del><strong>emails to
snoopers</a>.</p>
- <p>Google did not intend to make these apps spy; on the contrary, it
- worked in various ways to prevent that, and deleted these apps
+ <p>Google</strong></del></span> <span
class="inserted"><ins><em>spyware via
+ BIOS</a> on Windows installs. Note that the specific
+ sabotage method Lenovo used</em></ins></span> did not <span
class="removed"><del><strong>intend</strong></del></span> <span
class="inserted"><ins><em>affect GNU/Linux; also, a
+ “clean” Windows install is not really clean since <a
+ href="/proprietary/malware-microsoft.html">Microsoft puts in its
+ own malware</a>.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInTelephones">All “Smart” Phones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201601110">
+ <p>The natural extension of monitoring
+ people through “their” phones is <a
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ proprietary software</em></ins></span> to make <span
class="removed"><del><strong>these apps spy; on</strong></del></span> <span
class="inserted"><ins><em>sure they can't “fool”</em></ins></span>
+ the <span class="removed"><del><strong>contrary, it
+ worked in various ways</strong></del></span> <span
class="inserted"><ins><em>monitoring</a>.</p>
+ </li>
+
+ <li id="M201510050">
+ <p>According</em></ins></span> to <span
class="removed"><del><strong>prevent that,</strong></del></span> <span
class="inserted"><ins><em>Edward Snowden, <a
+ href="http://www.bbc.com/news/uk-34444233">agencies can take over
+ smartphones</a> by sending hidden text messages which enable
+ them to turn the phones on</em></ins></span> and <span
class="removed"><del><strong>deleted these apps
after discovering what they did. So we cannot blame Google
- specifically for the snooping of these apps.</p>
+ specifically for</strong></del></span> <span
class="inserted"><ins><em>off, listen to</em></ins></span> the <span
class="removed"><del><strong>snooping of these apps.</p>
- <p>On the other hand, Google redistributes nonfree Android apps, and
- therefore shares in the responsibility for the injustice of their
- being nonfree. It also distributes its own nonfree apps, such as
+ <p>On</strong></del></span> <span class="inserted"><ins><em>microphone,
+ retrieve geo-location data from</em></ins></span> the <span
class="removed"><del><strong>other hand, Google redistributes nonfree Android
apps,</strong></del></span> <span class="inserted"><ins><em>GPS, take
photographs, read
+ text messages, read call, location</em></ins></span> and
+ <span class="removed"><del><strong>therefore shares
in</strong></del></span> <span class="inserted"><ins><em>web browsing history,
and
+ read</em></ins></span> the <span
class="removed"><del><strong>responsibility for</strong></del></span> <span
class="inserted"><ins><em>contact list. This malware is designed to disguise
itself
+ from investigation.</p>
+ </li>
+
+ <li id="M201311120">
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via</em></ins></span>
+ the <span class="removed"><del><strong>injustice of their
+ being nonfree.</strong></del></span> <span
class="inserted"><ins><em>universal back door that we know nearly all portable
+ phones have.</em></ins></span> It <span class="removed"><del><strong>also
distributes its own nonfree apps, such as
Google
- Play, <a
href="/philosophy/free-software-even-more-important.html">which
- are malicious</a>.</p>
+ Play, <a
href="/philosophy/free-software-even-more-important.html">which</strong></del></span>
<span class="inserted"><ins><em>may involve exploiting various bugs.
There</em></ins></span> are <span
class="removed"><del><strong>malicious</a>.</p>
- <p>Could Google have done a better job of preventing apps from
+ <p>Could Google have done a better job</strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots</em></ins></span> of <span class="removed"><del><strong>preventing
apps from
cheating? There is no systematic way for Google, or Android
users, to inspect executable proprietary apps to see what they
do.</p>
- <p>Google could demand the source code for these apps, and study the
- source code somehow to determine whether they mistreat users in
- various ways. If it did a good job of this, it could more or less
- prevent such snooping, except when the app developers are clever
- enough to outsmart the checking.</p>
+ <p>Google could demand</strong></del></span> <span
class="inserted"><ins><em>bugs in</em></ins></span> the <span
class="removed"><del><strong>source code for these apps,</strong></del></span>
<span class="inserted"><ins><em>phones' radio software</a>.</p>
+ </li>
+
+ <li id="M201307000">
+ <p>Portable phones with GPS <a
+
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+ will send their GPS location on remote command,</em></ins></span> and
<span class="removed"><del><strong>study the
+ source code somehow to determine whether they
mistreat</strong></del></span> users <span class="removed"><del><strong>in
+ various ways. If it did a good job of this,</strong></del></span> <span
class="inserted"><ins><em>cannot stop
+ them</a>. (The US says</em></ins></span> it <span
class="removed"><del><strong>could more or less
+ prevent such snooping, except when</strong></del></span> <span
class="inserted"><ins><em>will eventually require all new portable phones
+ to have GPS.)</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareIniThings">iThings</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201711250">
+ <p>The DMCA and</em></ins></span> the <span
class="removed"><del><strong>app developers are clever
+ enough</strong></del></span> <span class="inserted"><ins><em>EU Copyright
Directive make it <a
+ href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
+ illegal</em></ins></span> to <span
class="removed"><del><strong>outsmart</strong></del></span> <span
class="inserted"><ins><em>study how iOS cr…apps spy on users</a>,
because
+ this would require circumventing</em></ins></span> the <span
class="removed"><del><strong>checking.</p>
<p>But since Google itself develops malicious apps, we cannot trust
- Google to protect us. We must demand release of source code to the
- public, so we can depend on each other.</p>
-</li>
-<li>
- <p>A
- <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ Google</strong></del></span> <span class="inserted"><ins><em>iOS
DRM.</p>
+ </li>
+
+ <li id="M201709210">
+ <p>In the latest iThings system,
+ “turning off” WiFi and Bluetooth the obvious way <a
+
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
+ doesn't really turn them off</a>. A more advanced way really does
turn
+ them off—only until 5am. That's Apple for you—“We
+ know you want to be spied on”.</p>
+ </li>
+
+ <li id="M201702150">
+ <p>Apple proposes <a
+
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
+ fingerprint-scanning touch screen</a>—which would mean no
way</em></ins></span>
+ to <span class="removed"><del><strong>protect us. We must demand release
of source code</strong></del></span> <span class="inserted"><ins><em>use it
without having your fingerprints taken. Users would have
+ no way</em></ins></span> to <span class="inserted"><ins><em>tell
whether</em></ins></span> the
+ <span class="removed"><del><strong>public, so we can
depend</strong></del></span> <span class="inserted"><ins><em>phone is
snooping</em></ins></span> on <span class="removed"><del><strong>each
other.</p></strong></del></span> <span
class="inserted"><ins><em>them.</p></em></ins></span>
+ </li>
+<span class="removed"><del><strong><li>
+ <p>A</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201611170">
+ <p>iPhones</em></ins></span> <a <span
class="removed"><del><strong>href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
research paper</a> that investigated the privacy and security
of 283 Android VPN apps concluded that “in spite of the
promises for privacy, security, and anonymity given by the
@@ -422,95 +652,193 @@
VPN apps.”</p>
<p>Following is a non-exhaustive list of proprietary VPN apps from
- the research paper that tracks and infringes the privacy of
- users:</p>
+ the research paper that tracks and infringes the
privacy</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
+ lots</em></ins></span> of
+ <span class="removed"><del><strong>users:</p>
<dl>
<dt>SurfEasy</dt>
<dd>Includes tracking libraries such as NativeX and Appflood,
- meant to track users and show them targeted ads.</dd>
+ meant</strong></del></span> <span class="inserted"><ins><em>personal
data</em></ins></span> to <span class="removed"><del><strong>track users and
show</strong></del></span> <span class="inserted"><ins><em>Apple's
servers</a>. Big Brother can get</em></ins></span>
+ them <span class="removed"><del><strong>targeted ads.</dd>
<dt>sFly Network Booster</dt>
<dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
- permissions upon installation, meaning it has full access to
- users' text messages.</dd>
+ permissions upon installation, meaning it has full
access</strong></del></span> <span class="inserted"><ins><em>from
there.</p>
+ </li>
+
+ <li id="M201509240">
+ <p>iThings automatically upload</em></ins></span> to
+ <span class="removed"><del><strong>users' text messages.</dd>
<dt>DroidVPN and TigerVPN</dt>
- <dd>Requests the <code>READ_LOGS</code> permission to
read logs
- for other apps and also core system logs. TigerVPN developers
+ <dd>Requests</strong></del></span> <span
class="inserted"><ins><em>Apple's servers all</em></ins></span> the <span
class="removed"><del><strong><code>READ_LOGS</code> permission to
read logs
+ for other apps</strong></del></span> <span
class="inserted"><ins><em>photos</em></ins></span>
+ and <span class="removed"><del><strong>also core system logs. TigerVPN
developers
have confirmed this.</dd>
<dt>HideMyAss</dt>
- <dd>Sends traffic to LinkedIn. Also, it stores detailed logs
- and may turn them over to the UK government if
+ <dd>Sends traffic to LinkedIn. Also, it</strong></del></span> <span
class="inserted"><ins><em>videos they make.</p>
+
+ <blockquote><p> iCloud Photo Library</em></ins></span> stores
<span class="removed"><del><strong>detailed logs</strong></del></span> <span
class="inserted"><ins><em>every photo</em></ins></span> and <span
class="removed"><del><strong>may turn</strong></del></span> <span
class="inserted"><ins><em>video you
+ take, and keeps</em></ins></span> them <span
class="removed"><del><strong>over to the UK government if
requested.</dd>
<dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into the HTML pages returned to the
- users. The stated purpose of the JS injection is to display
- ads. Uses roughly 5 tracking libraries. Also, it redirects the
+ <dd>Injects JavaScript code into the HTML pages
returned</strong></del></span> <span
class="inserted"><ins><em>up</em></ins></span> to <span
class="inserted"><ins><em>date on all your devices. Any edits you
+ make are automatically updated everywhere. […]
</p></blockquote>
+
+ <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated
by</em></ins></span> the
+ <span class="removed"><del><strong>users. The stated
purpose</strong></del></span>
+ <span class="inserted"><ins><em>startup</em></ins></span> of <span
class="removed"><del><strong>the JS injection</strong></del></span> <span
class="inserted"><ins><em>iOS</a>. The term “cloud” means
“please
+ don't ask where.”</p>
+
+ <p>There</em></ins></span> is <span class="inserted"><ins><em>a
way</em></ins></span> to <span class="removed"><del><strong>display
+ ads. Uses roughly 5 tracking libraries. Also,</strong></del></span>
+ <span class="inserted"><ins><em><a
href="https://support.apple.com/en-us/HT201104"> deactivate
+ iCloud</a>, but it's active by default so</em></ins></span> it <span
class="removed"><del><strong>redirects the
user's traffic through valueclick.com (an advertising
website).</dd>
<dt>WiFi Protector VPN</dt>
<dd>Injects JavaScript code into HTML pages, and also uses
- roughly 5 tracking libraries. Developers of this app have
+ roughly 5 tracking libraries. Developers</strong></del></span> <span
class="inserted"><ins><em>still counts as a
+ surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage</em></ins></span> of
this <span class="removed"><del><strong>app have
confirmed that the non-premium version of the app does
JavaScript injection for tracking and display ads.</dd>
</dl>
</li>
<li>
- <p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90% of the top-ranked gratis
+ <p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90%</strong></del></span> <span
class="inserted"><ins><em>to <a
+
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos</em></ins></span> of <span class="removed"><del><strong>the
top-ranked gratis
proprietary Android apps contained recognizable tracking libraries. For
the paid proprietary apps, it was only 60%.</p>
- <p>The article confusingly describes gratis apps as “free”,
- but most of them are not in fact
- <a href="/philosophy/free-sw.html">free software</a>.
+ <p>The article confusingly describes gratis apps as
“free”,</strong></del></span> <span class="inserted"><ins><em>many
celebrities</a>. They needed to break Apple's
+ security to get at them,</em></ins></span> but <span
class="removed"><del><strong>most</strong></del></span> <span
class="inserted"><ins><em>NSA can access any</em></ins></span> of them <span
class="removed"><del><strong>are not in fact</strong></del></span> <span
class="inserted"><ins><em>through</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>.
It also uses the ugly word “monetize”. A good replacement
for that word is “exploit”; nearly always that will fit
- perfectly.</p>
-</li>
+ perfectly.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p></em></ins></span>
+ </li>
-<li>
- <p>Apps for BART
- <a
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
+<span class="removed"><del><strong><li>
+ <p>Apps</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201409220">
+ <p>Apple can, and regularly does, <a
+
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones</em></ins></span> for <span
class="removed"><del><strong>BART</strong></del></span> <span
class="inserted"><ins><em>the state</a>.</p>
+
+ <p>This may have improved with</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
<p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
<p>With proprietary apps, one can only hope that they don't.</p>
</li>
<li>
- <p>A study found 234 Android apps that track users by
- <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ <p>A study found 234 Android apps that track users
by</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html">
+ iOS 8 security improvements</a>; but</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
to ultrasound from beacons placed in stores or played by TV
programs</a>.
- </p>
-
-</li>
-
-<li>
- <p>Pairs of Android apps can collude to transmit users' personal
- data to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
- tens of thousands of pairs that collude</a>.</p>
-</li>
+ </p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
+ not as much as Apple claims</a>.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
+ <p>Pairs</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201407230">
+ <p><a
+
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features”</em></ins></span> of <span
class="removed"><del><strong>Android apps can collude to transmit users'
personal
+ data</strong></del></span> <span class="inserted"><ins><em>iOS
seem</em></ins></span> to <span
class="removed"><del><strong>servers.</strong></del></span> <span
class="inserted"><ins><em>exist
+ for no possible purpose other than surveillance</a>. Here is
the</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands of pairs that
collude</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></em></ins></span>
+ </li>
+
+<span class="removed"><del><strong><li>
+<p>Google Play intentionally sends app developers</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201401100">
+ <p>The</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></strong></del></span>
<span class="inserted"><ins><em>class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly where</em></ins></span>
the <span class="removed"><del><strong>personal details of users that
install</strong></del></span> <span class="inserted"><ins><em>iThing is, and
+ get other info too.</p>
+ </li>
-<li>
-<p>Google Play intentionally sends app developers <a
-href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
-the personal details of users that install the app</a>.</p>
+ <li id="M201312300">
+ <p><a
+
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps</em></ins></span> the <span
class="removed"><del><strong>app</a>.</p>
-<p>Merely asking the “consent” of users is not enough
+<p>Merely asking</strong></del></span> <span
class="inserted"><ins><em>NSA snoop on all</em></ins></span> the <span
class="removed"><del><strong>“consent” of
users</strong></del></span> <span class="inserted"><ins><em>data in an iThing,
or it</em></ins></span>
+ is <span class="removed"><del><strong>not enough
to legitimize actions like this. At this point, most users have
-stopped reading the “Terms and Conditions” that spell out
+stopped reading the “Terms and Conditions”</strong></del></span>
<span class="inserted"><ins><em>totally incompetent</a>.</p>
+ </li>
+
+ <li id="M201308080">
+ <p>The iThing also <a
+
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though</em></ins></span>
that <span class="removed"><del><strong>spell out
what they are “consenting” to. Google should clearly
-and honestly identify the information it collects on users, instead
-of hiding it in an obscurely worded EULA.</p>
+and honestly identify the information it collects on</strong></del></span>
<span class="inserted"><ins><em>can be
+ turned off.</p>
+ </li>
-<p>However, to truly protect people's privacy, we must prevent Google
-and other companies from getting this personal information in the first
-place!</p>
-</li>
+ <li id="M201210170">
+ <p>There is also a feature for web sites to track</em></ins></span>
users, <span class="removed"><del><strong>instead
+of hiding</strong></del></span> <span class="inserted"><ins><em>which is <a
+
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6,
but</em></ins></span> it <span class="inserted"><ins><em>is
+ still true</em></ins></span> in <span class="inserted"><ins><em>iOS
7.)</p>
+ </li>
+
+ <li id="M201204280">
+ <p>Users cannot make</em></ins></span> an <span
class="removed"><del><strong>obscurely worded EULA.</p>
+
+<p>However,</strong></del></span> <span class="inserted"><ins><em>Apple
ID (<a
+
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary</em></ins></span>
+ to <span class="removed"><del><strong>truly protect people's privacy, we
must prevent Google</strong></del></span> <span
class="inserted"><ins><em>install even gratis apps</a>) without giving a
valid
+ email address</em></ins></span> and <span
class="removed"><del><strong>other companies from getting this personal
information in</strong></del></span> <span class="inserted"><ins><em>receiving
the verification code Apple sends
+ to it.</p>
+ </li>
+</ul>
- <li>
+
+<div class="big-subsection">
+ <h4 id="SpywareInAndroid">Android Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201711210">
+ <p>Android tracks location for Google <a
+
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ even when “location services” are turned off, even
when</em></ins></span>
+ the <span class="removed"><del><strong>first
+place!</p></strong></del></span> <span class="inserted"><ins><em>phone
has no SIM card</a>.</p>
+ </li>
+
+ <li id="M201611150">
+ <p>Some portable phones <a
+
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots of data to
China</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201609140"></em></ins></span>
<p>Google Play (a component of Android) <a
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
tracks the users' movements without their permission</a>.</p>
@@ -520,63 +848,116 @@
yet another example of nonfree software pretending to obey the user,
when it's actually doing something else. Such a thing would be almost
unthinkable with free software.</p>
-
</li>
- <li><p>More than 73% of the most popular Android apps
- <a href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral and location information</a> of their users with third
parties.</p>
- </li>
+ <span class="removed"><del><strong><li><p>More than 73% of the
most popular Android apps</strong></del></span>
- <li><p>“Cryptic communication,” unrelated to the
app's functionality,
+ <span class="inserted"><ins><em><li id="M201507030">
+ <p>Samsung phones come with</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
+ behavioral</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
+ that users can't delete</a>,</em></ins></span> and <span
class="removed"><del><strong>location information</a>
of</strong></del></span> <span class="inserted"><ins><em>they send so much data
that</em></ins></span> their <span class="removed"><del><strong>users with
third parties.</p></strong></del></span>
+ <span class="inserted"><ins><em>transmission is a substantial expense for
users. Said transmission,
+ not wanted or requested by the user, clearly must constitute spying
+ of some kind.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>“Cryptic
communication,” unrelated</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201403120">
+ <p><a href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access</em></ins></span> to <span
class="inserted"><ins><em>any file on</em></ins></span> the <span
class="removed"><del><strong>app's functionality,
was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found in the 500 most popular gratis Android apps</a>.</p>
+ found</strong></del></span> <span class="inserted"><ins><em>system.</p>
+ </li>
+
+ <li id="M201308010">
+ <p>Spyware</em></ins></span> in <span
class="removed"><del><strong>the 500 most popular gratis</strong></del></span>
Android <span class="removed"><del><strong>apps</a>.</p>
<p>The article should not have described these apps as
- “free”—they are not free software. The clear way to say
+ “free”—they are not free software.</strong></del></span>
<span class="inserted"><ins><em>phones (and Windows?
laptops):</em></ins></span> The <span class="removed"><del><strong>clear way to
say
“zero price” is “gratis.”</p>
- <p>The article takes for granted that the usual analytics tools are
- legitimate, but is that valid? Software developers have no right to
- analyze what users are doing or how. “Analytics” tools that
snoop are
- just as wrong as any other snooping.</p>
+ <p>The</strong></del></span> <span class="inserted"><ins><em>Wall
Street
+ Journal (in an</em></ins></span> article <span
class="removed"><del><strong>takes for granted</strong></del></span> <span
class="inserted"><ins><em>blocked from us by a paywall)
reports</em></ins></span> that <span class="inserted"><ins><em><a
+
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"></em></ins></span>
+ the <span class="removed"><del><strong>usual analytics tools are
+ legitimate, but</strong></del></span> <span class="inserted"><ins><em>FBI
can remotely activate the GPS and microphone in Android phones
+ and laptops</a>. (I suspect this means Windows laptops.) Here is
<a
+ href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li id="M201307280">
+ <p>Spyware</em></ins></span> is <span
class="inserted"><ins><em>present in some Android devices when they are
+ sold. Some Motorola phones, made when this company was owned
+ by Google, use a modified version of Android</em></ins></span> that <span
class="removed"><del><strong>valid? Software</strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ sends personal data to Motorola</a>.</p>
+ </li>
+
+ <li id="M201307250">
+ <p>A Motorola phone <a
+
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
+ </li>
+
+ <li id="M201302150">
+ <p>Google Play intentionally sends app</em></ins></span> developers
<span class="removed"><del><strong>have no right</strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
+
+ <p>Merely asking the “consent” of users is not
enough</em></ins></span> to
+ <span class="removed"><del><strong>analyze what</strong></del></span>
+ <span class="inserted"><ins><em>legitimize actions like this. At this
point, most</em></ins></span> users <span class="removed"><del><strong>are
doing or how. “Analytics” tools</strong></del></span> <span
class="inserted"><ins><em>have stopped
+ reading the “Terms and Conditions”</em></ins></span> that
<span class="removed"><del><strong>snoop</strong></del></span> <span
class="inserted"><ins><em>spell out what
+ they</em></ins></span> are
+ <span class="removed"><del><strong>just as wrong as any other
snooping.</p>
</li>
<li><p>Gratis Android apps (but not <a
href="/philosophy/free-sw.html">free software</a>)
connect to 100
- <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs,
- on the average.</p>
- </li>
- <li><p>Spyware is present in some Android devices when they are
sold.
- Some Motorola phones modify Android to
- <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send personal data to Motorola</a>.</p>
- </li>
-
- <li><p>Some manufacturers add a
- <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier
IQ.</a></p>
+ <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking</strong></del></span>
<span class="inserted"><ins><em>“consenting” to. Google should
clearly</em></ins></span> and <span
class="removed"><del><strong>advertising</a> URLs,
+ on</strong></del></span>
+ <span class="inserted"><ins><em>honestly identify</em></ins></span> the
<span class="removed"><del><strong>average.</p>
+ </li>
+ <li><p>Spyware is present</strong></del></span> <span
class="inserted"><ins><em>information it collects on users, instead of
+ hiding it</em></ins></span> in <span class="removed"><del><strong>some
Android devices when they are sold.
+ Some Motorola phones modify Android</strong></del></span> <span
class="inserted"><ins><em>an obscurely worded EULA.</p>
+
+ <p>However,</em></ins></span> to
+ <span class="removed"><del><strong><a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ send</strong></del></span> <span class="inserted"><ins><em>truly protect
people's privacy, we must prevent Google
+ and other companies from getting this</em></ins></span> personal <span
class="removed"><del><strong>data to
Motorola</a>.</p></strong></del></span> <span
class="inserted"><ins><em>information in the
+ first place!</p></em></ins></span>
+ </li>
+
+ <span
class="removed"><del><strong><li><p>Some</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201111170">
+ <p>Some</em></ins></span> manufacturers add a <a
+
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier <span
class="removed"><del><strong>IQ.</a></p>
</li>
<li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access to any file on the
system.</p>
+ Samsung's back door</a> provides access to any file on the
system.</p></strong></del></span> <span
class="inserted"><ins><em>IQ</a>.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareOnMobiles -->
+<span class="removed"><del><strong><!-- #SpywareOnMobiles -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
<div class="big-section">
<h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
-<div style="clear: left;"></div>
+<div style="clear: left;"></div></strong></del></span>
<div class="big-subsection">
- <h4 id="SpywareIniThings">Spyware in iThings</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareIniThings">Spyware
in iThings</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInElectronicReaders">E-Readers</h4></em></ins></span>
+ <span <span
class="removed"><del><strong>class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>
<ul>
@@ -597,95 +978,186 @@
<li><p>Apple proposes
<a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
— which would mean no way to use it without having your
fingerprints
- taken. Users would have no way to tell whether the phone is snooping on
- them.</p></li>
+ taken. Users would have no way to tell whether the phone is
snooping</strong></del></span> <span
class="inserted"><ins><em>class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
+</div>
- <li><p>iPhones <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send</strong></del></span>
<span
class="inserted"><ins><em>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send</em></ins></span>
- lots of personal data to Apple's servers</a>. Big Brother can
- get them from there.</p>
+<ul class="blurbs">
+ <li id="M201603080">
+ <p>E-books can contain JavaScript code, and <a
+
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
+ sometimes this code snoops</em></ins></span> on
+ <span class="removed"><del><strong>them.</p></li>
+
+ <li><p>iPhones</strong></del></span> <span
class="inserted"><ins><em>readers</a>.</p>
</li>
- <li><p>The iMessage app on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number that the user types into it</a>; the
server records these numbers for at least 30
- days.</p>
+ <li id="M201410080">
+ <p>Adobe made “Digital Editions,”
+ the e-reader used by most US libraries,</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send</em></ins></span> lots of <span
class="removed"><del><strong>personal</strong></del></span> data to <span
class="removed"><del><strong>Apple's servers</a>. Big Brother can
+ get them from there.</p></strong></del></span> <span
class="inserted"><ins><em>Adobe</a>. Adobe's “excuse”: it's
+ needed to check DRM!</p></em></ins></span>
</li>
- <li><p>Users cannot make an Apple ID <a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
-<span
class="inserted"><ins><em>href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">
- (necessary</em></ins></span> to install even gratis apps)</a>
- without giving a valid email address and receiving the code Apple
- sends to it.</p>
+ <span class="removed"><del><strong><li><p>The iMessage app on
iThings</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212031">
+ <p>The Electronic Frontier Foundation has examined and
found</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that the user types into
it</a>;</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">various
+ kinds of surveillance in</em></ins></span> the <span
class="removed"><del><strong>server records these numbers for at least 30
+ days.</p></strong></del></span> <span
class="inserted"><ins><em>Swindle and other
e-readers</a>.</p></em></ins></span>
</li>
- <li><p>Around 47% of the most popular iOS apps
- <a class="not-a-duplicate"
+ <span class="removed"><del><strong><li><p>Users cannot make an
Apple ID</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212030">
+ <p>Spyware in many e-readers—not only the
Kindle:</em></ins></span> <a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">
they
+ report</em></ins></span> even <span class="removed"><del><strong>gratis
apps)</a>
+ without giving a valid email address and receiving</strong></del></span>
<span class="inserted"><ins><em>which page</em></ins></span> the <span
class="removed"><del><strong>code Apple
+ sends to it.</p></strong></del></span> <span
class="inserted"><ins><em>user reads at what
time</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>Around 47% of the most
popular iOS</strong></del></span>
+<span class="inserted"><ins><em></ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareInApplications">Spyware in Applications</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareInApplications">#SpywareInApplications</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInMobileApps">Mobile Apps</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201808030">
+ <p>Some Google</em></ins></span> apps <span
class="inserted"><ins><em>on Android</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral and location information</a> of their users with third
parties.</p>
+ behavioral and</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
+ record the user's</em></ins></span> location <span
class="removed"><del><strong>information</a></strong></del></span> <span
class="inserted"><ins><em>even when users disable “location
+ tracking”</a>.</p>
+
+ <p>There are other ways to turn off the other
kinds</em></ins></span> of <span
class="removed"><del><strong>their</strong></del></span> <span
class="inserted"><ins><em>location
+ tracking, but most</em></ins></span> users <span
class="removed"><del><strong>with third
parties.</p></strong></del></span> <span class="inserted"><ins><em>will
be tricked by the misleading control.</p></em></ins></span>
</li>
- <li><p>iThings automatically upload to Apple's servers all the
photos and
+ <span class="removed"><del><strong><li><p>iThings automatically
upload to Apple's servers all</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201806110">
+ <p>The Spanish football streaming app <a
+
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks</em></ins></span>
+ the <span class="removed"><del><strong>photos and
videos they make.</p>
<blockquote><p>
- iCloud Photo Library stores every photo and video you take,
- and keeps them up to date on all your devices.
+ iCloud Photo Library stores every photo and video you
take,</strong></del></span> <span class="inserted"><ins><em>user's
movements</em></ins></span> and <span class="removed"><del><strong>keeps them
up to date on all your devices.
Any edits you make are automatically updated everywhere. [...]
</p></blockquote>
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
information</a> as accessed on 24 Sep 2015.) The iCloud feature is
- <a href="https://support.apple.com/en-us/HT202033">activated by the
- startup of iOS</a>. The term “cloud” means
+ <a href="https://support.apple.com/en-us/HT202033">activated
by</strong></del></span> <span class="inserted"><ins><em>listens
through</em></ins></span> the
+ <span class="removed"><del><strong>startup of iOS</a>. The term
“cloud” means
“please don't ask where.”</p>
- <p>There is a way to <a
href="https://support.apple.com/en-us/HT201104">
- deactivate iCloud</a>, but it's active by default so it still
counts as a
- surveillance functionality.</p>
+ <p>There</strong></del></span> <span
class="inserted"><ins><em>microphone</a>.</p>
+
+ <p>This makes them act as spies for licensing enforcement.</p>
- <p>Unknown people apparently took advantage of this to
- <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos of many celebrities</a>. They needed to break Apple's
- security to get at them, but NSA can access any of them through
+ <p>I expect it implements DRM, too—that
there</em></ins></span> is <span
class="removed"><del><strong>a</strong></del></span> <span
class="inserted"><ins><em>no</em></ins></span> way to <span
class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active by default so it still
counts as</strong></del></span> <span
class="inserted"><ins><em>save</em></ins></span>
+ a
+ <span class="removed"><del><strong>surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage of
this</strong></del></span> <span class="inserted"><ins><em>recording. But I
can't be sure from the article.</p>
+
+ <p>If you learn</em></ins></span> to <span
class="inserted"><ins><em>care much less about sports, you will benefit in
+ many ways. This is one more.</p>
+ </li>
+
+ <li id="M201804160">
+ <p>More than</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%</em></ins></span>
+ of <span class="removed"><del><strong>many celebrities</a>. They
needed</strong></del></span> <span class="inserted"><ins><em>the 5,855 Android
apps studied by researchers were found</em></ins></span> to <span
class="removed"><del><strong>break Apple's
+ security</strong></del></span> <span class="inserted"><ins><em>snoop
+ and collect information about its users</a>. 40% of the apps were
+ found</em></ins></span> to <span class="removed"><del><strong>get at them,
but NSA can access any</strong></del></span> <span
class="inserted"><ins><em>insecurely snitch on its users. Furthermore, they
could
+ detect only some methods</em></ins></span> of <span
class="removed"><del><strong>them through
<a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
</p></li>
- <li><p>Spyware in iThings:
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>snooping,</em></ins></span> in <span
class="removed"><del><strong>iThings:
the <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
iBeacon</a> lets stores determine exactly where the iThing is,
- and get other info too.</p>
+ and get</strong></del></span> <span class="inserted"><ins><em>these
proprietary apps whose
+ source code they cannot look at. The</em></ins></span> other <span
class="removed"><del><strong>info too.</p>
</li>
- <li><p>There is also a feature for web sites to track users,
which is
+ <li><p>There</strong></del></span> <span
class="inserted"><ins><em>apps might be snooping
+ in other ways.</p>
+
+ <p>This</em></ins></span> is <span class="removed"><del><strong>also
a feature for web sites</strong></del></span> <span
class="inserted"><ins><em>evidence that proprietary apps generally work against
+ their users. To protect their privacy and freedom, Android users
+ need</em></ins></span> to <span class="removed"><del><strong>track users,
which is
<a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6, but it
+ enabled</strong></del></span> <span class="inserted"><ins><em>get rid of
the proprietary software—both proprietary
+ Android</em></ins></span> by <span
class="removed"><del><strong>default</a>. (That article talks about iOS
6, but it
is still true in iOS 7.)</p>
</li>
- <li><p>The iThing also
- <a
-href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple its geolocation</a> by default, though that can be
- turned off.</p>
- </li>
+ <li><p>The iThing also</strong></del></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a></strong></del></span> <span
class="inserted"><ins><em>href="https://replicant.us">switching to
Replicant</a>,
+ and the proprietary apps</em></ins></span> by <span
class="removed"><del><strong>default, though</strong></del></span> <span
class="inserted"><ins><em>getting apps from the free software
+ only <a href="https://f-droid.org/">F-Droid
store</a></em></ins></span> that <span class="removed"><del><strong>can be
+ turned off.</p></strong></del></span> <span
class="inserted"><ins><em><a
+ href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
+ the user if an app contains
anti-features</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>Apple can, and
regularly does,</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804020">
+ <p>Grindr collects information about</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
+ which users are HIV-positive, then provides the information to
+ companies</a>.</p>
- <li><p>Apple can, and regularly does,
- <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones for the
state</a>.</p>
+ <p>Grindr should not have so much information about its users.
+ It could be designed so that users communicate such info to each
+ other but not to</em></ins></span> the <span
class="removed"><del><strong>state</a>.</p></strong></del></span>
<span class="inserted"><ins><em>server's database.</p></em></ins></span>
</li>
- <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA snoop on all the data in an iThing,
+ <span class="removed"><del><strong><li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps the NSA snoop</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201803050">
+ <p>The moviepass app and dis-service
+ spy</em></ins></span> on <span class="removed"><del><strong>all the data
in an iThing,
or it is totally incompetent.</a></p>
</li>
<li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
Several “features” of iOS seem to exist for no
- possible purpose other than surveillance</a>. Here is the
- <a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p>
+ possible purpose other</strong></del></span> <span
class="inserted"><ins><em>users even more</em></ins></span> than <span
class="removed"><del><strong>surveillance</a>. Here is
the</strong></del></span> <span class="inserted"><ins><em>users expected.
It</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel before and after going to a movie</a>.</p>
+
+ <p>Don't be tracked—pay cash!</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
@@ -694,67 +1166,125 @@
</div>
<ul>
- <li><p>Tracking software in popular Android apps is pervasive and
- sometimes very clever. Some trackers can <a
-href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
+ <li><p>Tracking</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201711240">
+ <p>Tracking</em></ins></span> software in popular Android apps
+ is pervasive and sometimes very clever. Some trackers can <a
+
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
follow a user's movements around a physical store by noticing WiFi
networks</a>.</p>
-</li>
+ </li>
- <li><p>Android tracks location for Google <a
-href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ <span class="removed"><del><strong><li><p>Android tracks
location for Google</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201708270">
+ <p>The Sarahah app</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
even when “location services” are turned off, even
- when the phone has no SIM card</a>.</p></li>
+ when the</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all</em></ins></span> phone <span class="removed"><del><strong>has
no SIM card</a>.</p></li>
<li><p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
- sold with spyware sending lots of data to
China</a>.</p></li>
+ sold with spyware sending lots of data</strong></del></span> <span
class="inserted"><ins><em>numbers and email addresses</a> in user's
address
+ book</em></ins></span> to <span
class="removed"><del><strong>China</a>.</p></li>
+
+ <li><p>According</strong></del></span> <span
class="inserted"><ins><em>developer's server. Note that this article misuses
the words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring</em></ins></span> to <span class="removed"><del><strong>Edward
Snowden,</strong></del></span> <span class="inserted"><ins><em>zero
price.</p>
+ </li>
- <li><p>According to Edward Snowden,
- <a href="http://www.bbc.com/news/uk-34444233">agencies can take
over smartphones</a>
- by sending hidden text messages which enable them to turn the phones
- on and off, listen to the microphone, retrieve geo-location data from the
+ <li id="M201707270">
+ <p>20 dishonest Android apps recorded</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
+ by sending hidden</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
+ calls and sent them and</em></ins></span> text messages <span
class="removed"><del><strong>which enable them</strong></del></span> <span
class="inserted"><ins><em>and emails to snoopers</a>.</p>
+
+ <p>Google did not intend to make these apps spy; on the contrary, it
+ worked in various ways to prevent that, and deleted these apps after
+ discovering what they did. So we cannot blame Google specifically
+ for the snooping of these apps.</p>
+
+ <p>On the other hand, Google redistributes nonfree Android apps, and
+ therefore shares in the responsibility for the injustice of their being
+ nonfree. It also distributes its own nonfree apps, such as Google Play,
+ <a href="/philosophy/free-software-even-more-important.html">which
+ are malicious</a>.</p>
+
+ <p>Could Google have done a better job of preventing apps from
+ cheating? There is no systematic way for Google, or Android
users,</em></ins></span>
+ to <span class="removed"><del><strong>turn the phones
+ on and off, listen</strong></del></span> <span
class="inserted"><ins><em>inspect executable proprietary apps</em></ins></span>
to <span class="inserted"><ins><em>see what they do.</p>
+
+ <p>Google could demand</em></ins></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location data from the
GPS, take photographs, read text messages, read call, location and web
- browsing history, and read the contact list. This malware is designed to
- disguise itself from investigation.</p>
+ browsing history,</strong></del></span> <span
class="inserted"><ins><em>source code for these apps,</em></ins></span> and
<span class="removed"><del><strong>read</strong></del></span> <span
class="inserted"><ins><em>study</em></ins></span>
+ the <span class="removed"><del><strong>contact list. This malware is
designed</strong></del></span> <span class="inserted"><ins><em>source code
somehow</em></ins></span> to
+ <span class="removed"><del><strong>disguise itself from
investigation.</p>
</li>
<li><p>Samsung phones come with
<a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,
- and they send so much data that their transmission is a
- substantial expense for users. Said transmission, not wanted or
- requested by the user, clearly must constitute spying of some
+ and</strong></del></span> <span class="inserted"><ins><em>determine
whether</em></ins></span> they <span class="removed"><del><strong>send so much
data that their transmission is</strong></del></span> <span
class="inserted"><ins><em>mistreat users in
+ various ways. If it did</em></ins></span> a
+ <span class="removed"><del><strong>substantial expense for users. Said
transmission, not wanted</strong></del></span> <span
class="inserted"><ins><em>good job of this, it could more</em></ins></span> or
+ <span class="removed"><del><strong>requested by</strong></del></span>
<span class="inserted"><ins><em>less
+ prevent such snooping, except when</em></ins></span> the <span
class="removed"><del><strong>user, clearly</strong></del></span> <span
class="inserted"><ins><em>app developers are clever
+ enough to outsmart the checking.</p>
+
+ <p>But since Google itself develops malicious apps, we cannot trust
+ Google to protect us. We</em></ins></span> must <span
class="removed"><del><strong>constitute spying</strong></del></span> <span
class="inserted"><ins><em>demand release</em></ins></span> of <span
class="removed"><del><strong>some
kind.</p></li>
<li><p>A Motorola phone
<a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all the time</a>.</p>
+ listens for voice all</strong></del></span> <span
class="inserted"><ins><em>source code to</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
+ <span class="inserted"><ins><em>public, so we can depend on each
other.</p></em></ins></span>
</li>
- <li><p>Spyware in Android phones (and Windows? laptops): The Wall
+ <span class="removed"><del><strong><li><p>Spyware in Android
phones (and Windows? laptops): The Wall
Street Journal (in an article blocked from us by a paywall)
- reports that
- <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
- the FBI can remotely activate the GPS and microphone in Android
+ reports that</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201705230">
+ <p>Apps for BART</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
+ on users</a>.</p>
+
+ <p>With free software apps, users could <em>make
sure</em> that they
+ don't snoop.</p>
+
+ <p>With proprietary apps, one</em></ins></span> can <span
class="removed"><del><strong>remotely activate the GPS and microphone in Android
phones and laptops</a>.
(I suspect this means Windows laptops.) Here is
- <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></strong></del></span> <span
class="inserted"><ins><em>only hope that they don't.</p></em></ins></span>
</li>
- <li><p>Portable phones with GPS will send their GPS location on
- remote command and users cannot stop them:
- <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
-
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
- (The US says it will eventually require all new portable phones
- to have GPS.)</p>
- </li>
+ <span class="removed"><del><strong><li><p>Portable phones with
GPS will send their GPS location on
+ remote command and</strong></del></span>
- <li><p>The nonfree Snapchat app's principal purpose is to
restrict
- the use of data on the user's computer, but it does surveillance
- too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries to get the user's list of other people's phone
- numbers.</a></p>
+ <span class="inserted"><ins><em><li id="M201705040">
+ <p>A study found 234 Android apps that track</em></ins></span> users
<span class="removed"><del><strong>cannot stop them:</strong></del></span>
<span class="inserted"><ins><em>by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require all new portable
phones</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening</em></ins></span>
+ to <span class="removed"><del><strong>have
GPS.)</p></strong></del></span> <span
class="inserted"><ins><em>ultrasound from beacons placed in stores or played by
TV
+ programs</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>The nonfree Snapchat
app's principal purpose is</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704260">
+ <p>Faceapp appears</em></ins></span> to <span
class="removed"><del><strong>restrict
+ the use</strong></del></span> <span class="inserted"><ins><em>do
lots</em></ins></span> of <span class="removed"><del><strong>data on the user's
computer, but it does surveillance
+ too:</strong></del></span> <span class="inserted"><ins><em>surveillance,
judging by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access</em></ins></span> it <span
class="removed"><del><strong>tries</strong></del></span> <span
class="inserted"><ins><em>demands</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>personal data in</em></ins></span> the <span
class="removed"><del><strong>user's list of other people's phone
+ numbers.</a></p></strong></del></span> <span
class="inserted"><ins><em>device</a>.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
@@ -763,34 +1293,15 @@
</div>
<ul>
- <span class="inserted"><ins><em><li><p>The Spanish football
streaming app
- <a
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
- the user's movements and listens through the
- microphone</a>.</p>
-
- <p>This makes them act as spies for licensing enforcement.</p>
-
- <p>I expect it implements DRM, too—that there is no way to
- save a recording. But I can't be sure from the article.</p>
-
- <p>If you learn to care much less about sports, you will benefit
- in many ways. This is one more.</p>
- </li>
-
- <li><p>Grindr collects information about <a
-
href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
- which users are HIV-positive, then provides the information to
- companies</a>.</p>
-
- <p>Grindr should not have so much information about its users.
- It could be designed so that users communicate such info to each other
- but not to the server's database.</p>
- </li></em></ins></span>
-
<li>
<p>The moviepass app and dis-service spy on users even more than
users
- expected. It <a
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
- where they travel before and after going to a movie</a>.
+ expected. It</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704190">
+ <p>Users are suing Bose for</em></ins></span> <a <span
class="removed"><del><strong>href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel before and after going to</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing</em></ins></span> a <span
class="removed"><del><strong>movie</a>.
</p>
<p>Don't be tracked — pay cash!</p>
@@ -801,234 +1312,497 @@
track your every move</a>.</p>
</li>
- <li><p>The Sarahah app
- <a
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ <li><p>The Sarahah</strong></del></span> <span
class="inserted"><ins><em>spyware</em></ins></span> app
+ <span class="removed"><del><strong><a
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
uploads all phone numbers and email addresses</a> in user's address
- book to developer's server. Note that this article misuses the words
+ book</strong></del></span> <span class="inserted"><ins><em>for its
headphones</a>. Specifically,
+ the app would record the names of the audio files users
listen</em></ins></span> to <span class="removed"><del><strong>developer's
server. Note</strong></del></span>
+ <span class="inserted"><ins><em>along with the headphone's unique serial
number.</p>
+
+ <p>The suit accuses</em></ins></span> that this <span
class="removed"><del><strong>article misuses</strong></del></span> <span
class="inserted"><ins><em>was done without</em></ins></span> the <span
class="removed"><del><strong>words
“<a href="/philosophy/free-sw.html">free
software</a>”
referring to zero price.</p>
</li>
<li>
- <p>Facebook's app listens all the time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
- on what people are listening to or watching</a>. In addition, it may
- be analyzing people's conversations to serve them with targeted
- advertisements.</p>
+ <p>Facebook's app listens all</strong></del></span> <span
class="inserted"><ins><em>users' consent.
+ If</em></ins></span> the <span class="removed"><del><strong>time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
+ on what people are listening to or watching</a>. In
addition,</strong></del></span> <span class="inserted"><ins><em>fine print of
the app said that users gave consent for this,
+ would that make</em></ins></span> it <span
class="removed"><del><strong>may</strong></del></span> <span
class="inserted"><ins><em>acceptable? No way! It should</em></ins></span> be
<span class="removed"><del><strong>analyzing people's
conversations</strong></del></span> <span class="inserted"><ins><em>flat out
<a
+ href="/philosophy/surveillance-vs-democracy.html"> illegal to design
+ the app</em></ins></span> to <span class="removed"><del><strong>serve them
with targeted
+ advertisements.</p></strong></del></span> <span
class="inserted"><ins><em>snoop at all</a>.</p></em></ins></span>
</li>
- <li>
- <p>Faceapp appears to do lots of surveillance, judging by
+ <span class="removed"><del><strong><li>
+ <p>Faceapp appears to do lots</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704074">
+ <p>Pairs</em></ins></span> of <span
class="removed"><del><strong>surveillance, judging by
<a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access it demands to personal data in the
device</a>.
- </p>
+ how much access it demands</strong></del></span> <span
class="inserted"><ins><em>Android apps can collude</em></ins></span>
+ to <span class="inserted"><ins><em>transmit users'</em></ins></span>
personal data <span class="removed"><del><strong>in the device</a>.
+ </p></strong></del></span> <span
class="inserted"><ins><em>to servers. <a
+
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
+ study found tens of thousands of pairs that
collude</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703300"></em></ins></span>
+ <p>Verizon <a
+
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
+ announced an opt-in proprietary search app that it will</a>
pre-install
+ on some of its phones. The app will give Verizon the same information
+ about the users' searches that Google normally gets when they use
+ its search engine.</p>
+
+ <p>Currently, the app is <a
+
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
+ being pre-installed on only one phone</a>, and the user must
+ explicitly opt-in before the <span class="removed"><del><strong>app takes
effect. However,</strong></del></span> <span class="inserted"><ins><em>app
takes effect. However, the app
+ remains spyware—an “optional” piece of spyware is
+ still spyware.</p>
</li>
- <li>
- <p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
- announced an opt-in proprietary search app that it will</a>
- pre-install on some of its phones. The app will give Verizon the same
- information about the users' searches that Google normally gets when
- they use its search engine.</p>
-
- <p>Currently, the app is <a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
- being pre-installed on only one phone</a>, and the
- user must explicitly opt-in before the app takes effect. However, the
- app remains spyware—an “optional” piece of spyware is
- still spyware.</p>
+ <li id="M201701210">
+ <p>The Meitu photo-editing app <a
+
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+ user data to a Chinese company</a>.</p>
+ </li>
+
+ <li id="M201611280">
+ <p>The Uber app tracks <a
+
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after the ride</a>.</p>
+
+ <p>This example illustrates how “getting the user's
+ consent” for surveillance is inadequate as a protection against
+ massive surveillance.</p>
+ </li>
+
+ <li id="M201611160">
+ <p>A <a
+
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated the privacy and security of
+ 283 Android VPN apps concluded that “in spite of the promises
+ for privacy, security, and anonymity given by the majority of VPN
+ apps—millions of users may be unawarely subject to poor security
+ guarantees and abusive practices inflicted by VPN apps.”</p>
+
+ <p>Following is a non-exhaustive list, taken from the research paper,
+ of some proprietary VPN apps that track users and infringe their
+ privacy:</p>
+
+ <dl class="compact">
+ <dt>SurfEasy</dt>
+ <dd>Includes tracking libraries such as NativeX and Appflood,
+ meant to track users and show them targeted ads.</dd>
+
+ <dt>sFly Network Booster</dt>
+ <dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
+ permissions upon installation, meaning it has full access to users'
+ text messages.</dd>
+
+ <dt>DroidVPN and TigerVPN</dt>
+ <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ for other apps and also core system logs. TigerVPN developers have
+ confirmed this.</dd>
+
+ <dt>HideMyAss</dt>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
+ may turn them over to the UK government if requested.</dd>
+
+ <dt>VPN Services HotspotShield</dt>
+ <dd>Injects JavaScript code into</em></ins></span> the
+ <span class="removed"><del><strong>app remains spyware—an
“optional” piece</strong></del></span> <span
class="inserted"><ins><em>HTML pages returned to the
+ users. The stated purpose</em></ins></span> of <span
class="removed"><del><strong>spyware</strong></del></span> <span
class="inserted"><ins><em>the JS injection</em></ins></span> is
+ <span class="removed"><del><strong>still spyware.</p>
</li>
<li><p>The Meitu photo-editing
app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user data to a Chinese company</a>.</p></li>
+ user data</strong></del></span> to <span class="removed"><del><strong>a
Chinese company</a>.</p></li>
<li><p>A pregnancy test controller application not only
can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
- on many sorts of data in the phone, and in server accounts, it can
- alter them too</a>.
- </p></li>
-
- <li><p>The Uber app tracks <a
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after the ride</a>.</p>
+ on many sorts of data in</strong></del></span> <span
class="inserted"><ins><em>display ads. Uses
+ roughly five tracking libraries. Also, it redirects</em></ins></span>
the <span class="removed"><del><strong>phone,</strong></del></span> <span
class="inserted"><ins><em>user's
+ traffic through valueclick.com (an advertising website).</dd>
- <p>This example illustrates how “getting the user's
consent”
- for surveillance is inadequate as a protection against massive
- surveillance.</p>
- </li>
+ <dt>WiFi Protector VPN</dt>
+ <dd>Injects JavaScript code into HTML pages,</em></ins></span> and
<span class="removed"><del><strong>in server accounts, it can
+ alter them too</a>.
+ </p></li>
- <li><p>Google's new voice messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ <li><p>The Uber</strong></del></span> <span
class="inserted"><ins><em>also uses roughly
+ five tracking libraries. Developers of this</em></ins></span> app <span
class="removed"><del><strong>tracks <a
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after</strong></del></span> <span
class="inserted"><ins><em>have confirmed that</em></ins></span>
+ the <span class="removed"><del><strong>ride</a>.</p>
+
+ <p>This example illustrates how
“getting</strong></del></span> <span
class="inserted"><ins><em>non-premium version of</em></ins></span> the <span
class="removed"><del><strong>user's consent”</strong></del></span> <span
class="inserted"><ins><em>app does JavaScript injection</em></ins></span> for
<span class="removed"><del><strong>surveillance is inadequate as a protection
against massive
+ surveillance.</p></strong></del></span>
+ <span class="inserted"><ins><em>tracking the user and displaying
ads.</dd>
+ </dl></em></ins></span>
+ </li>
+
+ <span
class="removed"><del><strong><li><p>Google's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201609210">
+ <p>Google's</em></ins></span> new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p>
</li>
- <li><p>Apps that include
+ <span class="removed"><del><strong><li><p>Apps that include
<a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
Symphony surveillance software snoop on what radio and TV programs
are playing nearby</a>. Also on what users post on various sites
such as Facebook, Google+ and Twitter.</p>
</li>
- <li><p>Facebook's new Magic Photo app
- <a
-href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
-scans your mobile phone's photo collections for known faces</a>,
- and suggests you to share the picture you take according to who
- is in the frame.</p>
+ <li><p>Facebook's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201606050">
+ <p>Facebook's</em></ins></span> new Magic Photo app <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"></em></ins></span>
+ scans your mobile phone's photo collections for known faces</a>,
+ and suggests you to share the picture you take according to who is
+ in the frame.</p>
<p>This spyware feature seems to require online access to some
known-faces database, which means the pictures are likely to be
sent across the wire to Facebook's servers and face-recognition
algorithms.</p>
- <p>If so, none of Facebook users' pictures are private
- anymore, even if the user didn't “upload” them to the
service.</p>
+ <p>If so, none of Facebook users' pictures are private anymore,
+ even if the user didn't “upload” them to the service.</p>
</li>
- <li><p>Like most “music screaming” disservices,
Spotify
- is based on proprietary malware (DRM and snooping). In August
- 2015 it <a
-href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit to increased snooping</a>, and some
- are starting to realize that it is nasty.</p>
+ <span class="removed"><del><strong><li><p>Like most “music
screaming” disservices, Spotify
+ is based</strong></del></span>
- <p>This article shows the <a
-href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
- twisted ways that they present snooping as a way
- to “serve” users better</a>—never mind
- whether they want that. This is a typical example of
+ <span class="inserted"><ins><em><li id="M201605310">
+ <p>Facebook's app listens all the time, <a
+
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
+ snoop</em></ins></span> on <span class="removed"><del><strong>proprietary
malware (DRM and snooping).</strong></del></span> <span
class="inserted"><ins><em>what people are listening to or
watching</a>.</em></ins></span> In <span
class="removed"><del><strong>August
+ 2015</strong></del></span> <span class="inserted"><ins><em>addition,
+ it may be analyzing people's conversations to serve them with targeted
+ advertisements.</p>
+ </li>
+
+ <li id="M201604250">
+ <p>A pregnancy test controller application not only can <a
+
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
+ spy on many sorts of data in the phone, and in server
accounts,</em></ins></span>
+ it <span class="inserted"><ins><em>can alter them too</a>.</p>
+ </li>
+
+ <li id="M201601130">
+ <p>Apps that include</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit to increased
snooping</a>,</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio</em></ins></span> and
<span class="removed"><del><strong>some</strong></del></span> <span
class="inserted"><ins><em>TV programs</em></ins></span>
+ are <span class="removed"><del><strong>starting</strong></del></span>
<span class="inserted"><ins><em>playing nearby</a>. Also on what users
post on various sites
+ such as Facebook, Google+ and Twitter.</p>
+ </li>
+
+ <li id="M201511190">
+ <p>“Cryptic communication,”
+ unrelated</em></ins></span> to <span class="removed"><del><strong>realize
that it is nasty.</p>
+
+ <p>This article shows</strong></del></span> the <span
class="inserted"><ins><em>app's functionality, was</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android apps</a>.</p>
+
+ <p>The article should not have described these
apps</em></ins></span> as <span
class="removed"><del><strong>a</strong></del></span>
+ <span class="inserted"><ins><em>“free”—they are not free
software. The clear</em></ins></span> way
+ to <span class="removed"><del><strong>“serve” users
better</a>—never mind
+ whether they want that. This</strong></del></span> <span
class="inserted"><ins><em>say “zero price”</em></ins></span> is
<span class="removed"><del><strong>a typical example of
the attitude of the proprietary software industry towards
those they have subjugated.</p>
<p>Out, out, damned Spotify!</p>
</li>
- <li><p>Many proprietary apps for mobile devices report which
other
- apps the user has
- installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible and
- optional</a>. Not as bad as what the others do.</p>
+ <li><p>Many proprietary apps</strong></del></span> <span
class="inserted"><ins><em>“gratis.”</p>
+
+ <p>The article takes</em></ins></span> for <span
class="removed"><del><strong>mobile devices report which other
+ apps</strong></del></span> <span class="inserted"><ins><em>granted
that</em></ins></span> the <span class="removed"><del><strong>user has
+ installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter</strong></del></span>
<span class="inserted"><ins><em>usual analytics tools are
+ legitimate, but</em></ins></span> is <span class="inserted"><ins><em>that
valid? Software developers have no right to
+ analyze what users are</em></ins></span> doing <span
class="removed"><del><strong>this in a way</strong></del></span> <span
class="inserted"><ins><em>or how. “Analytics”
tools</em></ins></span>
+ that <span class="removed"><del><strong>at least is visible and
+ optional</a>. Not</strong></del></span> <span
class="inserted"><ins><em>snoop are just</em></ins></span> as <span
class="removed"><del><strong>bad</strong></del></span> <span
class="inserted"><ins><em>wrong</em></ins></span> as <span
class="removed"><del><strong>what the others
do.</p></strong></del></span> <span class="inserted"><ins><em>any other
snooping.</p></em></ins></span>
</li>
- <li><p>FTC says most mobile apps for children don't respect
privacy:
+ <span class="removed"><del><strong><li><p>FTC says
most</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510300">
+ <p>More than 73% and 47% of</em></ins></span> mobile <span
class="removed"><del><strong>apps for children don't respect privacy:
<a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
</li>
- <li><p>Widely used <a
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ <li><p>Widely used</strong></del></span> <span
class="inserted"><ins><em>applications, from Android and iOS
+ respectively</em></ins></span> <a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
QR-code scanner apps snoop on the user</a>. This is in addition to
- the snooping done by the phone company, and perhaps by the OS in the
+ the snooping done by the phone company,</strong></del></span> <span
class="inserted"><ins><em>href="https://techscience.org/a/2015103001/">share
+ personal, behavioral</em></ins></span> and <span
class="removed"><del><strong>perhaps by the OS in the
phone.</p>
- <p>Don't be distracted by the question of whether the app
developers get
- users to say “I agree”. That is no excuse for
malware.</p>
+ <p>Don't be distracted by the question</strong></del></span> <span
class="inserted"><ins><em>location information</a></em></ins></span> of
<span class="removed"><del><strong>whether the app developers
get</strong></del></span> <span
class="inserted"><ins><em>their</em></ins></span> users <span
class="removed"><del><strong>to say “I agree”. That is no excuse
for malware.</p></strong></del></span> <span
class="inserted"><ins><em>with
+ third parties.</p></em></ins></span>
</li>
- <li><p>The Brightest Flashlight app
+ <span class="removed"><del><strong><li><p>The Brightest
Flashlight app
<a
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
sends user data, including geolocation, for use by
companies.</a></p>
- <p>The FTC criticized this app because it asked the user to
- approve sending personal data to the app developer but did not
- ask about sending it to other companies. This shows the
- weakness of the reject-it-if-you-dislike-snooping
+ <p>The FTC criticized this app because</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201508210">
+ <p>Like most “music screaming” disservices, Spotify is
+ based on proprietary malware (DRM and snooping). In August
2015</em></ins></span> it <span class="removed"><del><strong>asked the
user</strong></del></span> <span class="inserted"><ins><em><a
+
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit</em></ins></span> to
+ <span class="removed"><del><strong>approve sending personal
data</strong></del></span> <span class="inserted"><ins><em>increased
snooping</a>, and some are starting</em></ins></span>
+ to <span class="removed"><del><strong>the app developer but did not
+ ask about sending</strong></del></span> <span
class="inserted"><ins><em>realize that</em></ins></span> it <span
class="inserted"><ins><em>is nasty.</p>
+
+ <p>This article shows the <a
+
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as a way</em></ins></span> to
<span class="removed"><del><strong>other companies.</strong></del></span> <span
class="inserted"><ins><em>“serve”
+ users better</a>—never mind whether they want
that.</em></ins></span> This <span
class="removed"><del><strong>shows</strong></del></span> <span
class="inserted"><ins><em>is a
+ typical example of</em></ins></span> the
+ <span class="removed"><del><strong>weakness</strong></del></span> <span
class="inserted"><ins><em>attitude</em></ins></span> of the <span
class="removed"><del><strong>reject-it-if-you-dislike-snooping
“solution” to surveillance: why should a flashlight
- app send any information to anyone? A free software flashlight
- app would not.</p>
+ app send any information to anyone? A free</strong></del></span> <span
class="inserted"><ins><em>proprietary</em></ins></span> software <span
class="removed"><del><strong>flashlight
+ app would not.</p></strong></del></span> <span
class="inserted"><ins><em>industry
+ towards those they have subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Spyware in Toys</h4>
+ <h4 id="SpywareInToys">Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201506264">
+ <p><a
+
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
+ study</em></ins></span> in <span
class="removed"><del><strong>Toys</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
<ul>
<li>
- <p>A remote-control sex toy was found to make <a
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
recordings
- of the conversation between two users</a>.</p>
+ <p>A remote-control sex toy was</strong></del></span> <span
class="inserted"><ins><em>2015</a></em></ins></span> found <span
class="removed"><del><strong>to make <a
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
recordings</strong></del></span> <span class="inserted"><ins><em>that
90%</em></ins></span> of the <span class="removed"><del><strong>conversation
between two users</a>.</p>
</li>
- <li>
- <p>The “smart” toys My Friend Cayla and i-Que transmit
- <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
- a speech recognition company based in the U.S.</p>
+ <li></strong></del></span> <span class="inserted"><ins><em>top-ranked
gratis proprietary
+ Android apps contained recognizable tracking libraries. For the paid
+ proprietary apps, it was only 60%.</p></em></ins></span>
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control the toys with a mobile phone. This would
- enable crackers to listen in on a child's speech, and even speak
- into the toys themselves.</p>
- </li>
+ <p>The <span class="removed"><del><strong>“smart” toys
My Friend Cayla and i-Que transmit
+ <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
+ a speech recognition company based</strong></del></span> <span
class="inserted"><ins><em>article confusingly describes gratis apps as
+ “free”, but most of them are not</em></ins></span> in <span
class="removed"><del><strong>the U.S.</p>
- <li>
- <p>A computerized vibrator
- <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the proprietary control
app</a>.</p>
+ <p>Those toys</strong></del></span> <span
class="inserted"><ins><em>fact <a
+ href="/philosophy/free-sw.html">free software</a>.
It</em></ins></span> also <span class="removed"><del><strong>contain major
security vulnerabilities; crackers
+ can remotely control</strong></del></span> <span
class="inserted"><ins><em>uses</em></ins></span> the <span
class="removed"><del><strong>toys with a mobile phone. This would
+ enable crackers</strong></del></span>
+ <span class="inserted"><ins><em>ugly word “monetize”. A good
replacement for that word
+ is “exploit”; nearly always that will fit perfectly.</p>
+ </li>
+
+ <li id="M201505060">
+ <p>Gratis Android apps (but not <a
+ href="/philosophy/free-sw.html">free software</a>)
connect</em></ins></span> to <span class="removed"><del><strong>listen in on a
child's speech,</strong></del></span> <span class="inserted"><ins><em>100 <a
+
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking</em></ins></span>
+ and <span class="removed"><del><strong>even speak
+ into</strong></del></span> <span
class="inserted"><ins><em>advertising</a> URLs, on</em></ins></span> the
<span class="removed"><del><strong>toys
themselves.</p></strong></del></span> <span
class="inserted"><ins><em>average.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li>
+ <p>A computerized vibrator</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201504060">
+ <p>Widely used</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop</em></ins></span> on <span
class="removed"><del><strong>its users through</strong></del></span> the <span
class="removed"><del><strong>proprietary control app</a>.</p>
+
+ <p>The app was reporting</strong></del></span> <span
class="inserted"><ins><em>user</a>. This is in addition
to</em></ins></span>
+ the <span class="removed"><del><strong>temperature
of</strong></del></span> <span class="inserted"><ins><em>snooping done
by</em></ins></span> the <span class="removed"><del><strong>vibrator
minute</strong></del></span> <span class="inserted"><ins><em>phone company, and
perhaps</em></ins></span> by
+ <span class="removed"><del><strong>minute (thus, indirectly, whether it
was surrounded</strong></del></span> <span class="inserted"><ins><em>the OS in
+ the phone.</p>
- <p>The app was reporting the temperature of the vibrator minute by
- minute (thus, indirectly, whether it was surrounded by a person's
- body), as well as the vibration frequency.</p>
+ <p>Don't be distracted</em></ins></span> by <span
class="removed"><del><strong>a person's
+ body), as well as</strong></del></span> the <span
class="removed"><del><strong>vibration frequency.</p>
- <p>Note the totally inadequate proposed response: a labeling
+ <p>Note</strong></del></span> <span
class="inserted"><ins><em>question of whether</em></ins></span> the <span
class="removed"><del><strong>totally inadequate proposed response: a labeling
standard with which manufacturers would make statements about
- their products, rather than free software which users could have
+ their products, rather than free software which</strong></del></span>
<span class="inserted"><ins><em>app developers
+ get</em></ins></span> users <span class="removed"><del><strong>could have
checked and changed.</p>
- <p>The company that made the vibrator
- <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for collecting lots of personal information about how
- people used it</a>.</p>
+ <p>The company that made</strong></del></span> <span
class="inserted"><ins><em>to say “I agree”. That is no excuse for
+ malware.</p>
+ </li>
- <p>The company's statement that it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data to a
- data broker, the data broker would have been able to figure out
- who the user was.</p>
+ <li id="M201411260">
+ <p>Many proprietary apps for mobile devices
+ report which other apps</em></ins></span> the <span
class="removed"><del><strong>vibrator</strong></del></span> <span
class="inserted"><ins><em>user has installed.</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
+ was sued for collecting lots</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way that at least is visible and optional</a>. Not
+ as bad as what the others do.</p>
+ </li>
+
+ <li id="M201401151">
+ <p>The Simeji keyboard is a smartphone version</em></ins></span> of
<span class="removed"><del><strong>personal information about how
+ people used it</a>.</p></strong></del></span> <span
class="inserted"><ins><em>Baidu's <a
+ href="/proprietary/proprietary-surveillance.html#baidu-ime">spying
<abbr
+ title="Input Method Editor">IME</abbr></a>.</p>
+ </li>
+
+ <li id="M201312270"></em></ins></span>
+ <p>The <span class="removed"><del><strong>company's statement that
it was anonymizing</strong></del></span> <span
class="inserted"><ins><em>nonfree Snapchat app's principal purpose is to
restrict</em></ins></span> the
+ <span class="inserted"><ins><em>use of</em></ins></span> data <span
class="removed"><del><strong>may be
+ true,</strong></del></span> <span class="inserted"><ins><em>on the
user's computer,</em></ins></span> but it <span
class="removed"><del><strong>doesn't really matter. If</strong></del></span>
<span class="inserted"><ins><em>does surveillance too: <a
+
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
+ it tries to get the user's list of other people's phone
+ numbers</a>.</p>
+ </li>
+
+ <li id="M201312060">
+ <p>The Brightest Flashlight app <a
+
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by
companies</a>.</p>
+
+ <p>The FTC criticized this app because</em></ins></span> it <span
class="removed"><del><strong>had sold</strong></del></span> <span
class="inserted"><ins><em>asked</em></ins></span> the <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>user</em></ins></span> to <span
class="removed"><del><strong>a</strong></del></span>
+ <span class="inserted"><ins><em>approve sending personal</em></ins></span>
data <span class="removed"><del><strong>broker,</strong></del></span> <span
class="inserted"><ins><em>to</em></ins></span> the <span
class="removed"><del><strong>data broker would have been
able</strong></del></span> <span class="inserted"><ins><em>app developer but
did not ask
+ about sending it</em></ins></span> to <span
class="removed"><del><strong>figure out
+ who</strong></del></span> <span class="inserted"><ins><em>other
companies. This shows</em></ins></span> the <span
class="removed"><del><strong>user was.</p>
<p>Following this lawsuit,
- <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay a total of C$4m</a>
- to its customers.</p>
+ <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></strong></del></span>
<span class="inserted"><ins><em>weakness of</em></ins></span>
+ the <span class="removed"><del><strong>company has been
ordered</strong></del></span> <span
class="inserted"><ins><em>reject-it-if-you-dislike-snooping
“solution”</em></ins></span> to <span
class="removed"><del><strong>pay</strong></del></span>
+ <span class="inserted"><ins><em>surveillance: why should</em></ins></span>
a <span class="removed"><del><strong>total of
C$4m</a></strong></del></span> <span class="inserted"><ins><em>flashlight
app send any information</em></ins></span> to <span
class="removed"><del><strong>its customers.</p></strong></del></span>
+ <span class="inserted"><ins><em>anyone? A free software flashlight app
would not.</p></em></ins></span>
</li>
- <li><p> “CloudPets” toys with microphones <a
<span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak</em></ins></span> childrens' conversations to the
manufacturer</a>. Guess what? <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers</strong></del></span>
- <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers</em></ins></span> found a way to access the data</a>
collected by the
- manufacturer's snooping.</p>
+ <span class="removed"><del><strong><li><p>
“CloudPets” toys with microphones</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212100">
+ <p>FTC says most mobile apps for children don't respect
privacy:</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to the
+ manufacturer</a>. Guess what?</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInSkype">Skype</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201307110">
+ <p>Skype contains</em></ins></span> <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found a way to access the data</a>
+ collected by the manufacturer's snooping.</p>
<p>That the manufacturer and the FBI could listen to these
conversations
was unacceptable by itself.</p></li>
- <li><p>Barbie
- <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p>
+ <li><p>Barbie</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
+ Microsoft changed Skype</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically for spying</a>.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareOnSmartWatches -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<span class="removed"><del><strong><!-- #SpywareOnSmartWatches -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
--></strong></del></span>
-<div class="big-section">
- <h3 id="SpywareOnSmartWatches">Spyware on “Smart”
Watches</h3>
- <span class="anchor-reference-id">
- (<a
href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span>
+
+<div <span class="removed"><del><strong>class="big-section">
+ <h3 id="SpywareOnSmartWatches">Spyware on “Smart”
Watches</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
+ <h4 id="SpywareInGames">Games</h4></em></ins></span>
+ <span <span class="removed"><del><strong>class="anchor-reference-id">
+ (<a
href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span></strong></del></span>
<span class="inserted"><ins><em>class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span></em></ins></span>
</div>
-<div style="clear: left;"></div>
+<span class="removed"><del><strong><div style="clear: left;"></div>
<ul>
<li>
- <p>An LG “smart” watch is designed
- <a
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
- to report its location to someone else and to transmit
+ <p>An LG “smart” watch</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201806240">
+ <p>Red Shell</em></ins></span> is <span
class="removed"><del><strong>designed</strong></del></span> <span
class="inserted"><ins><em>a spyware that
+ is found in many proprietary games. It</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
+ tracks data on users' computers and sends it</em></ins></span> to <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>third parties</a>.</p>
+ </li>
+
+ <li id="M201804144">
+ <p>ArenaNet surreptitiously installed a spyware
+ program along with an update to the massive
+ multiplayer game Guild War 2. The spyware allowed ArenaNet <a
+
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
+ to snoop on all open processes running on</em></ins></span> its <span
class="removed"><del><strong>location</strong></del></span> <span
class="inserted"><ins><em>user's computer</a>.</p>
+ </li>
+
+ <li id="M201711070">
+ <p>The driver for a certain gaming keyboard <a
+
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
+ information</em></ins></span> to <span
class="removed"><del><strong>someone else</strong></del></span> <span
class="inserted"><ins><em>China</a>.</p>
+ </li>
+
+ <li id="M201512290">
+ <p>Many <a
+
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users</em></ins></span> and <span
class="inserted"><ins><em>report</em></ins></span> to <span
class="removed"><del><strong>transmit
conversations too</a>.</p>
</li>
- <li>
- <p>A very cheap “smart watch” comes with an Android app
- <a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
- that connects to an unidentified site in China</a>.</p>
- <p>The article says this is a back door, but that could be a
+ <li></strong></del></span> <span class="inserted"><ins><em>the
+ internet</a>—even what their users
weigh.</p></em></ins></span>
+
+ <p>A <span class="removed"><del><strong>very cheap “smart
watch” comes</strong></del></span> <span class="inserted"><ins><em>game
console is a computer, and you can't trust a computer</em></ins></span> with
<span class="removed"><del><strong>an Android app</strong></del></span>
+ <span class="inserted"><ins><em>a nonfree operating system.</p>
+ </li>
+
+ <li id="M201509160">
+ <p>Modern gratis game cr…apps</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/"></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range of data about their users and their users'
+ friends and associates</a>.</p>
+
+ <p>Even nastier, they do it through ad networks</em></ins></span>
that <span class="removed"><del><strong>connects to an unidentified site in
China</a>.</p>
+ <p>The article says</strong></del></span> <span
class="inserted"><ins><em>merge the data
+ collected by various cr…apps and sites made by different
+ companies.</p>
+
+ <p>They use</em></ins></span> this <span
class="removed"><del><strong>is</strong></del></span> <span
class="inserted"><ins><em>data to manipulate people to buy things, and hunt for
+ “whales” who can be led to spend a lot of money. They also
+ use</em></ins></span> a back <span class="removed"><del><strong>door,
but</strong></del></span> <span class="inserted"><ins><em>door to manipulate
the game play for specific players.</p>
+
+ <p>While the article describes gratis games, games</em></ins></span>
that <span class="removed"><del><strong>could be a
misunderstanding. However, it is certainly surveillance, at
- least.</p>
+ least.</p></strong></del></span> <span
class="inserted"><ins><em>cost money
+ can use the same tactics.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<!-- #SpywareAtLowLevel -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
@@ -1046,10 +1820,14 @@
</div>
<ul>
-<li><p>
-<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
-Note that the specific sabotage method Lenovo used did not affect
+<li><p></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201401280">
+ <p>Angry Birds</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies,</em></ins></span> and <span
class="removed"><del><strong>spyware via BIOS</a> on Windows installs.
+Note that</strong></del></span> the <span
class="removed"><del><strong>specific sabotage method Lenovo used did not affect
GNU/Linux; also, a “clean” Windows install is not really
clean since <a href="/proprietary/malware-microsoft.html">Microsoft
puts in its own malware</a>.
@@ -1057,78 +1835,168 @@
</ul>
<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>NSA takes advantage</em></ins></span>
+ to <span class="removed"><del><strong>place new
items</strong></del></span> <span class="inserted"><ins><em>spy through it
too</a>. Here's information on <a
+
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more spyware apps</a>.</p>
+
+ <p><a
+
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p>
+ </li>
+
+ <li id="M200510200">
+ <p>Blizzard Warden is a hidden
+ “cheating-prevention” program that <a
+ href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
+ spies</em></ins></span> on <span class="removed"><del><strong>top under
each subsection --></strong></del></span> <span
class="inserted"><ins><em>every process running on a gamer's computer and
sniffs a
+ good deal of personal data</a>, including lots of activities which
+ have nothing to do with cheating.</p>
+ </li>
+</ul></em></ins></span>
+
+
<div class="big-section">
- <h3 id="SpywareAtWork">Spyware at Work</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
+ <h3 <span class="removed"><del><strong>id="SpywareAtWork">Spyware at
Work</h3></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInEquipment">Spyware in Connected
Equipment</h3></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtWork">#SpywareAtWork</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInEquipment">#SpywareInEquipment</a>)</span></em></ins></span>
</div>
<div style="clear: left;"></div>
-<ul>
+<span class="removed"><del><strong><ul>
<li><p>Investigation
- Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201708280">
+ <p>The bad security in many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
- <p>Specifically, it can collect the emails of members of Parliament
+ <p>Specifically, it can collect</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop on</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
this way, because they pass it through Microsoft.</p></li>
- <li><p>Spyware in Cisco TNP IP phones:
- <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
+ <li><p>Spyware in Cisco TNP IP phones:</strong></del></span>
<span class="inserted"><ins><em>people that use them</a>.</p>
+
+ <p>Don't be a sucker—reject all the stings.</p>
+
+ <p>It is unfortunate that the article uses the
term</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInSkype">Spyware in Skype</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInSkype">Spyware in
Skype</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInTVSets">TV
Sets</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInSkype">#SpywareInSkype</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></em></ins></span>
</div>
-<ul>
+<span class="removed"><del><strong><ul>
<li><p>Spyware in Skype:
<a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
- Microsoft changed Skype
- <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically for spying</a>.</p>
+ Microsoft changed Skype</strong></del></span>
+
+<span class="inserted"><ins><em><p>Emo Phillips made a joke: The other
day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul class="blurbs">
+ <li id="M201804010">
+ <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ load downgrades that install a surveillance app</a>.</p>
+
+ <p>We link to the article</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>the facts it presents. It
+ is too bad that the article finishes by advocating the
+ moral weakness of surrendering to Netflix. The Netflix app <a
+ href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
+ malware too</a>.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<!-- #SpywareOnTheRoad -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<!-- WEBMASTERS: make sure</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201702060">
+ <p>Vizio “smart” <a
+
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts and
+ cable</a>. Even if the image is coming from the user's own computer,
+ the TV reports what it is. The existence of a way to disable the
+ surveillance, even if it were not hidden as it was in these TVs,
+ does not legitimize the surveillance.</p>
+ </li>
+
+ <li id="M201511130">
+ <p>Some web and TV advertisements play inaudible
+ sounds</em></ins></span> to <span class="removed"><del><strong>place new
items on top under each subsection -->
<div class="big-section">
- <h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
+ <h3 id="SpywareOnTheRoad">Spyware</strong></del></span> <span
class="inserted"><ins><em>be picked up by proprietary malware
running</em></ins></span>
+ on <span class="removed"><del><strong>The Road</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
</div>
<div style="clear: left;"></div>
<div class="big-subsection">
- <h4 id="SpywareInCameras">Spyware in Cameras</h4>
+ <h4 id="SpywareInCameras">Spyware</strong></del></span> <span
class="inserted"><ins><em>other devices</em></ins></span> in <span
class="removed"><del><strong>Cameras</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
<ul>
<li>
- <p>Every “home security” camera, if its manufacturer can
communicate with it,
- is a surveillance device. <a
-href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
+ <p>Every “home security” camera, if its
manufacturer</strong></del></span> <span class="inserted"><ins><em>range so as
to determine that they
+ are nearby. Once your Internet devices are paired with
+ your TV, advertisers</em></ins></span> can <span
class="removed"><del><strong>communicate</strong></del></span> <span
class="inserted"><ins><em>correlate ads</em></ins></span> with <span
class="removed"><del><strong>it,
+ is a surveillance device.</strong></del></span> <span
class="inserted"><ins><em>Web activity, and other</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
Canary camera is an example</a>.</p>
- <p>The article describes wrongdoing by the manufacturer, based on
the fact
- that the device is tethered to a server.</p>
+ <p>The article describes wrongdoing by the manufacturer,
based</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
+ cross-device tracking</a>.</p>
+ </li>
+
+ <li id="M201511060">
+ <p>Vizio goes a step further than other TV
+ manufacturers in spying</em></ins></span> on <span
class="removed"><del><strong>the fact</strong></del></span> <span
class="inserted"><ins><em>their users: their <a
+
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in detail and
+ link them your IP address</a> so</em></ins></span> that <span
class="removed"><del><strong>the device</strong></del></span> <span
class="inserted"><ins><em>advertisers can track you
+ across devices.</p>
+
+ <p>It</em></ins></span> is <span
class="removed"><del><strong>tethered</strong></del></span> <span
class="inserted"><ins><em>possible</em></ins></span> to <span
class="removed"><del><strong>a server.</p>
<p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
- <p>But it also demonstrates that the device gives the company
- surveillance capability.</p>
+ <p>But</strong></del></span> <span class="inserted"><ins><em>turn
this off, but having</em></ins></span> it <span
class="removed"><del><strong>also demonstrates that</strong></del></span> <span
class="inserted"><ins><em>enabled by default
+ is an injustice already.</p>
</li>
- <li>
- <p>The Nest Cam “smart” camera is <a
- href="http://www.bbc.com/news/technology-34922712">always
- watching</a>, even when the “owner” switches it
“off.”</p>
+ <li id="M201511020">
+ <p>Tivo's alliance with Viacom adds 2.3 million households
+ to</em></ins></span> the <span class="removed"><del><strong>device
gives</strong></del></span> <span class="inserted"><ins><em>600 millions social
media profiles</em></ins></span> the company
+ <span class="inserted"><ins><em>already monitors. Tivo customers are
unaware they're
+ being watched by advertisers. By combining TV viewing
+ information with online social media participation, Tivo can now <a
+ href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+ correlate TV advertisement with online purchases</a>, exposing all
+ users to new combined</em></ins></span> surveillance <span
class="removed"><del><strong>capability.</p></strong></del></span> <span
class="inserted"><ins><em>by default.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li>
+ <p>The Nest Cam</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201507240">
+ <p>Vizio</em></ins></span> “smart” <span
class="removed"><del><strong>camera is</strong></del></span> <span
class="inserted"><ins><em>TVs recognize and</em></ins></span> <a
+ <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
+ what people are</em></ins></span> watching</a>, <span
class="removed"><del><strong>even when the “owner” switches it
“off.”</p>
<p>A “smart” device means the manufacturer is using it
to outsmart
you.</p>
</li>
@@ -1141,20 +2009,26 @@
<ul>
<li><p>E-books can contain JavaScript code,
- and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
- this code snoops on readers</a>.</p>
+ and</strong></del></span> <span class="inserted"><ins><em>even if it isn't
a TV channel.</p>
+ </li>
+
+ <li id="M201505290">
+ <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"></em></ins></span>
+ snoops on <span class="removed"><del><strong>readers</a>.</p>
</li>
<li><p>Spyware in many e-readers—not only the
Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">
- they report even which page the user reads at what
time</a>.</p>
+ they report</strong></del></span> <span class="inserted"><ins><em>what
programs people watch, and</em></ins></span> even <span
class="removed"><del><strong>which page the user reads at</strong></del></span>
what <span class="removed"><del><strong>time</a>.</p>
</li>
<li><p>Adobe made “Digital Editions,” the e-reader
used
by most US libraries,
<a
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
send lots of data to Adobe</a>. Adobe's “excuse”: it's
- needed to check DRM!</p>
+ needed</strong></del></span> <span class="inserted"><ins><em>they
wanted</em></ins></span> to <span class="removed"><del><strong>check
DRM!</p>
</li>
</ul>
@@ -1166,72 +2040,146 @@
<ul>
<li><p>Computerized cars with nonfree software are
<a
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
- snooping devices</a>.</p>
+ snooping devices</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>record</a>.</p></em></ins></span>
</li>
- <li id="nissan-modem"><p>The Nissan Leaf has a built-in cell
phone modem which allows
+ <li <span class="removed"><del><strong>id="nissan-modem"><p>The
Nissan Leaf has a built-in cell phone modem which allows
effectively
- anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ anyone</strong></del></span> <span
class="inserted"><ins><em>id="M201504300">
+ <p>Vizio</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
access its computers remotely and make changes in various
settings</a>.</p>
- <p>That's easy to do because the system has no authentication when
- accessed through the modem. However, even if it asked for
+ <p>That's easy</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+ used a firmware “upgrade”</em></ins></span> to <span
class="inserted"><ins><em>make its TVs snoop on what
+ users watch</a>. The TVs did not</em></ins></span> do <span
class="removed"><del><strong>because the system has no
authentication</strong></del></span> <span
class="inserted"><ins><em>that</em></ins></span> when
+ <span class="removed"><del><strong>accessed through</strong></del></span>
<span class="inserted"><ins><em>first sold.</p>
+ </li>
+
+ <li id="M201502090">
+ <p>The Samsung “Smart” TV <a
+
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
+ transmits users' voice on</em></ins></span> the <span
class="removed"><del><strong>modem. However, even if</strong></del></span>
<span class="inserted"><ins><em>internet to another company, Nuance</a>.
+ Nuance can save</em></ins></span> it <span
class="removed"><del><strong>asked for
authentication, you couldn't be confident that Nissan has no
access. The software in the car is
proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
- means it demands blind faith from its users</a>.</p>
+ means</strong></del></span> <span class="inserted"><ins><em>and would then
have to give</em></ins></span> it <span class="removed"><del><strong>demands
blind faith from its users</a>.</p>
+
+ <p>Even if no one connects</strong></del></span> to the <span
class="removed"><del><strong>car remotely, the cell phone
+ modem enables the phone company</strong></del></span> <span
class="inserted"><ins><em>US or some
+ other government.</p>
+
+ <p>Speech recognition is not</em></ins></span> to <span
class="removed"><del><strong>track the car's movements all
+ the time;</strong></del></span> <span class="inserted"><ins><em>be trusted
unless</em></ins></span> it is <span class="removed"><del><strong>possible to
physically remove</strong></del></span> <span class="inserted"><ins><em>done by
free
+ software in your own computer.</p>
+
+ <p>In its privacy policy, Samsung explicitly confirms that <a
+
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
+ data containing sensitive information will be transmitted to third
+ parties</a>.</p>
+ </li>
- <p>Even if no one connects to the car remotely, the cell phone
- modem enables the phone company to track the car's movements all
- the time; it is possible to physically remove the cell phone modem
- though.</p>
+ <li id="M201411090">
+ <p>The Amazon “Smart” TV is <a
+
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ snooping all</em></ins></span> the <span class="removed"><del><strong>cell
phone modem
+ though.</p></strong></del></span> <span
class="inserted"><ins><em>time</a>.</p></em></ins></span>
</li>
- <li id="records-drivers"><p>Proprietary software in cars
- <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
+ <li <span
class="removed"><del><strong>id="records-drivers"><p>Proprietary
software in cars</strong></del></span> <span
class="inserted"><ins><em>id="M201409290">
+ <p>More or less all “smart” TVs</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
which is made available to car manufacturers, insurance companies, and
- others.</p>
+ others.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their users</a>.</p></em></ins></span>
+
+ <p>The <span class="removed"><del><strong>case</strong></del></span>
<span class="inserted"><ins><em>report was as</em></ins></span> of <span
class="removed"><del><strong>toll-collection systems, mentioned
in</strong></del></span> <span class="inserted"><ins><em>2014, but we don't
expect</em></ins></span> this <span class="removed"><del><strong>article, is not
+ really a matter of proprietary surveillance. These
systems</strong></del></span> <span class="inserted"><ins><em>has got
+ better.</p>
- <p>The case of toll-collection systems, mentioned in this article,
is not
- really a matter of proprietary surveillance. These systems are an
+ <p>This shows that laws requiring products to get users' formal
+ consent before collecting personal data</em></ins></span> are <span
class="removed"><del><strong>an
intolerable invasion of privacy, and should be replaced with anonymous
- payment systems, but the invasion isn't done by malware. The other
- cases mentioned are done by proprietary malware in the
car.</p></li>
-
- <li><p>Tesla cars allow the company to extract data remotely and
- determine the car's location at any time. (See
+ payment systems, but</strong></del></span> <span
class="inserted"><ins><em>totally inadequate.
+ And what happens if a user declines consent? Probably</em></ins></span>
the <span class="removed"><del><strong>invasion isn't done by malware. The other
+ cases mentioned</strong></del></span> <span class="inserted"><ins><em>TV
will
+ say, “Without your consent to tracking, the TV will not
+ work.”</p>
+
+ <p>Proper laws would say that TVs</em></ins></span> are <span
class="removed"><del><strong>done by proprietary malware</strong></del></span>
<span class="inserted"><ins><em>not allowed to report what the
+ user watches—no exceptions!</p>
+ </li>
+
+ <li id="M201405200">
+ <p>Spyware</em></ins></span> in <span class="inserted"><ins><em>LG
“smart” TVs <a
+
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ reports what</em></ins></span> the <span
class="removed"><del><strong>car.</p></li>
+
+ <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>user watches, and</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>switch</em></ins></span> to <span
class="removed"><del><strong>extract data remotely and
+ determine</strong></del></span> <span class="inserted"><ins><em>turn
this off has
+ no effect</a>. (The fact that</em></ins></span> the <span
class="removed"><del><strong>car's location at any time. (See
<a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b and c.</a>). The company says it doesn't
- store this information, but if the state orders it to get the data
- and hand it over, the state can store it.</p>
+ Section 2, paragraphs b and c.</a>). The company
says</strong></del></span> <span class="inserted"><ins><em>transmission reports
a 404 error
+ really means nothing; the server could save that data anyway.)</p>
+
+ <p>Even worse,</em></ins></span> it <span
class="removed"><del><strong>doesn't
+ store this information, but if</strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
+ snoops on other devices on</em></ins></span> the <span
class="removed"><del><strong>state orders</strong></del></span> <span
class="inserted"><ins><em>user's local network</a>.</p>
+
+ <p>LG later said</em></ins></span> it <span
class="inserted"><ins><em>had installed a patch to stop this, but any
+ product could spy this way.</p>
+
+ <p>Meanwhile, LG TVs <a
+
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
+ do lots of spying anyway</a>.</p>
+ </li>
+
+ <li id="M201212170">
+ <p id="break-security-smarttv"><a
+
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>get the data</strong></del></span> <span
class="inserted"><ins><em>break security on a “smart”
TV</a></em></ins></span>
+ and <span class="removed"><del><strong>hand it over,</strong></del></span>
<span class="inserted"><ins><em>use its camera to watch</em></ins></span> the
<span class="removed"><del><strong>state can store
it.</p></strong></del></span> <span class="inserted"><ins><em>people who
are watching TV.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<span class="removed"><del><strong><!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
--></strong></del></span>
-<div class="big-section">
- <h3 id="SpywareAtHome">Spyware at Home</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+
+<div <span class="removed"><del><strong>class="big-section">
+ <h3 id="SpywareAtHome">Spyware at
Home</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
+ <h4 id="SpywareInCameras">Cameras</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtHome">#SpywareAtHome</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
</div>
-<div style="clear: left;"></div>
+<span class="removed"><del><strong><div style="clear: left;"></div>
<ul>
- <span class="inserted"><ins><em><li><p>A medical insurance
- company <a
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
- offers a gratis electronic toothbrush that snoops on its user
- by sending usage data back over the Internet</a>.</p>
- </li></em></ins></span>
+ <li><p>Lots</strong></del></span>
- <li><p>Lots of “smart” products are
- designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
- listen to everyone in the house, all the time</a>.</p>
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201603220">
+ <p>Over 70 brands</em></ins></span> of <span
class="removed"><del><strong>“smart” products are
+ designed</strong></del></span> <span
class="inserted"><ins><em>network-connected surveillance cameras
have</em></ins></span> <a <span
class="removed"><del><strong>href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
+ listen</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>everyone in the house, all</strong></del></span>
<span class="inserted"><ins><em>watch through them</a>.</p>
+ </li>
+
+ <li id="M201511250">
+ <p>The Nest Cam “smart” camera is <a
+ href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
+ even when</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p>
<p>Today's technological practice does not include any way of
making a device that can obey your voice commands without
- potentially spying on you. Even if it is air-gapped, it could be
+ potentially spying on you. Even if</strong></del></span> <span
class="inserted"><ins><em>“owner” switches</em></ins></span> it
<span class="inserted"><ins><em>“off.”</p>
+
+ <p>A “smart” device means the
manufacturer</em></ins></span> is <span
class="removed"><del><strong>air-gapped,</strong></del></span> <span
class="inserted"><ins><em>using</em></ins></span> it <span
class="removed"><del><strong>could be
saving up records about you for later examination.</p>
</li>
@@ -1241,186 +2189,379 @@
</li>
<li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed to spy on their
renters</a>.</p>
+ Rent-to-own computers were programmed</strong></del></span>
+ to <span class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>outsmart you.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInTVSets">Spyware in TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
</div>
-<p>Emo Phillips made a joke: The other day a woman came up to me and
+<span class="removed"><del><strong><p>Emo Phillips made a joke: The
other day</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201711244">
+ <p>The Furby Connect has</em></ins></span> a <span
class="removed"><del><strong>woman came up to me and
said, “Didn't I see you on television?” I said, “I
don't know. You can't see out the other way.” Evidently that was
before Amazon “smart” TVs.</p>
<ul>
- <span class="inserted"><ins><em><li><p>Some “Smart”
TVs
- automatically <a
href="https://news.ycombinator.com/item?id=16727319">load
- downgrades that install a surveillance app</a>.</p>
-
- <p>We link to the article for the facts it presents. It is too bad
- that the article finishes by advocating the moral weakness of
- surrendering to Netflix. The Netflix
- app <a
href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
- malware too</a>.</p>
- </li></em></ins></span>
-
<li>
<p>Vizio
- “smart” <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ “smart”</strong></del></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
report everything that is viewed on them, and not just broadcasts
and cable</a>. Even if the image is coming from the user's own
computer, the TV reports what it is. The existence of a way to
- disable the surveillance, even if it were not hidden as it was in
- these TVs, does not legitimize the surveillance.</p>
+ disable</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
+ universal back door</a>. If</em></ins></span> the <span
class="removed"><del><strong>surveillance, even if it were not
hidden</strong></del></span> <span class="inserted"><ins><em>product as shipped
doesn't act</em></ins></span> as <span class="inserted"><ins><em>a
+ listening device, remote changes to the code could surely
convert</em></ins></span> it
+ <span class="inserted"><ins><em>into one.</p>
+ </li>
+
+ <li id="M201711100">
+ <p>A remote-control sex toy</em></ins></span> was <span
class="removed"><del><strong>in
+ these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>found to make <a
+
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>conversation between two
users</a>.</p></em></ins></span>
</li>
- <li><p>More or less all “smart” TVs <a
-href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their users</a>.</p>
+ <span class="removed"><del><strong><li><p>More or less all
“smart” TVs</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703140">
+ <p>A computerized vibrator</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping</em></ins></span> on <span class="removed"><del><strong>their
users</a>.</p></strong></del></span> <span
class="inserted"><ins><em>its users through the proprietary control
app</a>.</p></em></ins></span>
- <p>The report was as of 2014, but we don't expect this has got
better.</p>
+ <p>The <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>app</em></ins></span> was <span
class="removed"><del><strong>as</strong></del></span> <span
class="inserted"><ins><em>reporting the temperature</em></ins></span> of <span
class="removed"><del><strong>2014, but we don't expect this has got
better.</p>
<p>This shows that laws requiring products to get users' formal
consent before collecting personal data are totally inadequate.
- And what happens if a user declines consent? Probably the TV
- will say, “Without your consent to tracking, the TV will
+ And what happens if a user declines consent?
Probably</strong></del></span> the <span class="removed"><del><strong>TV
+ will say, “Without your consent to tracking,</strong></del></span>
<span class="inserted"><ins><em>vibrator minute by
+ minute (thus, indirectly, whether it was surrounded by a person's
+ body), as well as</em></ins></span> the <span
class="removed"><del><strong>TV will
not work.”</p>
- <p>Proper laws would say that TVs are not allowed to report what
- the user watches — no exceptions!</p>
+ <p>Proper laws would say that TVs are not allowed to report
what</strong></del></span> <span class="inserted"><ins><em>vibration
frequency.</p>
+
+ <p>Note</em></ins></span> the <span
class="removed"><del><strong>user watches — no exceptions!</p>
</li>
- <li><p>Vizio goes a step further than other TV manufacturers in
spying on
- their users: their <a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers can track you
+ <li><p>Vizio goes</strong></del></span> <span
class="inserted"><ins><em>totally inadequate proposed
response:</em></ins></span> a <span class="removed"><del><strong>step further
than other TV</strong></del></span> <span class="inserted"><ins><em>labeling
+ standard with which</em></ins></span> manufacturers <span
class="removed"><del><strong>in spying on
+ their users:</strong></del></span> <span class="inserted"><ins><em>would
make statements about</em></ins></span> their <span
class="removed"><del><strong><a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in
detail</strong></del></span>
+ <span class="inserted"><ins><em>products, rather than free software which
users could have checked</em></ins></span>
+ and
+ <span class="removed"><del><strong>link them your IP address</a>
so</strong></del></span> <span class="inserted"><ins><em>changed.</p>
+
+ <p>The company</em></ins></span> that <span
class="removed"><del><strong>advertisers can track you
across devices.</p>
- <p>It is possible to turn this off, but having it enabled by
default
- is an injustice already.</p>
- </li>
+ <p>It is possible</strong></del></span> <span
class="inserted"><ins><em>made the vibrator <a
+
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
+ was sued for collecting lots of personal information about how people
+ used it</a>.</p>
- <li><p>Tivo's alliance with Viacom adds 2.3 million households to
- the 600 millions social media profiles the company already
+ <p>The company's statement that it was anonymizing the data may be
+ true, but it doesn't really matter. If it had sold the data to a data
+ broker, the data broker would have been able</em></ins></span> to <span
class="removed"><del><strong>turn</strong></del></span> <span
class="inserted"><ins><em>figure out who the
+ user was.</p>
+
+ <p>Following</em></ins></span> this <span
class="removed"><del><strong>off, but having it enabled by default
+ is an injustice already.</p></strong></del></span> <span
class="inserted"><ins><em>lawsuit, <a
+
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered to pay a total of C$4m</a> to its
+ customers.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>Tivo's
alliance</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201702280">
+ <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>Viacom adds 2.3 million
households</strong></del></span> <span class="inserted"><ins><em>microphones
<a
+
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
+ leak childrens' conversations</em></ins></span> to the <span
class="removed"><del><strong>600 millions social media profiles the company
already
monitors. Tivo customers are unaware they're being watched by
advertisers. By combining TV viewing information with online
- social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement with online purchases</a>, exposing all users to
- new combined surveillance by default.</p></li>
- <li><p>Some web and TV advertisements play inaudible sounds to be
- picked up by proprietary malware running on other devices in
+ social media participation, Tivo can now</strong></del></span> <span
class="inserted"><ins><em>manufacturer</a>. Guess what?</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all
users</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
+ Crackers found a way</em></ins></span> to
+ <span class="removed"><del><strong>new combined
surveillance</strong></del></span> <span class="inserted"><ins><em>access the
data</a> collected</em></ins></span> by <span
class="removed"><del><strong>default.</p></li>
+ <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>the
+ manufacturer's snooping.</p>
+
+ <p>That the manufacturer</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>the FBI could
listen</em></ins></span> to <span class="removed"><del><strong>be
+ picked up</strong></del></span> <span class="inserted"><ins><em>these
+ conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>proprietary malware running on other devices in
range so as to determine that they are nearby. Once your
Internet devices are paired with your TV, advertisers can
correlate ads with Web activity, and
- other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p>
+ other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span> <span
class="inserted"><ins><em>itself.</p></em></ins></span>
+ </li>
+ <span
class="removed"><del><strong><li><p>Vizio</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201612060">
+ <p>The</em></ins></span> “smart” <span
class="removed"><del><strong>TVs recognize</strong></del></span> <span
class="inserted"><ins><em>toys My Friend Cayla</em></ins></span> and <span
class="inserted"><ins><em>i-Que transmit</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
+ even if it isn't</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
+ conversations to Nuance Communications</a>,</em></ins></span> a
<span class="removed"><del><strong>TV channel.</p></strong></del></span>
<span class="inserted"><ins><em>speech recognition
+ company based in the U.S.</p>
+
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control the toys with a mobile phone. This would enable
+ crackers to listen in on a child's speech, and even speak into the
+ toys themselves.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li><p>The Amazon
“Smart” TV</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201502180">
+ <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
+ snooping all the time</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
+ going to spy on children and adults</a>.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li><p>The Samsung
“Smart” TV</strong></del></span>
+<span class="inserted"><ins><em></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInDrones">Drones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInDrones">#SpywareInDrones</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201708040">
+ <p>While you're using a DJI drone
+ to snoop on other people, DJI is in many cases</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
users' voice</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping</em></ins></span>
+ on <span class="removed"><del><strong>the internet</strong></del></span>
<span class="inserted"><ins><em>you</a>.</p>
</li>
- <li><p>Vizio “smart” TVs recognize and
- <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what
people are watching</a>,
- even if it isn't a TV channel.</p>
- </li>
- <li><p>The Amazon “Smart” TV
- <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
- snooping all the time</a>.</p>
- </li>
- <li><p>The Samsung “Smart” TV
- <a
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
users' voice on the internet to another
- company, Nuance</a>. Nuance can save it and would then have to
- give it to the US or some other government.</p>
- <p>Speech recognition is not to be trusted unless it is done
- by free software in your own computer.</p>
-
- <p>In its privacy policy, Samsung explicitly confirms
- that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be transmitted to
- third parties</a>.</p>
- </li>
- <li><p>Spyware in
- <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- LG “smart” TVs</a> reports what the user watches, and
- the switch to turn this off has no effect. (The fact that the
- transmission reports a 404 error really means nothing; the server
- could save that data anyway.)</p>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareAtHome">Other Appliances</h4><span
class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201808120">
+ <p>Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>another
+ company, Nuance</a>. Nuance can save it</strong></del></span> <span
class="inserted"><ins><em>break the security of an Amazon
device,</em></ins></span>
+ and <span class="removed"><del><strong>would then have to
+ give</strong></del></span> <span class="inserted"><ins><em><a
href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn</em></ins></span> it <span class="inserted"><ins><em>into a listening
device</a> for them.</p>
+
+ <p>It was very difficult for them</em></ins></span> to <span
class="inserted"><ins><em>do this. The job would be much
+ easier for Amazon. And if some government such as China
or</em></ins></span> the US
+ <span class="inserted"><ins><em>told Amazon to do this,</em></ins></span>
or <span class="removed"><del><strong>some other government.</p>
+ <p>Speech recognition is not</strong></del></span> <span
class="inserted"><ins><em>cease</em></ins></span> to <span
class="removed"><del><strong>be trusted unless it is done
+ by free software</strong></del></span> <span
class="inserted"><ins><em>sell the product</em></ins></span> in <span
class="removed"><del><strong>your own computer.</p>
+
+ <p>In its privacy policy, Samsung explicitly
confirms</strong></del></span> that <span class="inserted"><ins><em>country,
+ do you think Amazon would have the moral fiber to say no?</p>
+
+ <p>These crackers are probably hackers too, but
please</em></ins></span> <a <span
class="removed"><del><strong>href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
+ data containing sensitive information will be
transmitted</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://stallman.org/articles/on-hacking.html">
don't use
+ “hacking”</em></ins></span> to
+ <span class="removed"><del><strong>third
parties</a>.</p></strong></del></span> <span
class="inserted"><ins><em>mean “breaking
security”</a>.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li><p>Spyware
in</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804140">
+ <p>A medical insurance company</em></ins></span> <a <span
class="removed"><del><strong>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ LG “smart” TVs</a> reports what
the</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
+ offers a gratis electronic toothbrush that snoops on its</em></ins></span>
user <span class="removed"><del><strong>watches, and</strong></del></span>
<span class="inserted"><ins><em>by
+ sending usage data back over</em></ins></span> the <span
class="removed"><del><strong>switch</strong></del></span> <span
class="inserted"><ins><em>Internet</a>.</p>
+ </li>
+
+ <li id="M201706204">
+ <p>Lots of “smart” products are designed <a
+
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
+ listen</em></ins></span> to <span class="removed"><del><strong>turn this
off has no effect. (The fact that</strong></del></span> <span
class="inserted"><ins><em>everyone in</em></ins></span> the
+ <span class="removed"><del><strong>transmission reports a 404 error
really means nothing;</strong></del></span> <span
class="inserted"><ins><em>house, all</em></ins></span> the <span
class="removed"><del><strong>server
+ could save</strong></del></span> <span
class="inserted"><ins><em>time</a>.</p>
+
+ <p>Today's technological practice does not include any way of making
+ a device</em></ins></span> that <span class="removed"><del><strong>data
anyway.)</p>
<p>Even worse, it
<a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
- snoops on other devices on the user's local network.</a></p>
+ snoops on other devices</strong></del></span> <span
class="inserted"><ins><em>can obey your voice commands without potentially
spying</em></ins></span>
+ on <span class="removed"><del><strong>the user's local
network.</a></p>
- <p>LG later said it had installed a patch to stop this, but any
product
+ <p>LG later said</strong></del></span> <span
class="inserted"><ins><em>you. Even if</em></ins></span> it <span
class="removed"><del><strong>had installed a patch to stop this, but any product
could spy this way.</p>
- <p>Meanwhile, LG TVs
- <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
do lots of spying anyway</a>.</p>
+ <p>Meanwhile, LG TVs</strong></del></span> <span
class="inserted"><ins><em>is air-gapped, it could be saving up records
+ about you for later examination.</p>
</li>
- <li>
- <p><a
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon
cable TV snoops on what programs people watch, and even what they wanted to
record.</a></p>
+
+ <li id="M201407170">
+ <p id="nest-thermometers">Nest thermometers send</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
do lots</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
lot</em></ins></span> of <span class="removed"><del><strong>spying
anyway</a>.</p></strong></del></span>
+ <span class="inserted"><ins><em>data about the
user</a>.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201310260"></em></ins></span>
+ <p><a <span
class="removed"><del><strong>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon
cable TV snoops on what programs people watch, and even what they
wanted</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed</em></ins></span> to <span
class="removed"><del><strong>record.</a></p></strong></del></span>
<span class="inserted"><ins><em>spy on their
renters</a>.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareInGames -->
-<div class="big-section">
- <h3 id="SpywareInGames">Spyware in Games</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+<span class="removed"><del><strong><!-- #SpywareInGames
--></strong></del></span>
+
+
+<div <span class="removed"><del><strong>class="big-section">
+ <h3 id="SpywareInGames">Spyware in
Games</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
+ <h4 id="SpywareOnWearables">Wearables</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInGames">#SpywareInGames</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareOnWearables">#SpywareOnWearables</a>)</span></em></ins></span>
</div>
-<div style="clear: left;"></div>
+<span class="removed"><del><strong><div style="clear: left;"></div>
<ul>
+
<li>
- <span class="inserted"><ins><em><p>ArenaNet surreptitiously
installed a spyware program along with an
- update to the massive multiplayer game Guild War 2. The spyware
- allowed ArenaNet <a
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
- to snoop on all open processes running on its user's
- computer</a>.</p>
+ <p>The driver for a certain gaming keyboard</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201807260">
+ <p>Tommy Hilfiger clothing</em></ins></span> <a <span
class="removed"><del><strong>href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
information</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
+ monitor how often people wear it</a>.</p>
+
+ <p>This will teach the sheeple to find it normal that companies
+ monitor every aspect of what they do.</p>
+ </li>
+</ul>
+
+
+<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
+
+<ul class="blurbs">
+ <li id="M201603020">
+ <p>A very cheap “smart watch” comes with an Android app
<a
+
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
+ that connects</em></ins></span> to <span class="inserted"><ins><em>an
unidentified site in</em></ins></span> China</a>.</p>
+
+ <span class="inserted"><ins><em><p>The article says this is a back
door, but that could be a
+ misunderstanding. However, it is certainly surveillance, at
least.</p></em></ins></span>
</li>
- <li></em></ins></span>
- <p>The driver for a certain gaming keyboard <a
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
information
- to China</a>.</p>
+ <span class="removed"><del><strong><li><p>nVidia's proprietary
GeForce Experience</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201407090">
+ <p>An LG “smart” watch is designed</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
+ users identify themselves</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
+ to report its location to someone else</em></ins></span> and <span
class="removed"><del><strong>then sends personal data about
them</strong></del></span> to
+ <span class="removed"><del><strong>nVidia
servers</a>.</p></strong></del></span> <span
class="inserted"><ins><em>transmit conversations
+ too</a>.</p></em></ins></span>
</li>
- <li><p>nVidia's proprietary GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
- users identify themselves and then sends personal data about them to
- nVidia servers</a>.</p>
+ <span class="removed"><del><strong><li><p>Angry
Birds</strong></del></span>
+<span class="inserted"><ins><em></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInVehicles">Vehicles</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201810230">
+ <p>GM</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies, and</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
+ tracked</em></ins></span> the <span class="removed"><del><strong>NSA takes
advantage to spy through</strong></del></span> <span
class="inserted"><ins><em>choices of radio programs</a> in its
+ “connected” cars, minute by minute.</p>
+
+ <p>GM did not get users' consent, but</em></ins></span> it <span
class="removed"><del><strong>too</a>.
+ Here's information on</strong></del></span> <span
class="inserted"><ins><em>could have got that easily by
+ sneaking it into the contract that users sign for some digital service
+ or other. A requirement for consent is effectively no protection.</p>
+
+ <p>The cars can also collect lots of other data: listening to you,
+ watching you, following your movements, tracking passengers' cell
+ phones. <em>All</em> such data collection should be
forbidden.</p>
+
+ <p>But if you really want to be safe, we must make sure the car's
+ hardware cannot collect any of that data.</p>
+ </li>
+
+ <li id="M201711230">
+ <p>AI-powered driving apps can <a
+
href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
+ track your every move</a>.</p>
</li>
- <li><p>Angry Birds
- <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies, and the NSA takes advantage to spy through it
too</a>.
- Here's information on
- <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ <li id="M201607160">
+ <p>Computerized cars with nonfree software are</em></ins></span>
<a <span
class="removed"><del><strong>href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
more spyware apps</a>.</p>
<p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
- More about NSA app spying</a>.</p>
+ More about NSA app spying</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
+ snooping devices</a>.</p></em></ins></span>
</li>
- <li><p>Many
- <a
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
- video game consoles snoop on their users and report to the
- internet</a>— even what their users weigh.</p>
+ <span
class="removed"><del><strong><li><p>Many</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201602240">
+ <p id="nissan-modem">The Nissan Leaf has a built-in
+ cell phone modem which allows effectively anyone to</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
+ access its computers remotely</em></ins></span> and <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>make changes in various
+ settings</a>.</p>
+
+ <p>That's easy</em></ins></span> to <span
class="inserted"><ins><em>do because the system has no authentication
+ when accessed through</em></ins></span> the
+ <span
class="removed"><del><strong>internet</a>—</strong></del></span>
<span class="inserted"><ins><em>modem. However,</em></ins></span> even <span
class="removed"><del><strong>what their users weigh.</p>
- <p>A game console is a computer, and you can't trust a computer
with
+ <p>A game console is a computer, and</strong></del></span> <span
class="inserted"><ins><em>if it asked
+ for authentication,</em></ins></span> you <span
class="removed"><del><strong>can't trust a computer with
a nonfree operating system.</p>
</li>
- <li><p>Modern gratis game cr…apps
- <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ <li><p>Modern gratis game cr…apps</strong></del></span>
<span class="inserted"><ins><em>couldn't be confident that Nissan
+ has no access. The software in the car is proprietary,</em></ins></span>
<a <span
class="removed"><del><strong>href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
collect a wide range of data about their users and their users'
- friends and associates</a>.</p>
+ friends and associates</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
means
+ it demands blind faith from its
users</a>.</p></em></ins></span>
+
+ <p>Even <span class="removed"><del><strong>nastier, they
do</strong></del></span> <span class="inserted"><ins><em>if no one connects to
the car remotely, the cell phone modem
+ enables the phone company to track the car's movements all the
time;</em></ins></span>
+ it <span class="removed"><del><strong>through ad networks that
merge</strong></del></span> <span class="inserted"><ins><em>is possible to
physically remove the cell phone modem, though.</p>
+ </li>
- <p>Even nastier, they do it through ad networks that merge the data
- collected by various cr…apps and sites made by different
+ <li id="M201306140">
+ <p>Tesla cars allow</em></ins></span> the <span
class="inserted"><ins><em>company to extract</em></ins></span>
+ data
+ <span class="removed"><del><strong>collected by various
cr…apps</strong></del></span> <span
class="inserted"><ins><em>remotely</em></ins></span> and <span
class="removed"><del><strong>sites made by different
companies.</p>
- <p>They use this data to manipulate people to buy things, and hunt
- for “whales” who can be led to spend a lot of money. They
- also use a back door to manipulate the game play for specific
players.</p>
+ <p>They use this data to manipulate people to buy
things,</strong></del></span> <span class="inserted"><ins><em>determine the
car's location
+ at any time. (See Section 2, paragraphs b</em></ins></span> and <span
class="removed"><del><strong>hunt
+ for “whales” who can be led to spend a
lot</strong></del></span> <span class="inserted"><ins><em>c</em></ins></span>
of <span class="removed"><del><strong>money. They
+ also use a back door</strong></del></span> <span
class="inserted"><ins><em>the <a
+
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ privacy statement</a>.) The company says it doesn't store this
+ information, but if the state orders it</em></ins></span> to <span
class="removed"><del><strong>manipulate</strong></del></span> <span
class="inserted"><ins><em>get</em></ins></span> the <span
class="removed"><del><strong>game play for specific players.</p>
- <p>While the article describes gratis games, games that cost money
- can use the same tactics.</p>
+ <p>While</strong></del></span> <span
class="inserted"><ins><em>data and hand it
+ over,</em></ins></span> the <span class="removed"><del><strong>article
describes gratis games, games that cost money</strong></del></span> <span
class="inserted"><ins><em>state</em></ins></span> can <span
class="removed"><del><strong>use the same
tactics.</p></strong></del></span> <span class="inserted"><ins><em>store
it.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<!-- #SpywareAtRecreation -->
<div class="big-section">
@@ -1431,22 +2572,56 @@
<div style="clear: left;"></div>
<ul>
- <li><p>Users are suing Bose for
- <a
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
- distributing a spyware app for its headphones</a>.
- Specifically, the app would record the names of the audio files
- users listen to along with the headphone's unique serial number.
+ <li><p>Users are suing Bose for</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201303250">
+ <p id="records-drivers">Proprietary software in
cars</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
+ records information about drivers' movements</a>, which is made
+ available to car manufacturers, insurance companies, and others.</p>
+
+ <p>The case of toll-collection systems, mentioned in this article,
+ is not really</em></ins></span> a <span
class="removed"><del><strong>spyware app for its headphones</a>.
+ Specifically, the app would record the names</strong></del></span> <span
class="inserted"><ins><em>matter</em></ins></span> of <span
class="removed"><del><strong>the audio files
+ users listen to along</strong></del></span> <span
class="inserted"><ins><em>proprietary surveillance. These systems
+ are an intolerable invasion of privacy, and should be
replaced</em></ins></span> with
+ <span class="inserted"><ins><em>anonymous payment systems,
but</em></ins></span> the <span class="removed"><del><strong>headphone's unique
serial number.
</p>
- <p>The suit accuses that this was done without the users' consent.
- If the fine print of the app said that users gave consent for this,
- would that make it acceptable? No way! It should be flat out
+ <p>The suit accuses that this was</strong></del></span> <span
class="inserted"><ins><em>invasion isn't</em></ins></span> done <span
class="removed"><del><strong>without the users' consent.
+ If</strong></del></span> <span class="inserted"><ins><em>by malware. The
+ other cases mentioned are done by proprietary malware in</em></ins></span>
the <span class="removed"><del><strong>fine print of</strong></del></span>
<span class="inserted"><ins><em>car.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInVR">Virtual Reality</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVR">#SpywareInVR</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201612230">
+ <p>VR equipment, measuring every slight motion,
+ creates</em></ins></span> the <span class="removed"><del><strong>app said
that users gave consent</strong></del></span> <span
class="inserted"><ins><em>potential</em></ins></span> for <span
class="removed"><del><strong>this,
+ would that make</strong></del></span> <span
class="inserted"><ins><em>the most intimate
+ surveillance ever. All</em></ins></span> it <span
class="removed"><del><strong>acceptable? No way! It should be flat out
<a href="/philosophy/surveillance-vs-democracy.html">
- illegal to design the app to snoop at all</a>.
- </p>
+ illegal</strong></del></span> <span
class="inserted"><ins><em>takes</em></ins></span> to <span
class="removed"><del><strong>design</strong></del></span> <span
class="inserted"><ins><em>make this potential real <a
+
href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
+ software as malicious as many other programs listed in this
+ page</a>.</p>
+
+ <p>You can bet Facebook will implement</em></ins></span> the <span
class="removed"><del><strong>app to snoop at all</a>.
+ </p></strong></del></span> <span class="inserted"><ins><em>maximum
possible
+ surveillance on Oculus Rift devices. The moral is, never trust a VR
+ system with nonfree software in it.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareOnTheWeb -->
+<span class="removed"><del><strong><!-- #SpywareOnTheWeb
--></strong></del></span>
+
+
<div class="big-section">
<h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
@@ -1460,105 +2635,187 @@
makes no sense to call them “free” or
“proprietary”</a>,
but the surveillance is an abuse all the same.</p>
-<ul>
- <span class="inserted"><ins><em><li><p> The Storyful
- program <a
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
- on the reporters that use it</a>.
- </p></li></em></ins></span>
-
- <li><p>When a page uses Disqus for
- comments, <a
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">the
- proprietary Disqus software loads a Facebook software package into
- the browser of every anonymous visitor to the page, and makes the
- page's URL available to Facebook</a>.
+<span class="removed"><del><strong><ul>
+ <li><p>When</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201805170">
+ <p>The Storyful program <a
+
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
+ on the reporters that use it</a>.</p>
+ </li>
+
+ <li id="M201701060">
+ <p>When</em></ins></span> a page uses Disqus
+ for comments, <span class="removed"><del><strong><a
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">the</strong></del></span>
<span class="inserted"><ins><em>the</em></ins></span> proprietary Disqus
software <span class="removed"><del><strong>loads</strong></del></span> <span
class="inserted"><ins><em><a
+
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads</em></ins></span>
+ a Facebook software package into the browser of every anonymous visitor
+ to the page, and makes the page's URL available to <span
class="removed"><del><strong>Facebook</a>.
</p></li>
- <li><p>Online sales, with tracking and surveillance of
customers, <a
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
- businesses to show different people different prices</a>. Most
- of the tracking is done by recording interactions with
- servers, but proprietary software contributes.</p>
+ <li><p>Online</strong></del></span> <span
class="inserted"><ins><em>Facebook</a>.</p>
</li>
- <li><p><a <span
class="removed"><del><strong>href="http://japandailypress.com/government-warns-agencies-against-using-chinas-baidu-application-after-data-transmissions-discovered-2741553/"></strong></del></span>
<span
class="inserted"><ins><em>href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/"></em></ins></span>
- Baidu's Japanese-input and Chinese-input apps spy on
users.</a></p>
+ <li id="M201612064">
+ <p>Online</em></ins></span> sales, with tracking and surveillance of
customers, <a
+
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
+ businesses to show different people different prices</a>. Most of
+ the tracking is done by recording interactions with servers, but
+ proprietary software contributes.</p>
</li>
- <li><p>Pages that contain “Like” buttons <a <span
class="removed"><del><strong>href="http://www.smh.com.au/technology/technology-news/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html"></em></ins></span>
- enable Facebook to track visitors to those pages</a>—even
- users that don't have Facebook accounts.</p>
+ <span class="removed"><del><strong><li><p><a
href="http://japandailypress.com/government-warns-agencies-against-using-chinas-baidu-application-after-data-transmissions-discovered-2741553/">
+ Baidu's Japanese-input and Chinese-input apps spy on
users.</a></p>
</li>
- <li><p>Many web sites rat their visitors to advertising networks
that track
- users. Of the top 1000 web sites, <a
+ <li><p>Pages that contain “Like” buttons
+ <a
href="http://www.smh.com.au/technology/technology-news/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
+ enable Facebook to track visitors</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201405140">
+ <p><a
+
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
+ Microsoft SkyDrive allows the NSA</em></ins></span> to <span
class="removed"><del><strong>those pages</a>—even
+ users that don't have Facebook accounts.</p></strong></del></span>
<span class="inserted"><ins><em>directly examine users'
+ data</a>.</p></em></ins></span>
+ </li>
+
+ <span
class="removed"><del><strong><li><p>Many</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201210240">
+ <p>Many</em></ins></span> web sites rat their visitors to advertising
+ networks that track users. Of the top 1000 web sites, <a
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
- (as of 5/17/2012) fed their visitors third-party cookies, allowing other
- sites to track them</a>.</p>
+ (as of 5/17/2012) fed their visitors third-party cookies, allowing
+ other sites to track them</a>.</p>
</li>
- <li><p>Many web sites report all their visitors to Google by
using
- the Google Analytics service, which
- <a
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
- tells Google the IP address and the page that was
visited.</a></p>
+ <span
class="removed"><del><strong><li><p>Many</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201208210">
+ <p>Many</em></ins></span> web sites report all their visitors
+ to Google by using the Google Analytics service, which <a
+
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was <span
class="removed"><del><strong>visited.</a></p></strong></del></span>
<span class="inserted"><ins><em>visited</a>.</p></em></ins></span>
</li>
- <li><p>Many web sites try to collect users' address books (the
- user's list of other people's phone numbers or email addresses).
- This violates the privacy of those other people.</p>
+ <span
class="removed"><del><strong><li><p>Many</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201200000">
+ <p>Many</em></ins></span> web sites try to collect users' address
books (the user's list
+ of other people's phone numbers or email addresses). This violates
+ the privacy of those other people.</p>
</li>
- <li><p><a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
- Microsoft SkyDrive allows the NSA to directly examine users'
data</a>.</p>
+ <span class="removed"><del><strong><li><p><a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
+ Microsoft SkyDrive allows the NSA</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201110040">
+ <p>Pages that contain “Like” buttons <a
+
href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
+ enable Facebook</em></ins></span> to <span
class="removed"><del><strong>directly examine users'
data</a>.</p></strong></del></span> <span
class="inserted"><ins><em>track visitors to those pages</a>—even
users
+ that don't have Facebook accounts.</p></em></ins></span>
</li>
</ul>
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items on top under each subsection --></strong></del></span>
+
+
<div class="big-subsection">
- <h4 id="SpywareInFlash">Spyware in JavaScript and Flash</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInFlash">Spyware in
JavaScript and Flash</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInJavaScript">JavaScript</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInFlash">#SpywareInFlash</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInJavaScript">#SpywareInJavaScript</a>)</span></em></ins></span>
</div>
-<ul>
- <li>
- <span class="inserted"><ins><em><p>British Airways
- used <a
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
- JavaScript on its web site to give other companies personal data
- on its customers</a>.</p>
+<span class="removed"><del><strong><ul>
+ <li></strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201807190">
+ <p>British Airways used <a
+
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
+ JavaScript on its web site to give other companies personal data on
+ its customers</a>.</p>
</li>
- <li></em></ins></span>
+ <li id="M201712300"></em></ins></span>
<p>Some JavaScript malware <a
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
swipes usernames from browser-based password managers</a>.</p>
</li>
- <li>
- <p>Some websites send JavaScript code to collect all the user's
- input, <a
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
can then
- be used to reproduce the whole session</a>.</p>
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201712210">
+ <p>Many web sites use JavaScript code <a
+
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
+ to snoop on information that users have typed into a
+ form but not sent</a>, in order to learn their identity. Some are
<a
+
href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
+ getting sued</a> for this.</p>
+ </li>
+
+ <li id="M201711150"></em></ins></span>
+ <p>Some websites send
+ JavaScript code to collect all the user's input, <a
+
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
+ can then be used to reproduce the whole session</a>.</p>
<p>If you use LibreJS, it will block that malicious JavaScript
code.</p>
</li>
- <li><p>Many web sites use JavaScript code <a
+ <span class="removed"><del><strong><li><p>Many web sites
use</strong></del></span>
+<span class="inserted"><ins><em></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInFlash">Flash</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201310110">
+ <p>Flash and</em></ins></span> JavaScript <span
class="removed"><del><strong>code <a
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
to snoop on information that users have typed into a form but not
- sent</a>, in order to learn their identity. Some are <a
+ sent</a>, in order to learn their identity.
Some</strong></del></span> are <span class="removed"><del><strong><a
href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
- getting sued</a> for this.</p>
+ getting sued</a></strong></del></span> <span
class="inserted"><ins><em>used</em></ins></span> for <span
class="removed"><del><strong>this.</p></strong></del></span> <span
class="inserted"><ins><em><a
+
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices</a> to identify
users.</p></em></ins></span>
</li>
- <li><p>Flash Player's
- <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
+ <span
class="removed"><del><strong><li><p>Flash</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201003010">
+ <p>Flash</em></ins></span> Player's <a
+
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
cookie feature helps web sites track visitors</a>.</p>
</li>
- <li><p>Flash and JavaScript are also used for
- <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
- “fingerprinting” devices</a> to identify
users.</p>
+ <span class="removed"><del><strong><li><p>Flash and JavaScript
are also used</strong></del></span>
+<span class="inserted"><ins><em></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInChrome">Chrome</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInChrome">#SpywareInChrome</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201507280">
+ <p>Google Chrome makes it easy</em></ins></span> for <span
class="inserted"><ins><em>an extension to do</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices</a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do
so.</p>
+ </li>
+
+ <li id="M201506180">
+ <p>Google Chrome includes a module that <a
+
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ activates microphones and transmits audio</em></ins></span> to <span
class="removed"><del><strong>identify users.</p></strong></del></span>
<span class="inserted"><ins><em>its
servers</a>.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
<div class="big-subsection">
@@ -1567,18 +2824,24 @@
</div>
<ul>
- <li><p>Google Chrome
- <a
href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
- spies on browser history, affiliations</a>,
- and other installed software.
- </p>
- </li>
- <li><p>Google Chrome contains a key logger that
- <a
href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
+ <li><p>Google</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201308040">
+ <p>Google</em></ins></span> Chrome <a
+ href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
+ spies on browser history, affiliations</a>, and other installed
<span class="removed"><del><strong>software.
+ </p></strong></del></span>
+ <span class="inserted"><ins><em>software.</p></em></ins></span>
+ </li>
+ <span
class="removed"><del><strong><li><p>Google</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M200809060">
+ <p>Google</em></ins></span> Chrome contains a key logger that <a
+ href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
sends Google every URL typed in</a>, one key at a time.</p>
</li>
- <li><p>Google Chrome includes a module that
+ <span class="removed"><del><strong><li><p>Google Chrome includes
a module that
<a
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
activates microphones and transmits audio to its
servers</a>.</p>
</li>
@@ -1586,21 +2849,28 @@
<li><p>Google Chrome makes it easy for an extension to do <a
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
snooping on the user's browsing</a>, and many of them do
so.</p>
- </li>
+ </li></strong></del></span>
</ul>
-<!-- #SpywareInDrones -->
+<span class="removed"><del><strong><!-- #SpywareInDrones
--></strong></del></span>
+
+
+
<div class="big-section">
- <h3 id="SpywareInDrones">Spyware in Drones</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareInDrones">#SpywareInDrones</a>)</span>
+ <h3 <span
class="removed"><del><strong>id="SpywareInDrones">Spyware</strong></del></span>
<span
class="inserted"><ins><em>id="SpywareInNetworks">Spyware</em></ins></span>
in <span class="removed"><del><strong>Drones</h3></strong></del></span>
<span class="inserted"><ins><em>Networks</h3></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInDrones">#SpywareInDrones</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInNetworks">#SpywareInNetworks</a>)</span></em></ins></span>
</div>
<div style="clear: left;"></div>
-<ul>
+<span class="removed"><del><strong><ul>
<li>
<p>While you're using a DJI drone to snoop on other people, DJI is
in many
- cases <a
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p>
+ cases</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+ <li id="M201606030">
+ <p>Investigation Shows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p>
</li>
</ul>
@@ -1613,10 +2883,16 @@
<div style="clear: left;"></div>
<ul>
- <li><p>The natural extension of monitoring people through
+ <li><p>The natural extension</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Using US Companies, NSA To Route Around Domestic Surveillance
+ Restrictions</a>.</p>
+
+ <p>Specifically, it can collect the emails</em></ins></span> of
<span class="removed"><del><strong>monitoring people through
“their” phones is <a
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
- proprietary software to make sure they can't “fool” the
+ proprietary software to make sure</strong></del></span> <span
class="inserted"><ins><em>members of Parliament
+ this way, because</em></ins></span> they <span
class="removed"><del><strong>can't “fool” the
monitoring</a>.</p>
</li>
@@ -1634,19 +2910,26 @@
<ul>
<li><p>VR equipment, measuring every slight motion, creates the
- potential for the most intimate surveillance ever. All it takes
+ potential for the most intimate surveillance ever.
All</strong></del></span> <span
class="inserted"><ins><em>pass</em></ins></span> it <span
class="removed"><del><strong>takes
to make this potential
- real <a
href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
+ real</strong></del></span> <span class="inserted"><ins><em>through
Microsoft.</p>
+ </li>
+
+ <li id="M201212290">
+ <p>The Cisco TNP IP phones are</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
software as malicious as many other programs listed in this
page</a>.</p>
<p>You can bet Facebook will implement the maximum possible
surveillance on Oculus Rift devices. The moral is, never trust a
- VR system with nonfree software in it.</p>
+ VR system with nonfree software in it.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+ spying devices</a>.</p></em></ins></span>
</li>
</ul>
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
@@ -1705,7 +2988,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/08/02 07:32:59 $
+$Date: 2018/10/27 01:58:21 $
<!-- timestamp end -->
</p>
</div>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-surveillance.de.htm...,
GNUN <=