[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary/workshop item-create item-pendi...
From: |
Therese Godefroy |
Subject: |
www/proprietary/workshop item-create item-pendi... |
Date: |
Sat, 27 Oct 2018 11:24:11 -0400 (EDT) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 18/10/27 11:24:10
Added files:
proprietary/workshop: item-create item-pending item-start
list-targets.awk malgen mal.rec README.md
targets.rec
Log message:
Add tools for adding new items to proprietary/, and regenerate malware
lists.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/item-create?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/item-pending?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/item-start?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/list-targets.awk?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/malgen?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/mal.rec?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/README.md?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/workshop/targets.rec?cvsroot=www&rev=1.1
Patches:
Index: item-create
===================================================================
RCS file: item-create
diff -N item-create
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ item-create 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,241 @@
+#!/bin/bash
+
+# item-create reformats a new item, then adds it to mal.rec and to the
+# relevant pages.
+
+# Usage:
+# - Check README.md in this directory if you haven't done so yet.
+# - Write the new item to a file called "item" (item-start can be used
+# as a helper), or use the blank item that has been created by a
+# previous run.
+# - Run item-create without argument.
+#
+# Note: item-create can't be used on an item that has been successfully
+# added. Any further changes should be made in mal.rec, and pages should
+# then be regenerated with malgen.
+
+# Copyright (C) 2018 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+# Written by Therese <address@hidden> and Ineiev.
+
+
+export LC_ALL=en_US.UTF-8
+set -e
+
+temp1=$(mktemp -t mal.XXXXXX) || (echo 1>&2 "Can't make temp1"; exit 1)
+temp2=$(mktemp -t mal.XXXXXX) || (echo 1>&2 "Can't make temp2"; exit 1)
+trap 'rm -f "$temp1" "$temp2"' EXIT
+
+rm -f item.rec item.html mal.rec.temp *.html.temp
+
+## Preliminary checks on 'item'
+
+# List English pages in proprietary/.
+pages=$(ls ../*.html |
+ grep -Ev '\.([[:alpha:]]{2}-)?[[:alpha:]]{2}\.html$' |
+ sed 's,^\.\./,,')
+
+if [ ! -f item ]; then
+ echo 1>&2 "!!! 'item' doesn't exist."
+ sleep 5; exit 1
+elif ! id=$(grep '^Id:' item); then
+ echo 1>&2 "!!! This item doesn't have an Id."
+ sleep 5; exit 1
+elif [ "$id" = 'Id: 200000000' ]; then
+ echo 1>&2 "!!! This item still has the default Id."
+ sleep 5; exit 1
+elif [[ "$files" =~ 'proprietary.html' ]]; then
+ echo 1>&2 "!!! proprietary.html is not a primary target for malware items."
+ sleep 5; exit 1
+fi
+
+files=$(awk '/Target:/ {print $2}' item)
+if [ -z "$(echo $files)" ]; then
+ echo 1>&2 "!!! This item has empty Target field(s). It can't be added
+ anywhere."
+ sleep 5; exit 1
+fi
+
+wrong_files=$(echo "$files" | while read f; do
+ if ! echo "$pages" | grep -q "^$f$"; then
+ echo " $f"
+ fi
+done)
+if [ -n "$wrong_files" ]; then
+ echo 1>&2 "!!! These pages don't exist:
+$wrong_files"
+ sleep 5; exit 1
+fi
+
+## Standardize the format.
+
+# Remove comments, blank lines, linefeeds & leading spaces; unwrap.
+sed '/^$/d; /^#/d' item |
+sed -r ':a /Blurb:.*$/ { N; s,(.+)\n(.+)$,\1 \2,; ba }' |
+sed 's,Blurb: *,Blurb:\n,' > $temp1
+
+# Reformat.
+for tag in p dl dt dd blockquote; do
+ sed -i "s,[ \t]*\(<$tag[^>]*>\)[ \t]*\(.\),\1\2,g" $temp1
+ sed -i "s,[ \t]*</$tag>[ \t]*,</$tag>,g" $temp1
+done
+
+sed -i -e 's,</p>\(<[^/]\),</p>\n\n\1,g' \
+ -e 's,</blockquote><,</blockquote>\n\n<,g' \
+ -e 's,</dl><,\n</dl>\n\n<,g' \
+ -e 's,</dt><dd>,</dt>\n<dd>,g' \
+ -e 's,</dd><dt>,</dd>\n\n<dt>,g' \
+ -e 's,<dl><dt>,<dl>\n<dt>,g' $temp1
+
+for tag in p dl /dl blockquote; do
+ sed -i "s,^<$tag, <$tag," $temp1
+done
+
+for tag in dd dt; do
+ sed -i "s,^<$tag, <$tag," $temp1
+done
+
+# Wrap the text.
+fmt -s -w 76 $temp1 > $temp2
+
+
+## REC version
+
+# Check that the recfile doesn't already have an item with same Id.
+if grep -q "$id" mal.rec; then
+ echo 1>&2 " $id is already in mal.rec."
+else
+
+ # Convert item to rec format.
+ sed -e '/^Blurb:/ {N; s,\n[ ]\+<, <,}' \
+ -e 's,^ ,+,' \
+ -e 's,^$,+,' $temp2 > item.rec
+
+ # Create the 'Added' field.
+ today=$(date +'%Y-%m-%d')
+ sed -i "/^Id:/ s,^,\\nAdded: $today\\n", item.rec
+
+ # Add the item to the recfile, but don't make this permanent before
+ # checking HTML addition.
+ sed '/^# ADD NEW BLURB HERE/r item.rec' mal.rec > mal.rec.temp
+ if ! grep -q "$id" mal.rec.temp; then
+ echo 1>&2 "!!! $id couldn't be added to mal.rec."
+ sleep 5; exit 2
+ fi
+fi
+
+
+## HTML version
+
+# Tweak the format.
+
+sed -r '
+1 s,Id:[ \t]([0-9]{9}).*$, <li id="M\1">,
+2,/^Blurb/d
+$ a\
+ </li>\n
+/^Added:/d
+' $temp2 > item.html
+
+# Add the item to the relevant pages.
+
+error_html=""
+for f in $files proprietary.html; do
+ # Check that the page doesn't already have an item with same Id.
+ it=$(grep '<li id="M20' item.html)
+ if grep -q "$it" ../$f; then
+ echo "$it is already in $f."
+
+ else
+ # Check the target.
+ target=$(awk "/$f/"'{ print $3 }' item)
+ # If no target id is specified, make sure the page only has one list.
+ # Get the id for the second list.
+ t2=$(awk 'BEGIN { RS = "" }'"/$f/"'{ print $5 }' targets.rec)
+
+ # If there is one, the item can't be added. Switch error warning.
+ if [ -z "$target" ] && [ -n "$t2" ]; then
+ error_html=1
+ echo 1>&2 "!!! $f: A target id should be specified."
+
+ else
+ # Otherwise, use the first target id.
+ if [ -z "$target" ]; then
+ target=$(awk 'BEGIN { RS = "" }'"/$f/"'{ print $4 }' targets.rec)
+ # Add it to the Target field in mal.rec. This keeps the
+ # regeneration script (malgen) simpler.
+ sed -i "s,Target:[ \t]*$f[ \t]*$,Target: $f $target," mal.rec.temp
+ fi
+
+ # Add the item.
+ sed "/id=.$target./,/class=\"blurbs\"/ {
+ /class=\"blurbs\"/r item.html
+ }" ../$f > $f.temp
+ # If addition fails, switch error warning.
+ number=$(grep -c "$it" $f.temp) || true
+ if [ "$number" -ne "1" ]; then
+ error_html=1
+ echo 1>&2 "!!! $f:$it couldn't be added. Wrong target id?"
+ fi
+ fi
+ fi
+done
+
+# If any additions failed, quit.
+if [ -n "$error_html" ]; then
+ sleep 5; exit 2
+
+# Otherwise, make additions permanent and report what was done.
+else
+ for f in $files proprietary.html; do
+ [ -f $f.temp ] && (mv $f.temp ../$f
+ echo "*** $it was added to $f")
+ done
+ [ -f mal.rec.temp ] && (mv mal.rec.temp mal.rec
+ echo "*** $id was added to mal.rec.")
+ # Make sure the added item isn't going to be reused for creating
+ # another one.
+ cp item item-old
+ cp item-start item
+fi
+
+
+# RT #1328973.
+
+# Get the number of items, and approximate it to the nearest 50.
+item_count=$(grep -Ec 'Id: 20[0-9]{6}[048]' mal.rec )
+i=$((item_count/50))
+i=$((i*50))
+d=$((item_count%50))
+if [ $d -ge 25 ]; then
+ i=$(($i+50))
+fi
+
+# Get the number of links, and approximate it to the lower 50.
+link_count=$(sed -rn '
+/href="http/ {
+ s,^.*href="https?://([^">]+)/?">.*$,\1,;
+ p
+} ' mal.rec | sort | uniq | wc -l)
+l=$((link_count/50))
+l=$((l*50))
+
+# Update item and link count in proprietary.html and
+# free-software-even-more-important.html.
+month=$(date +'%B, %Y')
+sed -i "
+s|As of .*, the pages in this directory list .*$|As of $today, the pages in
this directory list around $i|
+s|functionalities (with .* references|functionalities (with more than $l
references|
+" ../proprietary.html
+
+sed -i "
+s|That directory lists around .* different|That directory lists around $i
different|
+s|malicious functionalities (as of .*),|malicious functionalities (as of
$month),|
+" ../../philosophy/free-software-even-more-important.html
+
+exit 0
Index: item-pending
===================================================================
RCS file: item-pending
diff -N item-pending
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ item-pending 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1 @@
+RT #1327599: proprietary-sabotage - Oct 10, 2018
Index: item-start
===================================================================
RCS file: item-start
diff -N item-start
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ item-start 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,12 @@
+# The README file in this directory has explanations on what to write
+# in each field.
+#
+Id: 200000000
+RT:
+PubDate: 2000-00-00
+Target:
+Keywords:
+Blurb:
+<p>Start writing here.</p>
+
+<p>Dont forget to use entities: “ &lrquo; & &nsp; etc.</p>
Index: list-targets.awk
===================================================================
RCS file: list-targets.awk
diff -N list-targets.awk
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ list-targets.awk 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,41 @@
+#!/usr/bin/awk
+
+# List targets for malware items (specific id's on <h?> or <div>) for
+# each page of proprietary/
+
+# Copyright (C) 2018 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+# Written by Ineiev <address@hidden>.
+
+
+BEGIN { target_no = 0; have_list = 0 }
+/<h[23456]/ || /<div[ \t]*class[ \t]*=[ \t]*"column-limit"/ {
+ target_no++
+ idx = match($0, /id[ \t]*=[ \t]*('[^>]*'|"[^>]*")/)
+ if (idx)
+ {
+ sub(/.*<(div|h[23456])[^>]*id[ \t]*=[ \t]*/, "")
+ q = substr($0, 1, 1)
+ name = substr($0, 2)
+ idx = index(name, q)
+ name = substr(name, 1, idx - 1)
+ target_name = name
+ }
+ have_list = 0
+}
+/<ul class[ \t]*=[ \t]*"blurbs"/ {
+ if (target_name == "")
+ # Unnamed target, identified by number.
+ target_name = "@" target_no
+ if (have_list)
+ print "Multiple blurb lists in target No " target_no \
+ " '" target_name "'" >> "/dev/stderr"
+ target_names = target_names " " target_name
+ have_list = 1
+}
+END { print substr(target_names, 2) }
Index: malgen
===================================================================
RCS file: malgen
diff -N malgen
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ malgen 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,143 @@
+#!/bin/bash
+
+# malgen regenerates lists in malware pages from mal.rec.
+
+# Usage: malgen [page1 page2 ...]
+# e.g., malgen malware-microsoft.html proprietary-inferference.html
+
+# The script processes all pages when no argument is given.
+
+# Copyright (C) 2018 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+# Written by Therese <address@hidden> and Ineiev.
+
+
+set -e
+
+# Sort mal.rec by descending Id.
+function sort_recfile () {
+ awk '!/^Added/ { print }' mal.rec |
+ awk 'BEGIN {
+ RS=""; ORS="\n\n"; FS="\n"
+ PROCINFO["sorted_in"]="@ind_str_desc"
+ }
+ /Id: / { a[$1]=$0 }
+ END {
+ for(i in a) { print a[i] }
+ }' > $sorted
+}
+
+function update_targets () {
+ # List English pages in proprietary/.
+ pages=$(ls ../*.html |
+ grep -Ev '\.([[:alpha:]]{2}-)?[[:alpha:]]{2}\.html$' |
+ sed 's,^\.\./,,')
+ # Create the new Targets record.
+ for p in $pages; do
+ targets=$(awk -f list-targets.awk ../$p)
+ if test -n "$targets"; then
+ echo -e "\nPage: $p\nTargets: $targets" >> $temp1
+ fi
+ done
+ # Replace the old one.
+ sed -i '/^Page:/,$d
+ /%type: Targets/r'"$temp1" targets.rec
+}
+
+function rec2html () {
+# Converts the blurbs to HTML.
+ sed '$ { /^$/d }' $temp1 > $temp2
+ sed -r '/^[-0-9]+$/d' $temp2 |
+ sed '/^Id:/,/^Blurb:/ { /^Id:/p; /^Blurb:/p; d }' |
+ sed -r 's,^Id:[ \t]*([0-9]{9}).*$, <li id="M\1">,
+ s,^$, </li>\n,
+ s,^Blurb:[ \t]*, ,
+ s,^\+, ,
+ s,^[ \t]*$,,
+ $s,$,\n </li>\n</ul>,' > $temp1
+}
+
+function insert_list () {
+ sed "/id=.$t./,/<\/ul>/ {
+ /id=.$t./,/<ul class=\"blurbs\">/p
+ /class=\"blurbs\"/r $temp1
+ d
+ }" $out > $f.temp && mv $f.temp $out
+}
+
+
+# List English pages in proprietary/.
+pages=$(ls ../*.html |
+ grep -Ev '\.([[:alpha:]]{2}-)?[[:alpha:]]{2}\.html$' |
+ sed 's,^\.\./,,')
+
+if [ $# = 0 ]; then
+ input="$pages"
+else
+ input="$(while [ $# -gt 0 ]; do echo $1; shift; done)"
+ wrong_args=$(echo "$input" | while read arg; do
+ if ! echo "$pages" | grep -q "^$arg$"; then
+ echo "'$arg'"
+ fi
+ done)
+ if [ -n "$wrong_args" ]; then
+ echo 1>&2 "These pages don't exist:" $wrong_args
+ exit 1
+ fi
+fi
+
+# Create a temporary file.
+temp1=$(mktemp -t mal.XXXXXX) || (echo 1>&2 "Can't make temp1"; exit 1)
+temp2=$(mktemp -t mal.XXXXXX) || (echo 1>&2 "Can't make temp2"; exit 1)
+sorted=$(mktemp -t mal.XXXXXX) || (echo 1>&2 "Can't make temp2"; exit 1)
+trap 'rm -f "$temp1" "$temp2""$sorted"' EXIT
+
+sort_recfile
+update_targets
+
+for f in $input; do
+ out=../$f
+ echo $f
+ # List all possible targets.
+ targets=$(awk 'BEGIN { RS = ""; FS="\nTargets: " }'"
+ /$f/"'{$1=""; print $0}' targets.rec)
+
+ for t in $targets; do
+ if [ "$f" != 'proprietary.html' ]; then
+
+ awk 'BEGIN { RS=""; ORS="\n\n"; FS="\n" }
+ /Target: '"$f[ \t]+$t"'/ { print }' $sorted > $temp1
+
+ if [ -s $temp1 ]; then
+ rec2html
+ insert_list
+ else
+ echo 1>&2 "!!! No item was found for $f#$t."
+ fi
+
+ else
+ # List 5 recently added items. Sort by descending date.
+ awk 'BEGIN {
+ RS="\n\nAdded: "; FS="\n\n"; ORS="\n\n"
+ PROCINFO["sorted_in"]="@ind_str_desc"
+ }
+ !/^#/ && !/^%/ { a[$1]=$1 }
+ END {
+ n=1
+ for(i in a) {
+ if ( n <= 5 ) { print a[i]; n++ }
+ }
+ }' mal.rec > $temp1
+ rec2html
+ insert_list
+ fi
+ done
+done
+
+sleep 5
+exit 0
Index: mal.rec
===================================================================
RCS file: mal.rec
diff -N mal.rec
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ mal.rec 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,4698 @@
+# This is the source file for malware examples in
+# https://www.gnu.org/proprietary/
+
+# Copyright (C) 2018 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+%rec: Item
+%doc: Items in /proprietary/proprietary-*.html
+%key: Id
+%unique: Added Keywords Blurb
+%mandatory: Blurb
+%mandatory: Target
+%type: Added range -20300000 -20000000
+%type: Id range -203000000 -200000000
+%type: RT int
+
+# the fields "Added" (if any) and "Id" should come first, in this order.
+# Each line within a blurb should start with a + sign, including blank
+# lines.
+
+#### Please don't remove the blank line after this marker! ####
+# ADD NEW BLURB HERE
+
+Added: 2018-10-26
+Id: 201810230
+RT: 1331724
+PubDate: 2018-10-23
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-cars.html malware-cars
+Keywords:
+Blurb: <p>GM <a
++ href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
++ tracked the choices of radio programs</a> in its
++ “connected” cars, minute by minute.</p>
++
++ <p>GM did not get users' consent, but it could have got that easily by
++ sneaking it into the contract that users sign for some digital service
++ or other. A requirement for consent is effectively no protection.</p>
++
++ <p>The cars can also collect lots of other data: listening to you,
++ watching you, following your movements, tracking passengers' cell
++ phones. <em>All</em> such data collection should be forbidden.</p>
++
++ <p>But if you really want to be safe, we must make sure the car's
++ hardware cannot collect any of that data, or that the software
++ is free so we know it won't collect any of that data.</p>
+
+Added: 2018-10-22
+Id: 201810150
+RT: 1330514
+PubDate: 2018-10-15
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Keywords:
+Blurb: <p>Printer manufacturers are very innovative—at blocking the
++ use of independent replacement ink cartridges. Their “security
++ upgrades” occasionally impose new forms of cartridge DRM. <a
++
href="https://motherboard.vice.com/en_us/article/pa98ab/printer-makers-are-crippling-cheap-ink-cartridges-via-bogus-security-updates">
++ HP and Epson have done this</a>.</p>
+
+Id: 201502100
+Target: malware-mobiles.html phone-communications
+PubDate: 2015-02-10
+Keywords: network spying
+Blurb: <p>The phone network <a
++ href="https://ssd.eff.org/en/module/problem-mobile-phones">
++ tracks the movements of each phone</a>.</p>
++
++ <p>This is inherent in the design of the phone network: as long as
++ the phone is in communication with the network, there is no way
++ to stop the network from recording its location. Many countries
++ (including the US and the EU) require the network to store all
++ these location data for months or years.</p>
+
+Id: 201311121
+Target: malware-mobiles.html phone-communications
+PubDate: 2006-12-05
+PubDate: 2013-11-12
+PubDate: 2013-07-22
+Keywords: communication processor backdoor
+Blurb: <p id="universal-back-door">
++ Almost every phone's communication processor has
++ a universal back door which is <a
++
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
++ often used to make a phone transmit all conversations it hears</a>.</p>
++
++ <p>The back door <a class="not-a-duplicate"
++
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
++ may take the form of bugs that have gone 20 years unfixed</a>.
++ The choice to leave the security holes in place is morally
++ equivalent to writing a back door.</p>
++
++ <p>The back door is in the “modem processor”, whose
++ job is to communicate with the radio network. In most phones,
++ the modem processor controls the microphone. In most phones it
++ has the power to rewrite the software for the main processor
++ too.</p>
++
++ <p>A few phone models are specially designed so that the modem
++ processor does not control the microphone, and so that it can't
++ change the software in the main processor. They still have the
++ back door, but at least it is unable to turn the phone unto a
++ listening device.</p>
++
++ <p>The universal back door is apparently also used to make phones <a
++
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
++ transmit even when they are turned off</a>. This means their movements
++ are tracked, and may also make the listening feature work.</p>
+
+Added: 2018-10-11
+Id: 201805080
+Target: proprietary-interference.html proprietary-interference
+Target: malware-webpages.html malware-webpages
+RT: 1324225
+PubDate: 2018-05-08
+PubDate: 2018-02-16
+Keywords: cryptocurrency mining
+Blurb: <p>A cracker used an exploit in outdated software to <a
++
href="https://www.pcmag.com/news/360968/400-websites-secretly-served-cryptocurrency-miners-to-visito">
++ inject a “miner” in web pages</a> served to visitors. This
++ type of malware hijacks the computer's processor to mine a
++ cryptocurrency. (Note that the article refers to the infected software
++ as “content management system”. A better term would be
++ “<a href="/philosophy/words-to-avoid.html#Content">website
++ revision system</a>”.)</p>
++
++ <p>Since the miner was a nonfree JavaScript program,
++ visitors wouldn't have been affected if they had used <a
++ href="/software/librejs/index.html">LibreJS</a>. Some
++ browser extensions that <a
++
href="https://www.cnet.com/how-to/how-to-stop-sites-from-using-your-cpu-to-mine-coins/">
++ specifically block JavaScript miners</a> are also available.</p>
+
+Added: 2018-10-11
+Id: 201807310
+Target: proprietary-interference.html proprietary-interference
+Target: malware-games.html malware-games
+RT: 1324225
+PubDate: 2018-07-31
+Keywords: cryptocurrency mining
+Blurb: <p>A nonfree video game, available through the nonfree Steam client, <a
++
href="https://www.extremetech.com/gaming/274552-great-now-games-are-hijacking-systems-with-">
++ included a “miner”</a>, i.e. an executable that hijacks
++ the CPU in users' computers to mine a cryptocurrency.</p>
+
+Added: 2018-10-01
+Id: 201809260
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2018-09-26
+Keywords: honeywell
+Blurb: <p>Honeywell's “smart” thermostats communicate
++ only through the company's server. They have
++ all the nasty characteristics of such devices: <a
++
href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9">
++ surveillance, and danger of sabotage</a> (of a specific user, or of
++ all users at once), as well as the risk of an outage (which is what
++ just happened).</p>
++
++ <p>In addition, setting the desired temperature requires running
++ nonfree software. With an old-fashioned thermostat, you can do it
++ using controls right on the thermostat.</p>
+
+Added: 2018-09-25
+Id: 201809240
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2018-09-24
+Keywords: alexa siri voice-control
+Blurb: <p>Researchers have discovered how to <a
++
href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
++ hide voice commands in other audio</a>, so that people cannot hear
++ them, but Alexa and Siri can.</p>
+
+Added: 2018-09-22
+Id: 201809140
+Target: malware-google.html back-doors
+Target: proprietary-back-doors.html alter-data
+PubDate: 2018-09-14
+Keywords: android
+Blurb: <p>Android has a <a
++
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
++ back door for remotely changing “user” settings</a>.</p>
++
++ <p>The article suggests it might be a universal back door, but this
++ isn't clear.</p>
+
+Added: 2018-09-18
+Id: 201809120
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2018-09-12
+Keywords: windows
+Blurb: <p>One version of Windows 10 <a
++
href="https://www.ghacks.net/2018/09/12/microsoft-intercepting-firefox-chrome-installation-on-windows-10/">
++ harangues users if they try to install Firefox (or Chrome)</a>.</p>
+
+Id: 201809070
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2018-09-07
+Keywords:
+Blurb: <p>Adware Doctor, an ad blocker for MacOS, <a
++
href="https://motherboard.vice.com/en_us/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
++ the user's browsing history</a>.</p>
+
+Id: 201808120
+Target: proprietary-surveillance.html SpywareAtHome
+Target: malware-amazon.html echo-surveillance
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2018-08-12
+Keywords:
+Blurb: <p>Crackers found a way to break the security of an Amazon device,
++ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
++ turn it into a listening device</a> for them.</p>
++
++ <p>It was very difficult for them to do this. The job would be much
++ easier for Amazon. And if some government such as China or the US
++ told Amazon to do this, or cease to sell the product in that country,
++ do you think Amazon would have the moral fiber to say no?</p>
++
++ <p>These crackers are probably hackers too, but please <a
++ href="https://stallman.org/articles/on-hacking.html"> don't use
++ “hacking” to mean “breaking security”</a>.</p>
+
+Id: 201808030
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInMobileApps
+PubDate: 2018-08-03
+Keywords: android
+Blurb: <p>Some Google apps on Android <a
++
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
++ record the user's location even when users disable “location
++ tracking”</a>.</p>
++
++ <p>There are other ways to turn off the other kinds of location
++ tracking, but most users will be tricked by the misleading control.</p>
+
+Id: 201807260
+Target: proprietary-surveillance.html SpywareOnWearables
+PubDate: 2018-07-26
+Keywords: clothes
+Blurb: <p>Tommy Hilfiger clothing <a
++
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
++ monitor how often people wear it</a>.</p>
++
++ <p>This will teach the sheeple to find it normal that companies
++ monitor every aspect of what they do.</p>
+
+Id: 201807190
+Target: proprietary-surveillance.html SpywareInJavaScript
+Target: malware-webpages.html malware-webpages
+PubDate: 2018-07-19
+Keywords:
+Blurb: <p>British Airways used <a
++
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
++ JavaScript on its web site to give other companies personal data on
++ its customers</a>.</p>
+
+Id: 201807100
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2018-07-10
+Keywords: voice-control
+Blurb: <p>Siri, Alexa, and all the other voice-control systems can be <a
++
href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa">
++ hijacked by programs that play commands in ultrasound that humans
++ can't hear</a>.</p>
+
+Id: 201807050
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2018-07-05
+Keywords: apps
+Blurb: <p>The Jawbone fitness tracker was tethered to a proprietary phone
++ app. In 2017, the company shut down and made the app stop working. <a
++
href="https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which">All
++ the existing trackers stopped working forever</a>.</p>
++
++ <p>The article focuses on a further nasty fillip, that sales of the
++ broken devices continued. But I think that is a secondary issue;
++ it made the nasty consequences extend to some additional people.
++ The fundamental wrong was to design the devices to depend on something
++ else that didn't respect users' freedom.</p>
+
+Id: 201807020
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2018-07-02
+Keywords: samsung
+Blurb: <p>Some Samsung phones randomly <a
++
href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send
++ photos to people in the owner's contact list</a>.</p>
+
+Id: 201806250
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-games.html malware-games
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2018-06-25
+Keywords: macos
+Blurb: <p>The game Metal Gear Rising for
++ MacOS was tethered to a server. The company <a
++
href="http://www.gamerevolution.com/news/400087-metal-gear-rising-mac-unplayable-drm">
++ shut down the server, and all copies stopped working</a>.</p>
+
+Id: 201806240
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2018-06-24
+Keywords: red-shell
+Blurb: <p>Red Shell is a spyware that
++ is found in many proprietary games. It <a
++
href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
++ tracks data on users' computers and sends it to third parties</a>.</p>
+
+Id: 201806110
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2018-06-11
+Keywords:
+Blurb: <p>The Spanish football streaming app <a
++
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
++ the user's movements and listens through the microphone</a>.</p>
++
++ <p>This makes them act as spies for licensing enforcement.</p>
++
++ <p>I expect it implements DRM, too—that there is no way to save
++ a recording. But I can't be sure from the article.</p>
++
++ <p>If you learn to care much less about sports, you will benefit in
++ many ways. This is one more.</p>
+
+Id: 201805310
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2018-05-31
+Keywords: telegram apps ithings
+Blurb: <p>Apple has <a
++
href="https://www.theverge.com/2018/5/31/17412396/telegram-apple-app-store-app-updates-russia">blocked
++ Telegram from upgrading its app for a month</a>.</p>
++
++ <p>This evidently has to do with Russia's command to Apple to block
++ Telegram in Russia.</p>
++
++ <p>The Telegram client is free software on other platforms, but not on
++ iThings. Since <a href="/proprietary/proprietary-jails.html#apple">they
++ are jails</a>, they don't permit any app to be free software.</p>
+
+Id: 201805170
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2018-05-17
+Keywords: storyful
+Blurb: <p>The Storyful program <a
++
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
++ on the reporters that use it</a>.</p>
+
+Id: 201804180
+Target: proprietary-interference.html proprietary-interference
+PubDate: 2018-04-18
+Keywords: pearson
+Blurb: <p>Pearson's proprietary educational software <a
++
href="https://gizmodo.com/pearson-embedded-a-social-psychological-experiment-in-s-1825367784">
++ did an experiment on real students</a>, treating students differently
++ to observe the results.</p>
+
+Id: 201804160
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2018-04-16
+Keywords: android
+Blurb: <p>More than <a
++
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
++ of the 5,855 Android apps studied by researchers were found to snoop
++ and collect information about its users</a>. 40% of the apps were
++ found to insecurely snitch on its users. Furthermore, they could
++ detect only some methods of snooping, in these proprietary apps whose
++ source code they cannot look at. The other apps might be snooping
++ in other ways.</p>
++
++ <p>This is evidence that proprietary apps generally work against
++ their users. To protect their privacy and freedom, Android users
++ need to get rid of the proprietary software—both proprietary
++ Android by <a href="https://replicant.us">switching to Replicant</a>,
++ and the proprietary apps by getting apps from the free software
++ only <a href="https://f-droid.org/">F-Droid store</a> that <a
++ href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
++ the user if an app contains anti-features</a>.</p>
+
+Id: 201804144
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2018-04-14
+Keywords: arenanet
+Blurb: <p>ArenaNet surreptitiously installed a spyware
++ program along with an update to the massive
++ multiplayer game Guild War 2. The spyware allowed ArenaNet <a
++
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
++ to snoop on all open processes running on its user's computer</a>.</p>
+
+Id: 201804140
+Target: proprietary-surveillance.html SpywareAtHome
+Target: malware-appliances.html malware-appliances
+PubDate: 2018-04-14
+Keywords: toothbrush
+Blurb: <p>A medical insurance company <a
++
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
++ offers a gratis electronic toothbrush that snoops on its user by
++ sending usage data back over the Internet</a>.</p>
+
+Id: 201804020
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2018-04-02
+Keywords:
+Blurb: <p>Grindr collects information about <a
++
href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
++ which users are HIV-positive, then provides the information to
++ companies</a>.</p>
++
++ <p>Grindr should not have so much information about its users.
++ It could be designed so that users communicate such info to each
++ other but not to the server's database.</p>
+
+Id: 201804010
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+Target: proprietary-back-doors.html install-delete
+PubDate: 2018-04-01
+Keywords: sony
+Blurb: <p>Some “Smart” TVs automatically <a
++
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
++ load downgrades that install a surveillance app</a>.</p>
++
++ <p>We link to the article for the facts it presents. It
++ is too bad that the article finishes by advocating the
++ moral weakness of surrendering to Netflix. The Netflix app <a
++ href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
++ malware too</a>.</p>
+
+Id: 201803300
+Target: malware-apple.html incompatibility
+Target: proprietary-incompatibility.html proprietary-incompatibility
+PubDate: 2018-03-30
+Keywords: macos ios
+Blurb: <p>In MacOS and iOS, the procedure for <a
++
href="https://support.apple.com/guide/photos/export-photos-videos-and-slideshows-pht6e157c5f/mac">
++ converting images from the Photos format</a> to a free format is so
++ tedious and time-consuming that users just give up if they have a
++ lot of them.</p>
+
+Id: 201803190
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2018-03-19
+Keywords: windows
+Blurb: <p>Microsoft is planning to make Windows <a
++
href="https://www.theguardian.com/technology/2018/mar/19/windows-10-microsoft-force-people-edge-browser-windows-mail-chrome-firefox">
++ impose use of its browser, Edge, in certain circumstances</a>.</p>
++
++ <p>The reason Microsoft can force things on users is that Windows
++ is nonfree.</p>
+
+Id: 201803050
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2018-03-05
+Keywords:
+Blurb: <p>The moviepass app and dis-service
++ spy on users even more than users expected. It <a
++
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
++ where they travel before and after going to a movie</a>.</p>
++
++ <p>Don't be tracked—pay cash!</p>
+
+Id: 201802120
+Target: malware-appliances.html malware-appliances
+Target: malware-apple.html incompatibility
+Target: proprietary-incompatibility.html proprietary-incompatibility
+PubDate: 2018-02-12
+Keywords: homepod
+Blurb: <p>Apple devices lock users in <a
++
href="https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347">
++ solely to Apple services</a> by being designed to be incompatible
++ with all other options, ethical or unethical.</p>
+
+Id: 201712300
+Target: proprietary-surveillance.html SpywareInJavaScript
+Target: malware-webpages.html malware-webpages
+PubDate: 2017-12-30
+Keywords:
+Blurb: <p>Some JavaScript malware <a
++
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
++ swipes usernames from browser-based password managers</a>.</p>
+
+Id: 201712240
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-12-24
+Keywords: stings
+Blurb: <p>One of the dangers of the “internet of stings”
++ is that, if you lose your internet service, you also <a
++
href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/">
++ lose control of your house and appliances</a>.</p>
++
++ <p>For your safety, don't use any appliance with a connection to the
++ real internet.</p>
+
+Id: 201712210
+Target: proprietary-surveillance.html SpywareInJavaScript
+Target: malware-webpages.html malware-webpages
+PubDate: 2017-06-20
+PubDate: 2017-12-21
+Keywords:
+Blurb: <p>Many web sites use JavaScript code <a
++
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
++ to snoop on information that users have typed into a
++ form but not sent</a>, in order to learn their identity. Some are <a
++
href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
++ getting sued</a> for this.</p>
+
+Id: 201712130
+Target: potential-malware.html potential-malware
+PubDate: 2017-12-13
+Keywords: google amazon ai
+Blurb: <p>Patent applications show that Google and Amazon are interested in <a
++
href="http://www.consumerwatchdog.org/privacy-technology/home-assistant-adopter-beware-google-amazon-digital-assistant-patents-reveal">
++ making “digital assistants” study people's activities to
++ learn all about them</a>.</p>
++
++ <p>AI programs would understand what people say to each other,
++ observe the clothing they wear and the objects they carry (including
++ the marketing messages on them), and use sound to track people's
++ activities, including in the toilet or in bed.</p>
++
++ <p>It should be illegal to have such a device in your apartment
++ without getting signed consent from the people that live in the other
++ appartments in the building.</p>
+
+Id: 201712110
+Target: proprietary-surveillance.html SpywareInWindows
+PubDate: 2017-12-11
+Keywords: hp
+Blurb: <p>HP's proprietary operating system <a
++ href="http://www.bbc.com/news/technology-42309371">includes a
++ proprietary keyboard driver with a key logger in it</a>.</p>
+
+Added: 2018-09-15
+Id: 201712060
+Target: proprietary-interference.html proprietary-interference
+Target: malware-games.html malware-games
+PubDate: 2017-12-06
+Keywords: addiction
+Blurb: <p>Learn how <a
++
href="https://www.huffingtonpost.com/joseph-farrell/the-fascinating-psycholog_b_6076502.html">
++ gratis-to-play-and-not-win-much games manipulate their useds
++ psychologically</a>.</p>
++
++ <p>These manipulative behaviors are malicious functionalities, and they
++ are possible because the game is proprietary. If it were free, people
++ could publish a non-manipulative version and play that instead.</p>
+
+Id: 201711250
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2017-11-25
+Keywords:
+Blurb: <p>The DMCA and the EU Copyright Directive make it <a
++ href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
++ illegal to study how iOS cr…apps spy on users</a>, because
++ this would require circumventing the iOS DRM.</p>
+
+Id: 201711244
+Target: proprietary-surveillance.html SpywareInToys
+Target: proprietary-back-doors.html universal
+PubDate: 2017-11-24
+Keywords: hasbro furby apps
+Blurb: <p>The Furby Connect has a <a
++
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
++ universal back door</a>. If the product as shipped doesn't act as a
++ listening device, remote changes to the code could surely convert it
++ into one.</p>
+
+Id: 201711240
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-11-24
+Keywords: android
+Blurb: <p>Tracking software in popular Android apps
++ is pervasive and sometimes very clever. Some trackers can <a
++
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
++ follow a user's movements around a physical store by noticing WiFi
++ networks</a>.</p>
+
+Id: 201711230
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-mobiles.html surveillance
+Target: malware-cars.html malware-cars
+PubDate: 2017-11-23
+Keywords: ai
+Blurb: <p>AI-powered driving apps can <a
++
href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
++ track your every move</a>.</p>
+
+Id: 201711210
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2017-11-21
+Keywords:
+Blurb: <p>Android tracks location for Google <a
++
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
++ even when “location services” are turned off, even when
++ the phone has no SIM card</a>.</p>
+
+Id: 201711204
+Target: proprietary-back-doors.html other
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-11-20
+Keywords: intel
+Blurb: <p>Intel's intentional “management engine” back door has <a
++
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
++ unintended back doors</a> too.</p>
+
+Id: 201711200
+Target: malware-appliances.html malware-appliances
+Target: malware-amazon.html misc
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-11-20
+Keywords:
+Blurb: <p>Amazon recently invited consumers to be suckers and <a
++
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
++ allow delivery staff to open their front doors</a>. Wouldn't you know
++ it, the system has a grave security flaw.</p>
+
+Id: 201711150
+Target: proprietary-surveillance.html SpywareInJavaScript
+Target: malware-webpages.html malware-webpages
+PubDate: 2017-11-15
+Keywords:
+Blurb: <p>Some websites send
++ JavaScript code to collect all the user's input, <a
++
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
++ can then be used to reproduce the whole session</a>.</p>
++
++ <p>If you use LibreJS, it will block that malicious JavaScript
++ code.</p>
+
+Id: 201711100
+Target: proprietary-surveillance.html SpywareInToys
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-11-10
+Keywords:
+Blurb: <p>A remote-control sex toy was found to make <a
++
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
++ recordings of the conversation between two users</a>.</p>
+
+Id: 201711080
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2017-11-08
+Keywords: logitech
+Blurb: <p>Logitech will sabotage
++ all Harmony Link household control devices by <a
++
href="https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/">
++ turning off the server through which the products' supposed owners
++ communicate with them</a>.</p>
++
++ <p>The owners suspect this is to pressure them to buy a newer model. If
++ they are wise, they will learn, rather, to distrust any product that
++ requires users to talk with them through some specialized service.</p>
+
+Id: 201711070
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2017-11-07
+Keywords: keyboard
+Blurb: <p>The driver for a certain gaming keyboard <a
++
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
++ information to China</a>.</p>
+
+Id: 201711010
+Target: proprietary-subscriptions.html proprietary-subscriptions
+Target: proprietary-tethers.html proprietary-tethers
+Target: proprietary-back-doors.html universal
+PubDate: 2017-11-01
+Keywords: sony aibo
+Blurb: <p>Sony has brought back its robotic pet Aibo, this time <a
++
href="https://motherboard.vice.com/en_us/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet">
++ with a universal back door, and tethered to a server that requires
++ a subscription</a>.</p>
+
+Id: 201710134
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2017-10-13
+Keywords:
+Blurb: <p>Windows 10 telemetry program sends information to Microsoft about
++ the user's computer and their use of the computer.</p>
++
++ <p>Furthermore, for users who installed the
++ fourth stable build of Windows 10, called the
++ “Creators Update,” Windows maximized the surveillance <a
++
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
++ by force setting the telemetry mode to “Full”</a>.</p>
++
++ <p>The <a
++
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
++ “Full” telemetry mode</a> allows Microsoft Windows
++ engineers to access, among other things, registry keys <a
++ href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
++ can contain sensitive information like administrator's login
++ password</a>.</p>
+
+Id: 201710130
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2017-10-13
+Keywords: censorship
+Blurb: <p>Apple is <a
++
href="https://www.eff.org/deeplinks/2017/10/iranian-hardliners-want-isolated-internet">
++ censoring apps for the US government too</a>. Specifically, it is
++ deleting apps developed by Iranians.</p>
++
++ <p>The root of these wrongs are in Apple. If Apple had not designed
++ the iMonsters to let Apple censor applications, Apple would not have
++ had the power to stop users from installing whatever kind of apps.</p>
+
+Id: 201710044
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2017-10-04
+Keywords: macos
+Blurb: <p>MacOS High Sierra forcibly reformats SSD boot drives, and <a
++
href="https://www.macworld.com/article/3230498/storage/apple-file-system-apfs-faq.html">
++ changes the file system from HFS+ to APFS</a>, which cannot be
++ accessed from GNU/Linux, Windows or even older versions of MacOS.</p>
+
+Id: 201710041
+Target: proprietary-subscriptions.html proprietary-subscriptions
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2017-10-04
+Keywords: Canary appliances
+Blurb: <p>The Canary home surveillance
++ camera has been sabotaged by its manufacturer, <a
++
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
++ turning off many features unless the user starts paying for a
++ subscription</a>.</p>
++
++ <p>With manufacturers like these, who needs security breakers?</p>
++
++ <p>The purchasers should learn the larger lesson and reject connected
++ appliances with embedded proprietary software. Every such product is
++ a temptation to commit sabotage.</p>
+
+Id: 201710040
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-10-04
+Keywords: canary tethers subscriptions sabotage
+Blurb: <p>Every “home security” camera, if its
++ manufacturer can communicate with it, is a surveillance device. <a
++
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
++ Canary camera is an example</a>.</p>
++
++ <p>The article describes wrongdoing by the manufacturer, based on
++ the fact that the device is tethered to a server.</p>
++
++ <p><a href="/proprietary/proprietary-tethers.html">More about
++ proprietary tethering</a>.</p>
++
++ <p>But it also demonstrates that the device gives the company
++ surveillance capability.</p>
+
+Id: 201709290
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-09-29
+Keywords:
+Blurb: <p>Bad security in some cars makes it possible to <a
++ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937">
++ remotely activate the airbags</a>.</p>
+
+Id: 201709210
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2017-09-21
+Keywords:
+Blurb: <p>In the latest iThings system,
++ “turning off” WiFi and Bluetooth the obvious way <a
++
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
++ doesn't really turn them off</a>. A more advanced way really does turn
++ them off—only until 5am. That's Apple for you—“We
++ know you want to be spied on”.</p>
+
+Id: 201709200
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-09-20
+Keywords: iv-pump
+Blurb: <p>A “smart” intravenous pump
++ designed for hospitals is connected to the internet. Naturally <a
++
href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml">
++ its security has been cracked</a>.</p>
++
++ <p>Note that this article misuses the term <a
++ href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>
++ referring to crackers.</p>
+
+Id: 201709091
+Target: proprietary-back-doors.html universal
+Target: malware-cars.html malware-cars
+PubDate: 2017-09-09
+Keywords: tesla cars sabotage
+Blurb: <p>Tesla used software to limit the part of the battery
++ that was available to customers in some cars, and <a
++
href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/">
++ a universal back door in the software</a> to temporarily increase
++ this limit.</p>
++
++ <p>While remotely allowing car “owners” to use the
++ whole battery capacity did not do them any harm, the same back
++ door would permit Tesla (perhaps under the command of some
++ government) to remotely order the car to use none of its battery. Or
++ perhaps to drive its passenger to a torture prison.</p>
+
+Id: 201709090
+Target: proprietary-sabotage.html proprietary-sabotage
+PubDate: 2017-09-09
+Keywords: tesla back-doors universal cars
+Blurb: <p>Tesla used software to limit customers to using just <a
++
href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/">part
++ of the battery of some cars</a>.</p>
+
+Id: 201708280
+Target: proprietary-surveillance.html SpywareInEquipment
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-08-28
+Keywords: iot
+Blurb: <p>The bad security in many Internet of Stings devices allows <a
++
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
++ to snoop on the people that use them</a>.</p>
++
++ <p>Don't be a sucker—reject all the stings.</p>
++
++ <p>It is unfortunate that the article uses the term <a
++
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p>
+
+Id: 201708270
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-08-27
+Keywords: sarahah
+Blurb: <p>The Sarahah app <a
++
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
++ uploads all phone numbers and email addresses</a> in user's address
++ book to developer's server. Note that this article misuses the words
++ “<a href="/philosophy/free-sw.html">free software</a>”
++ referring to zero price.</p>
+
+Id: 201708230
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-08-21
+PubDate: 2017-08-23
+Keywords: sonos
+Blurb: <p>Sonos <a
++
href="http://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/">
++ told all its customers, “Agree”
++ to snooping or the product will stop working</a>. <a
++
href="https://consumerist.com/2017/08/23/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/#more-10287321">Another
++ article</a> says they won't forcibly change the software, but
++ people won't be able to get any upgrades and eventually it will
++ stop working.</p>
+
+Id: 201708160
+Target: potential-malware.html potential-malware
+PubDate: 2017-08-16
+Keywords: surveillance voice-control
+Blurb: <p>Any device that has a microphone and a speaker could be <a
++
href="http://www.washington.edu/news/2017/08/16/computer-scientists-use-music-to-covertly-track-body-movements-activity/">turned
++ into a sonar system that would track the movements of people in the
++ same room or other rooms nearby</a>.</p>
+
+Id: 201708040
+Target: proprietary-surveillance.html SpywareInDrones
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-08-04
+Keywords:
+Blurb: <p>While you're using a DJI drone
++ to snoop on other people, DJI is in many cases <a
++
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
++ on you</a>.</p>
+
+Id: 201707290
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2017-07-29
+Keywords: censorship
+Blurb: <p>Apple <a
++
href="https://www.nytimes.com/2017/07/29/technology/china-apple-censorhip.html">
++ deleted several VPNs from its app store for China</a>, thus using its
++ own censorship power to strengthen that of the Chinese government.</p>
+
+Id: 201707270
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-07-27
+Keywords: android
+Blurb: <p>20 dishonest Android apps recorded <a
++
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
++ calls and sent them and text messages and emails to snoopers</a>.</p>
++
++ <p>Google did not intend to make these apps spy; on the contrary, it
++ worked in various ways to prevent that, and deleted these apps after
++ discovering what they did. So we cannot blame Google specifically
++ for the snooping of these apps.</p>
++
++ <p>On the other hand, Google redistributes nonfree Android apps, and
++ therefore shares in the responsibility for the injustice of their being
++ nonfree. It also distributes its own nonfree apps, such as Google Play,
++ <a href="/philosophy/free-software-even-more-important.html">which
++ are malicious</a>.</p>
++
++ <p>Could Google have done a better job of preventing apps from
++ cheating? There is no systematic way for Google, or Android users,
++ to inspect executable proprietary apps to see what they do.</p>
++
++ <p>Google could demand the source code for these apps, and study
++ the source code somehow to determine whether they mistreat users in
++ various ways. If it did a good job of this, it could more or less
++ prevent such snooping, except when the app developers are clever
++ enough to outsmart the checking.</p>
++
++ <p>But since Google itself develops malicious apps, we cannot trust
++ Google to protect us. We must demand release of source code to the
++ public, so we can depend on each other.</p>
+
+Id: 201706204
+Target: proprietary-surveillance.html SpywareAtHome
+PubDate: 2017-06-20
+Keywords: appliances
+Blurb: <p>Lots of “smart” products are designed <a
++
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
++ listen to everyone in the house, all the time</a>.</p>
++
++ <p>Today's technological practice does not include any way of making
++ a device that can obey your voice commands without potentially spying
++ on you. Even if it is air-gapped, it could be saving up records
++ about you for later examination.</p>
+
+Id: 201706202
+Target: proprietary-back-doors.html spy
+PubDate: 2017-06-07
+Keywords:
+Blurb: <p id="InternetCameraBackDoor">Many models of Internet-connected
++ cameras contain a glaring back door—they have login
++ accounts with hard-coded passwords, which can't be changed, and <a
++
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">
++ there is no way to delete these accounts either</a>.</p>
++
++ <p>Since these accounts with hard-coded passwords are impossible
++ to delete, this problem is not merely an insecurity; it amounts to
++ a back door that can be used by the manufacturer (and
++ government) to spy on users.</p>
+
+Id: 201706201
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-06-20
+Keywords: appliances
+Blurb: <p>Many models of Internet-connected cameras <a
++ href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor">
++ have backdoors</a>.</p>
++
++ <p>That is a malicious functionality, but in addition it
++ is a gross insecurity since anyone, including malicious crackers, <a
++
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can
++ find those accounts and use them to get into users' cameras</a>.</p>
+
+Id: 201706200
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-06-20
+Keywords: insecurity cameras
+Blurb: <p>Many models of Internet-connected cameras
++ are tremendously insecure. They have login
++ accounts with hard-coded passwords, which can't be changed, and <a
++
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there
++ is no way to delete these accounts either</a>.</p>
+
+Id: 201706130
+Target: proprietary-jails.html microsoft
+Target: malware-microsoft.html jails
+PubDate: 2017-05-03
+PubDate: 2017-06-13
+Keywords: windows-10s
+Blurb: <p>Windows 10 S was a jail: <a
++
href="https://www.theguardian.com/technology/2017/may/03/windows-10-s-microsoft-faster-pc-comparison">
++ only programs from the Windows Store could be
++ installed and executed</a>. It was however possible to <a
++
href="https://www.theverge.com/2017/6/13/15789998/microsoft-windows-10-s-upgrade-windows-10-pro-guide">
++ upgrade to Windows 10 Pro</a>. The successor of Windows
++ 10 S is a special configuration of Windows 10 called <a
++
href="https://support.microsoft.com/en-gb/help/4020089/windows-10-in-s-mode-faq">
++ S mode</a>. The major difference with Windows 10 S is that there is
++ an easy way to switch out of S mode.</p>
+
+Id: 201706060
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2017-06-06
+Keywords: ithings
+Blurb: <p>Apple will stop <a
++
href="https://www.theguardian.com/technology/2017/jun/06/iphone-ipad-apps-games-apple-5-5c-obsolete">fixing
++ bugs for older model iThings</a>.</p>
++
++ <p>Meanwhile, Apple stops people from fixing problems themselves;
++ that's the nature of proprietary software.</p>
+
+Id: 201706050
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-05-01
+PubDate: 2017-06-05
+Keywords: intel
+Blurb: <p id="intel-me-10-year-vulnerability">Intel's
++ CPU backdoor—the Intel Management Engine—had a <a
++
href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major
++ security vulnerability for 10 years</a>.</p>
++
++ <p>The vulnerability allowed a cracker to access
++ the computer's Intel Active Management Technology (AMT) <a
++
href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/">
++ web interface with an empty password and gave administrative
++ access</a> to access the computer's keyboard, mouse, monitor among
++ other privileges.</p>
++
++ <p>It does not help that in newer Intel processors, it is impossible
++ to turn off the Intel Management Engine. Thus, even users who are
++ proactive about their security can do nothing to protect themselves
++ besides using machines that don't come with the backdoor.</p>
+
+Id: 201705250
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-05-25
+Keywords: health
+Blurb: <p>The proprietary code that runs pacemakers,
++ insulin pumps, and other medical devices is <a
++ href="http://www.bbc.co.uk/news/technology-40042584"> full of gross
++ security faults</a>.</p>
+
+Id: 201705230
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-05-23
+Keywords: android
+Blurb: <p>Apps for BART <a
++
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
++ on users</a>.</p>
++
++ <p>With free software apps, users could <em>make sure</em> that they
++ don't snoop.</p>
++
++ <p>With proprietary apps, one can only hope that they don't.</p>
+
+Id: 201705180
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2017-05-18
+Keywords: second-life
+Blurb: <p>Bird and rabbit pets were implemented for Second
++ Life by a company that tethered their food to a server. <a
++
href="https://www.rockpapershotgun.com/2017/05/19/second-life-ozimals-pet-rabbits-dying">
++ It shut down the server and the pets more or less died</a>.</p>
+
+Id: 201705160
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-05-16
+Keywords: conexant
+Blurb: <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)
++ pre-installed on 28 models of HP laptops logged the user's keystroke
++ to a file in the filesystem. Any process with access to the filesystem
++ or the MapViewOfFile API could gain access to the log. Furthermore, <a
++
href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according
++ to modzero</a> the “information-leak via Covert Storage Channel
++ enables malware authors to capture keystrokes without taking the risk
++ of being classified as malicious task by AV heuristics”.</p>
+
+Id: 201705150
+Target: malware-google.html drm
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2017-05-13
+PubDate: 2017-05-15
+Keywords: android netflix
+Blurb: <p>Google now allows Android
++ apps to detect whether a device has been rooted, <a
++
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
++ refuse to install if so</a>. The Netflix app uses this ability to
++ enforce DRM by refusing to install on rooted Android devices.</p>
++
++ <p>Update: Google <i>intentionally</i> changed Android so that apps <a
++
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can
++ detect rooted devices and refuse to run on them</a>. The Netflix app
++ is proprietary malware, and one shouldn't use it. However, that does
++ not make what Google has done any less wrong.</p>
+
+Id: 201705120
+Target: malware-microsoft.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-05-12
+Keywords: windows
+Blurb: <p>Exploits of bugs in Windows, which were developed by the NSA
++ and then leaked by the Shadowbrokers group, are now being used to <a
++
href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack
++ a great number of Windows computers with ransomware</a>.</p>
+
+Id: 201705040
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-05-04
+Keywords: android
+Blurb: <p>A study found 234 Android apps that track users by <a
++
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
++ to ultrasound from beacons placed in stores or played by TV
++ programs</a>.</p>
+
+Id: 201704260
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-04-26
+Keywords: facebook
+Blurb: <p>Faceapp appears to do lots of surveillance, judging by <a
++
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
++ how much access it demands to personal data in the device</a>.</p>
+
+Id: 201704194
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2017-04-19
+Keywords: windows
+Blurb: <p>Microsoft has made Windows 7
++ and 8 cease to function on certain new computers, <a
++
href="https://support.microsoft.com/en-us/help/4012982/the-processor-is-not-supported-together-with-the-windows-version-that">effectively
++ forcing their owners to switch to Windows 10</a>.</p>
+
+Id: 201704190
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-appliances.html malware-appliances
+Target: malware-mobiles.html surveillance
+PubDate: 2017-04-19
+Keywords: bose
+Blurb: <p>Users are suing Bose for <a
++
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
++ distributing a spyware app for its headphones</a>. Specifically,
++ the app would record the names of the audio files users listen to
++ along with the headphone's unique serial number.</p>
++
++ <p>The suit accuses that this was done without the users' consent.
++ If the fine print of the app said that users gave consent for this,
++ would that make it acceptable? No way! It should be flat out <a
++ href="/philosophy/surveillance-vs-democracy.html"> illegal to design
++ the app to snoop at all</a>.</p>
+
+Id: 201704131
+Target: malware-amazon.html drm
+PubDate: 2017-04-13
+Keywords:
+Blurb: <p><a href="http://techin.oureverydaylife.com/kindle-drm-17841.html">
++ The Amazon Kindle has DRM</a>. That article is flawed in that it
++ fails to treat DRM as an ethical question; it takes for granted that
++ whatever Amazon might do to its users is legitimate. It refers to
++ DRM as digital “rights” management, which is the spin
++ term used to promote DRM. Nonetheless it serves as a reference for
++ the facts.</p>
+
+Id: 201704130
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2017-04-13
+Keywords:
+Blurb: <p><a href="http://techin.oureverydaylife.com/kindle-drm-17841.html">
++ The Amazon Kindle has DRM</a>. That article is flawed in that it
++ fails to treat DRM as an ethical question; it takes for granted that
++ whatever Amazon might do to its users is legitimate. It refers to
++ DRM as digital “rights” management, which is the spin
++ term used to promote DRM. Nonetheless it serves as a reference for
++ the facts.</p>
++
++ <p>We refer to that product as the <a
++ href="/philosophy/why-call-it-the-swindle.html"> Amazon Swindle</a>
++ because of this and <a href="/philosophy/ebooks.html"> other malicious
++ functionalities</a>.</p>
+
+Id: 201704134
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2017-04-13
+Keywords: windows
+Blurb: <p>Microsoft <a
++
href="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/">
++ has dropped support for Windows 7 and 8 on recent processors</a>
++ in a big hurry.</p>
++
++ <p>It makes no difference what legitimate reasons Microsoft might
++ have for not doing work to support them. If it doesn't want to do
++ this work, it should let users do the work.</p>
+
+Id: 201704120
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2017-04-12
+Keywords: anova
+Blurb: <p>Anova sabotaged users' cooking devices
++ with a downgrade that tethered them to a remote server. <a
++
href="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unless
++ users create an account on Anova's servers, their cookers won't
++ function</a>.</p>
+
+Id: 201704074
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-04-07
+Keywords: android
+Blurb: <p>Pairs of Android apps can collude
++ to transmit users' personal data to servers. <a
++
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
++ study found tens of thousands of pairs that collude</a>.</p>
+
+Id: 201704071
+Target: malware-apple.html drm
+PubDate: 2017-04-07
+Keywords: sabotage
+Blurb: <p>DRM makes the iPhone 7 nearly <a
++ href="#iphone7-sabotage">unrepairable</a> by anyone else but Apple.</p>
+
+Id: 201704070
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2017-04-07
+Keywords: drm
+Blurb: <p id="iphone7-sabotage">The
++ iPhone 7 contains DRM specifically designed to <a
++
href="https://motherboard.vice.com/en_us/article/kbjm8e/iphone-7-home-button-unreplaceable-repair-software-lock">
++ brick it if an “unauthorized” repair shop fixes it</a>.
++ “Unauthorized” essentially means anyone besides Apple.</p>
++
++ <p>The article uses the term “lock”
++ to describe the DRM, but we prefer to use the term <a
++ href="/philosophy/words-to-avoid.html#DigitalLocks"> digital
++ handcuffs</a>.</p>
+
+Id: 201704050
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-04-05
+Keywords: android broadcom
+Blurb: <p>Many Android devices <a
++
href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/">
++ can be hijacked through their Wi-Fi chips</a> because of a bug in
++ Broadcom's non-free firmware.</p>
+
+Id: 201703300
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-03-30
+Keywords: verizon
+Blurb: <p>Verizon <a
++
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
++ announced an opt-in proprietary search app that it will</a> pre-install
++ on some of its phones. The app will give Verizon the same information
++ about the users' searches that Google normally gets when they use
++ its search engine.</p>
++
++ <p>Currently, the app is <a
++
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
++ being pre-installed on only one phone</a>, and the user must
++ explicitly opt-in before the app takes effect. However, the app
++ remains spyware—an “optional” piece of spyware is
++ still spyware.</p>
+
+Id: 201703270
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-03-27
+Keywords: miele
+Blurb: <p>When Miele's Internet of
++ Stings hospital disinfectant dishwasher is <a
++
href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">
++ connected to the Internet, its security is crap</a>.</p>
++
++ <p>For example, a cracker can gain access to the dishwasher's
++ filesystem, infect it with malware, and force the dishwasher to launch
++ attacks on other devices in the network. Since these dishwashers are
++ used in hospitals, such attacks could potentially put hundreds of
++ lives at risk.</p>
+
+Id: 201703170
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2017-03-17
+Keywords: windows
+Blurb: <p>Windows displays <a
++
href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
++ intrusive ads for Microsoft products and its partners'
++ products</a>.</p>
++
++ <p>The article's author starts from the premise that Microsoft has
++ a right to control what Windows does to users, as long as it doesn't
++ go “too far”. We disagree.</p>
+
+Id: 201703160
+Target: proprietary-censorship.html google
+Target: malware-google.html censorship
+PubDate: 2017-03-16
+Keywords:
+Blurb: <p>Google <a
++
href="http://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts">
++ offers censorship software</a>, ostensibly for parents to put into
++ their children's computers.</p>
+
+Id: 201703140
+Target: proprietary-surveillance.html SpywareInToys
+Target: malware-appliances.html malware-appliances
+PubDate: 2016-08-10
+PubDate: 2016-09-14
+PubDate: 2017-03-14
+Keywords:
+Blurb: <p>A computerized vibrator <a
++
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
++ was snooping on its users through the proprietary control app</a>.</p>
++
++ <p>The app was reporting the temperature of the vibrator minute by
++ minute (thus, indirectly, whether it was surrounded by a person's
++ body), as well as the vibration frequency.</p>
++
++ <p>Note the totally inadequate proposed response: a labeling
++ standard with which manufacturers would make statements about their
++ products, rather than free software which users could have checked
++ and changed.</p>
++
++ <p>The company that made the vibrator <a
++
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
++ was sued for collecting lots of personal information about how people
++ used it</a>.</p>
++
++ <p>The company's statement that it was anonymizing the data may be
++ true, but it doesn't really matter. If it had sold the data to a data
++ broker, the data broker would have been able to figure out who the
++ user was.</p>
++
++ <p>Following this lawsuit, <a
++
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
++ the company has been ordered to pay a total of C$4m</a> to its
++ customers.</p>
+
+Id: 201702280
+Target: proprietary-surveillance.html SpywareInToys
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-02-28
+PubDate: 2017-02-28
+Keywords: cloudpet
+Blurb: <p>“CloudPets” toys with microphones <a
++
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
++ leak childrens' conversations to the manufacturer</a>. Guess what? <a
++
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
++ Crackers found a way to access the data</a> collected by the
++ manufacturer's snooping.</p>
++
++ <p>That the manufacturer and the FBI could listen to these
++ conversations was unacceptable by itself.</p>
+
+Id: 201702200
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-02-20
+Keywords:
+Blurb: <p>If you buy a used “smart”
++ car, house, TV, refrigerator, etc., usually <a
++
href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the
++ previous owners can still remotely control it</a>.</p>
+
+Id: 201702170
+Target: malware-mobiles.html insecurity
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-02-17
+Keywords: apps
+Blurb: <p>The mobile apps for communicating <a
++
href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with
++ a smart but foolish car have very bad security</a>.</p>
++
++ <p>This is in addition to the fact that the car contains a cellular
++ modem that tells big brother all the time where it is. If you own
++ such a car, it would be wise to disconnect the modem so as to turn
++ off the tracking.</p>
+
+Id: 201702150
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2017-02-15
+Keywords: iphone
+Blurb: <p>Apple proposes <a
++
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
++ fingerprint-scanning touch screen</a>—which would mean no way
++ to use it without having your fingerprints taken. Users would have
++ no way to tell whether the phone is snooping on them.</p>
+
+Id: 201702061
+Target: proprietary-back-doors.html universal
+PubDate: 2017-02-06
+Keywords: vizio surveillance tvsets appliances
+Blurb: <p>Vizio “smart” TVs <a
++
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">
++ have a universal back door</a>.</p>
+
+Id: 201702060
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2017-02-06
+Keywords: vizio back-doors universal
+Blurb: <p>Vizio “smart” <a
++
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
++ report everything that is viewed on them, and not just broadcasts and
++ cable</a>. Even if the image is coming from the user's own computer,
++ the TV reports what it is. The existence of a way to disable the
++ surveillance, even if it were not hidden as it was in these TVs,
++ does not legitimize the surveillance.</p>
+
+Id: 201702020
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2017-02-02
+Keywords:
+Blurb: <p>DRM-restricted files can be used to <a
++
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
++ identify people browsing through Tor</a>. The vulnerability exists
++ only if you use Windows.</p>
+
+Id: 201701300
+Target: malware-google.html drm
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2017-01-30
+Keywords: chrome chromium
+Blurb: <p>Chrome <a
++
href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements
++ DRM</a>. So does Chromium, through nonfree software that is effectively
++ part of it.</p>
++
++ <p><a
++ href="https://bugs.chromium.org/p/chromium/issues/detail?id=686430">More
++ information</a>.</p>
+
+Id: 201701270
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-01-27
+Keywords: samsung
+Blurb: <p>Samsung phones <a
++
href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have
++ a security hole that allows an SMS message to install
++ ransomware</a>.</p>
+
+Id: 201701210
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2017-01-21
+Keywords: meitu
+Blurb: <p>The Meitu photo-editing app <a
++
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
++ user data to a Chinese company</a>.</p>
+
+Id: 201701180
+Target: proprietary-censorship.html google
+Target: malware-google.html censorship
+PubDate: 2015-05
+PubDate: 2017-01-18
+Keywords: chrome
+Blurb: <p>On Windows and MacOS, Chrome <a
++
href="https://sites.google.com/a/chromium.org/dev/developers/extensions-deployment-faq">
++ disables extensions</a> that are not hosted in the Chrome Web
++ Store.</p>
++
++ <p>For example, an extension was <a
++
href="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">
++ banned from the Chrome Web Store, and permanently disabled</a> on
++ more than 40,000 computers.</p>
+
+Id: 201701130
+Target: malware-mobiles.html insecurity
+Target: proprietary-back-doors.html spy
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2017-01-13
+Keywords: whatsapp
+Blurb: <p>WhatsApp has a feature that <a
++
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
++ has been described as a “back door”</a> because it would
++ enable governments to nullify its encryption.</p>
++
++ <p>The developers say that it wasn't intended as a back door, and that
++ may well be true. But that leaves the crucial question of whether it
++ functions as one. Because the program is nonfree, we cannot check by
++ studying it.</p>
+
+Id: 201701110
+Target: proprietary-interference.html proprietary-interference
+Target: malware-adobe.html malware-adobe
+PubDate: 2017-01-11
+Keywords:
+Blurb: <p>An upgrade package for Acrobat Reader <a
++
href="https://www.bleepingcomputer.com/news/software/adobe-acrobat-reader-dc-update-installs-chrome-browser-extension/">silently
++ alters Chrome</a>.</p>
+
+Id: 201701064
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2017-01-06
+Keywords: apps censorship
+Blurb: <p>Apple used its censorship system to enforce Russian surveillance <a
++
href="http://www.nytimes.com/2017/01/06/technology/linkedin-blocked-in-russia.html?partner=rss&emc=rss&_r=0">
++ by blocking distribution of the LinkedIn app in Russia</a>.</p>
++
++ <p>This is ironic because LinkedIn is a surveillance system itself.
++ While subjecting its users to its own surveillance, it tries to
++ protect its users from Russian surveillance, and is therefore subject
++ to Russian censorship.</p>
++
++ <p>However, the point here is the wrong of Apple's censorship of
++ apps.</p>
+
+Id: 201701060
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2017-01-06
+Keywords: disqus
+Blurb: <p>When a page uses Disqus
++ for comments, the proprietary Disqus software <a
++
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
++ a Facebook software package into the browser of every anonymous visitor
++ to the page, and makes the page's URL available to Facebook</a>.</p>
+
+Id: 201701050
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2017-01-05
+Keywords: apps censorship
+Blurb: <p>Apple used its censorship system to enforce China's censorship <a
++
href="https://www.theguardian.com/world/2017/jan/05/apple-removes-new-york-times-app-in-china">
++ by blocking distribution of the New York Times app</a>.</p>
+
+Id: 201612230
+Target: proprietary-surveillance.html SpywareInVR
+Target: malware-appliances.html malware-appliances
+PubDate: 2016-12-23
+Keywords:
+Blurb: <p>VR equipment, measuring every slight motion,
++ creates the potential for the most intimate
++ surveillance ever. All it takes to make this potential real <a
++
href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
++ software as malicious as many other programs listed in this
++ page</a>.</p>
++
++ <p>You can bet Facebook will implement the maximum possible
++ surveillance on Oculus Rift devices. The moral is, never trust a VR
++ system with nonfree software in it.</p>
+
+Id: 201612200
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2016-12-20
+Keywords: ham-radio
+Blurb: <p>The developer of Ham Radio Deluxe <a
++
href="https://www.techdirt.com/articles/20161220/12411836320/company-bricks-users-software-after-he-posts-negative-review.shtml">sabotaged
++ a customer's installation as punishment for posting a negative
++ review</a>.</p>
++
++ <p>Most proprietary software companies don't use their power so
++ harshly, but it is an injustice that they all <em>have</em> such
++ power.</p>
+
+Id: 201612120
+Target: proprietary-coverups.html proprietary-coverups
+PubDate: 2016-12-12
+Keywords: price-waterhouse-coopers
+Blurb: <p>Price Waterhouse Coopers tried
++ to suppress knowledge of a security flaw by <a
++
href="http://www.zdnet.com/article/pwc-sends-security-researchers-cease-and-desist-letter-instead-of-fixing-security-flaw/">
++ making legal threats against the security company that found
++ it</a>.</p>
+
+Id: 201612064
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2016-12-06
+Keywords: marketing
+Blurb: <p>Online sales, with tracking and surveillance of customers, <a
++
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
++ businesses to show different people different prices</a>. Most of
++ the tracking is done by recording interactions with servers, but
++ proprietary software contributes.</p>
+
+Id: 201612061
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-12-06
+Keywords: my-friend-cayla surveillance toys
+Blurb: <p>The “smart” toys My Friend Cayla and i-Que can be <a
++
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely
++ controlled with a mobile phone</a>; physical access is not
++ necessary. This would enable crackers to listen in on a child's
++ conversations, and even speak into the toys themselves.</p>
++
++ <p>This means a burglar could speak into the toys and ask the child
++ to unlock the front door while Mommy's not looking.</p>
+
+Id: 201612060
+Target: proprietary-surveillance.html SpywareInToys
+PubDate: 2016-12-06
+Keywords: my-friend-cayla insecurity appliances
+Blurb: <p>The “smart” toys My Friend Cayla and i-Que transmit <a
++
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
++ conversations to Nuance Communications</a>, a speech recognition
++ company based in the U.S.</p>
++
++ <p>Those toys also contain major security vulnerabilities; crackers
++ can remotely control the toys with a mobile phone. This would enable
++ crackers to listen in on a child's speech, and even speak into the
++ toys themselves.</p>
+
+Id: 201611280
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2016-11-28
+Keywords: uber
+Blurb: <p>The Uber app tracks <a
++
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
++ movements before and after the ride</a>.</p>
++
++ <p>This example illustrates how “getting the user's
++ consent” for surveillance is inadequate as a protection against
++ massive surveillance.</p>
+
+Id: 201611240
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2016-11-24
+Keywords: system
+Blurb: <p>By default, Windows 10 <a
++
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
++ debugging information to Microsoft, including core dumps</a>. Microsoft
++ now distributes them to another company.</p>
+
+Id: 201611170
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2016-11-17
+Keywords: iphone
+Blurb: <p>iPhones <a
++
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
++ lots of personal data to Apple's servers</a>. Big Brother can get
++ them from there.</p>
+
+Id: 201611161
+Target: malware-webpages.html malware-webpages
+PubDate: 2016-11-16
+Keywords: vpn mobiles-surveillance apps
+Blurb: <p>A <a
++
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
++ research paper</a> that investigated the privacy and security of
++ 283 Android VPN apps concluded that “in spite of the promises
++ for privacy, security, and anonymity given by the majority of VPN
++ apps—millions of users may be unawarely subject to poor security
++ guarantees and abusive practices inflicted by VPN apps.”</p>
++
++ <p>Here are two examples, taken from the research paper, of
++ proprietary VPN apps that use JavaScript to track users and infringe
++ their privacy:</p>
++
++ <dl class="compact">
++ <dt>VPN Services HotspotShield</dt>
++ <dd>Injects JavaScript code into the HTML pages returned to the
++ users. The stated purpose of the JS injection is to display ads. Uses
++ roughly five tracking libraries. Also, it redirects the user's
++ traffic through valueclick.com (an advertising website).</dd>
++
++ <dt>WiFi Protector VPN</dt>
++ <dd>Injects JavaScript code into HTML pages, and also uses roughly
++ five tracking libraries. Developers of this app have confirmed that
++ the non-premium version of the app does JavaScript injection for
++ tracking the user and displaying ads.</dd>
++ </dl>
+
+Id: 201611160
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2016-11-16
+Keywords: vpn webpages
+Blurb: <p>A <a
++
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
++ research paper</a> that investigated the privacy and security of
++ 283 Android VPN apps concluded that “in spite of the promises
++ for privacy, security, and anonymity given by the majority of VPN
++ apps—millions of users may be unawarely subject to poor security
++ guarantees and abusive practices inflicted by VPN apps.”</p>
++
++ <p>Following is a non-exhaustive list, taken from the research paper,
++ of some proprietary VPN apps that track users and infringe their
++ privacy:</p>
++
++ <dl class="compact">
++ <dt>SurfEasy</dt>
++ <dd>Includes tracking libraries such as NativeX and Appflood,
++ meant to track users and show them targeted ads.</dd>
++
++ <dt>sFly Network Booster</dt>
++ <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
++ permissions upon installation, meaning it has full access to users'
++ text messages.</dd>
++
++ <dt>DroidVPN and TigerVPN</dt>
++ <dd>Requests the <code>READ_LOGS</code> permission to read logs
++ for other apps and also core system logs. TigerVPN developers have
++ confirmed this.</dd>
++
++ <dt>HideMyAss</dt>
++ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
++ may turn them over to the UK government if requested.</dd>
++
++ <dt>VPN Services HotspotShield</dt>
++ <dd>Injects JavaScript code into the HTML pages returned to the
++ users. The stated purpose of the JS injection is to display ads. Uses
++ roughly five tracking libraries. Also, it redirects the user's
++ traffic through valueclick.com (an advertising website).</dd>
++
++ <dt>WiFi Protector VPN</dt>
++ <dd>Injects JavaScript code into HTML pages, and also uses roughly
++ five tracking libraries. Developers of this app have confirmed that
++ the non-premium version of the app does JavaScript injection for
++ tracking the user and displaying ads.</dd>
++ </dl>
+
+Id: 201611150
+Target: proprietary-surveillance.html SpywareInAndroid
+Target: malware-mobiles.html surveillance
+PubDate: 2016-11-15
+Keywords:
+Blurb: <p>Some portable phones <a
++
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
++ sold with spyware sending lots of data to China</a>.</p>
+
+Id: 201611070
+Target: malware-games.html malware-games
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2016-11-07
+Keywords: nVidia
+Blurb: <p>nVidia's proprietary GeForce Experience <a
++
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
++ users identify themselves and then sends personal data about them to
++ nVidia servers</a>.</p>
+
+Id: 201611060
+Target: proprietary-deception.html proprietary-deception
+Target: malware-cars.html malware-cars
+PubDate: 2016-11-06
+Keywords: audi
+Blurb: <p><a
++
href="http://jalopnik.com/america-figured-out-a-new-way-audi-cheated-on-emissions-1788630969">
++ Audi's proprietary software used a simple method to cheat on emissions
++ tests</a>: to activate a special low-emission gearshifting mode until
++ the first time the car made a turn.</p>
+
+Id: 201610230
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-10-23
+Keywords: phone-network
+Blurb: <p>4G LTE phone networks are drastically insecure. They can be <a
++
href="https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/">
++ taken over by third parties and used for man-in-the-middle
++ attacks</a>.</p>
+
+Id: 201609280
+Target: malware-apple.html surveillance
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2016-09-28
+Keywords: imessage apps
+Blurb: <p>The iMessage app on iThings <a
++
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
++ a server every phone number that the user types into it</a>; the
++ server records these numbers for at least 30 days.</p>
+
+Id: 201609240
+Target: malware-games.html malware-games
+Target: proprietary-back-doors.html other
+PubDate: 2016-09-23
+PubDate: 2016-09-24
+Keywords: capcom
+Blurb: <p>A Capcom's Street Fighter V update <a
++ href="https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/">
++ installed a driver that could be used as a back door by
++ any application installed on a Windows computer</a>, but was <a
++
href="https://www.rockpapershotgun.com/2016/09/24/street-fighter-v-removes-new-anti-crack">
++ immediately rolled back</a> in response to public outcry.</p>
+
+Id: 201609210
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInMobileApps
+PubDate: 2016-09-21
+Keywords:
+Blurb: <p>Google's new voice messaging app <a
++
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
++ all conversations</a>.</p>
+
+Id: 201609200
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2016-09-20
+Keywords: hp
+Blurb: <p>HP's firmware downgrade <a
++
href="https://www.theguardian.com/technology/2016/sep/20/hp-inkjet-printers-unofficial-cartridges-software-update">imposed
++ DRM on some printers, which now refuse to function with third-party
++ ink cartridges</a>.</p>
+
+Id: 201609140
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2016-09-14
+Keywords:
+Blurb: <p>Google Play (a component of Android) <a
++
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
++ tracks the users' movements without their permission</a>.</p>
++
++ <p>Even if you disable Google Maps and location tracking, you must
++ disable Google Play itself to completely stop the tracking. This is
++ yet another example of nonfree software pretending to obey the user,
++ when it's actually doing something else. Such a thing would be almost
++ unthinkable with free software.</p>
+
+Id: 201609130
+Target: malware-mobiles.html back-doors
+Target: proprietary-back-doors.html universal
+PubDate: 2016-09-13
+Keywords: xiaomi phone
+Blurb: <p>Xiaomi phones come with <a
++
href="https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered">
++ a universal back door in the application processor, for Xiaomi's
++ use</a>.</p>
++
++ <p>This is separate from <a href="#universal-back-door-phone-modem">the
++ universal back door in the modem processor that the local phone
++ company can use</a>.</p>
+
+Id: 201609010
+Target: proprietary-deception.html proprietary-deception
+PubDate: 2016-09-01
+Keywords:
+Blurb: <p>Many proprietary programs secretly <a
++
href="https://www.theregister.co.uk/2016/08/05/payperinstall_study/">install
++ other proprietary programs that the users don't want</a>.</p>
+
+Id: 201608172
+Target: malware-microsoft.html back-doors
+Target: proprietary-back-doors.html universal
+PubDate: 2007-09-13
+PubDate: 2007-08-26
+PubDate: 2016-08-17
+PubDate: 2015-07-17
+Keywords: windows-update
+Blurb: <p id="windows-update">Microsoft
++ Windows has a universal back door through which <a
++
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183">
++ any change whatsoever can be imposed on the users</a>.</p>
++
++ <p>This was <a
++ href="http://slated.org/windows_by_stealth_the_updates_you_dont_want">
++ reported in 2007</a> for XP and Vista, and it seems
++ that Microsoft used the same method to push the <a
++ href="/proprietary/malware-microsoft.html#windows10-forcing">
++ Windows 10 downgrade</a> to computers running Windows 7 and 8.</p>
++
++ <p>In Windows 10, the universal back door
++ is no longer hidden; all “upgrades” will be <a
++
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">
++ forcibly and immediately imposed</a>.</p>
+
+Id: 201608171
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2016-08-17
+Keywords:
+Blurb: <p>In order to increase Windows 10's install base, Microsoft <a
class="not-a-duplicate"
++
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
++ blatantly disregards user choice and privacy</a>.</p>
+
+Id: 201608170
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2015-12-07
+PubDate: 2016-03-17
+PubDate: 2016-08-17
+Keywords: windows
+Blurb: <p> After <a
href="/proprietary/malware-microsoft.html#windows10-forcing">forcing the
download of Windows 10</a>
++ on computers that were running Windows 7 and 8, Microsoft <a
++
href="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html">
++ repeatedly switched on a flag that urged users to
++ “upgrade” to Windows 10</a> when they had turned
++ it off, in the hope that some day they would fail to say no.
++ To do this, Microsoft used <a
++
href="https://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/">
++ malware techniques</a>.</p>
++
++ <p>A detailed <a
++
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
++ analysis of Microsoft's scheme</a> is available on the Electronic
++ Frontier Foundation's website.</p>
+
+Id: 201608110
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-08-11
+Keywords: volkswagen
+Blurb: <p>Due to weak security, <a
++
href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it
++ is easy to open the doors of 100 million cars built by
++ Volkswagen</a>.</p>
+
+Id: 201608080
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-08-08
+Keywords:
+Blurb: <p>Ransomware <a
++
href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/">
++ has been developed for a thermostat that uses proprietary
++ software</a>.</p>
+
+Id: 201608020
+Target: malware-microsoft.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-08-02
+Keywords: browser
+Blurb: <p>A <a
++
href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw
++ in Internet Explorer and Edge</a> allows an attacker to retrieve
++ Microsoft account credentials, if the user is tricked into visiting
++ a malicious link.</p>
+
+Id: 201607290
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-07-29
+Keywords: whatsapp
+Blurb: <p><a
++
href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted”
++ WhatsApp messages are not entirely deleted</a>. They can be recovered
++ in various ways.</p>
+
+Id: 201607284
+Target: malware-apple.html back-doors
+Target: proprietary-back-doors.html alter-data
+PubDate: 2016-07-28
+Keywords: macos
+Blurb: <p>The Dropbox app for Macintosh <a
++
href="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/">
++ takes control of user interface items after luring the user into
++ entering an admin password</a>.</p>
+
+Id: 201607280
+Target: malware-mobiles.html insecurity
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2016-07-28
+Keywords: apps
+Blurb: <p>A half-blind security critique of a tracking app: it found that <a
++
href="http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/">
++ blatant flaws allowed anyone to snoop on a user's personal data</a>.
++ The critique fails entirely to express concern that the app sends the
++ personal data to a server, where the <em>developer</em> gets it all.
++ This “service” is for suckers!</p>
++
++ <p>The server surely has a “privacy policy,” and surely
++ it is worthless since nearly all of them are.</p>
+
+Id: 201607220
+Target: malware-apple.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-07-22
+Keywords: api
+Blurb: <p>A vulnerability in Apple's Image I/O API allowed an attacker to <a
++
href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute
++ malicious code from any application which uses this API to render a
++ certain kind of image file</a>.</p>
+
+Id: 201607190
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-07-19
+Keywords: phone-network
+Blurb: <p>A bug in a proprietary ASN.1 library, used
++ in cell phone towers as well as cell phones and routers, <a
++
href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows
++ taking control of those systems</a>.</p>
+
+Id: 201607160
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-cars.html malware-cars
+PubDate: 2016-07-16
+Keywords:
+Blurb: <p>Computerized cars with nonfree software are <a
++
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
++ snooping devices</a>.</p>
+
+Id: 201607150
+Target: proprietary-tyrants.html proprietary-tyrants
+Target: malware-microsoft.html tyrants
+PubDate: 2016-07-15
+Keywords: windows-rt
+Blurb: <p>Microsoft accidentally left a way for users
++ to install GNU/Linux on Windows RT tablets, but now it has <a
++
href="http://www.securitynewspaper.com/2016/07/15/microsoft-silently-kills-dev-backdoor-boots-linux-locked-windows-rt-slabs/">
++ “fixed” the “error”</a>. They have the gall
++ to call this “protecting” the users. The article talks
++ of installing “Linux”, but the context shows it is really
++ <a href="/gnu/linux-and-gnu.html">GNU/Linux</a> that users install.</p>
+
+Id: 201607140
+Target: proprietary-deception.html proprietary-deception
+PubDate: 2016-07-14
+Keywords: games
+Blurb: <p>The proprietor of the Pokémon Go game <a
++
href="https://www.theguardian.com/technology/2016/jul/14/pokemon-go-sponsored-locations-restaurants-business">
++ invites restaurants and other businesses to pay to have the game lure
++ people there</a>.</p>
+
+Id: 201606290
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-06-29
+Keywords: antivirus
+Blurb: <p>Antivirus programs have so many errors that <a
++
href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they
++ may make security worse</a>.</p>
++
++ <p>GNU/Linux does not need antivirus software.</p>
+
+Id: 201606270
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2015-09-11
+PubDate: 2016-06-03
+PubDate: 2016-06-27
+Keywords: windows
+Blurb: <p id="windows10-forcing">In its efforts to trick users of Windows
++ 7 and 8 into installing all-spying Windows 10 against their
++ will, Microsoft forced their computers to <a
++
href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1">
++ silently download… the whole of Windows 10</a>! Apparently,
++ this was done through a <a
++ href="/proprietary/proprietary-back-doors.html#windows-update">
++ universal back door</a>. Not only did the unwanted downloads <a
++
href="https://www.theregister.co.uk/2016/06/03/windows_10_upgrade_satellite_link/">
++ jeopardize important operations in regions of the world with poor
++ connectivity</a>, but many of the people who let installation proceed
++ found out that this “upgrade” was in fact a <a
++
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146">
++ downgrade</a>.</p>
+
+Id: 201606080
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2016-06-08
+Keywords: windows quicktime
+Blurb: <p>Apple <a
++
href="https://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/">
++ stops users from fixing the security bugs in Quicktime for Windows</a>,
++ while refusing to fix them itself.</p>
+
+Id: 201606060
+Target: proprietary-back-doors.html universal
+Target: malware-amazon.html echo-back-doors
+PubDate: 2016-06-06
+Keywords:
+Blurb: <p>The Amazon Echo appears to have a universal back door, since <a
++ href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
++ it installs “updates” automatically</a>.</p>
++
++ <p>We have found nothing explicitly documenting the lack of any way
++ to disable remote changes to the software, so we are not completely
++ sure there isn't one, but this seems pretty clear.</p>
+
+Id: 201606050
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2016-06-05
+Keywords: facebook
+Blurb: <p>Facebook's new Magic Photo app <a
++
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
++ scans your mobile phone's photo collections for known faces</a>,
++ and suggests you to share the picture you take according to who is
++ in the frame.</p>
++
++ <p>This spyware feature seems to require online access to some
++ known-faces database, which means the pictures are likely to be
++ sent across the wire to Facebook's servers and face-recognition
++ algorithms.</p>
++
++ <p>If so, none of Facebook users' pictures are private anymore,
++ even if the user didn't “upload” them to the service.</p>
+
+Id: 201606030
+Target: proprietary-surveillance.html SpywareInNetworks
+PubDate: 2016-06-03
+Keywords: routing
+Blurb: <p>Investigation Shows <a
++
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
++ Using US Companies, NSA To Route Around Domestic Surveillance
++ Restrictions</a>.</p>
++
++ <p>Specifically, it can collect the emails of members of Parliament
++ this way, because they pass it through Microsoft.</p>
+
+Id: 201606010
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2016-06-01
+Keywords: windows
+Blurb: <p>Once Microsoft has tricked a user
++ into accepting installation of Windows 10, <a
++
href="https://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/">they
++ find that they are denied the option to cancel or even postpone the
++ imposed date of installation</a>.</p>
++
++ <p>This demonstrates what we've said for years: using proprietary
++ software means letting someone have power over you, and you're going
++ to get screwed sooner or later.</p>
+
+Id: 201605310
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2016-05-31
+Keywords: facebook
+Blurb: <p>Facebook's app listens all the time, <a
++
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
++ snoop on what people are listening to or watching</a>. In addition,
++ it may be analyzing people's conversations to serve them with targeted
++ advertisements.</p>
+
+Id: 201605200
+Target: proprietary-drm.html proprietary-drm
+Target: malware-games.html malware-games
+PubDate: 2016-05-20
+Keywords: oculus virtual-reality
+Blurb: <p>Oculus Rift games now have <a
++
href="https://motherboard.vice.com/en_us/article/vv77ea/new-oculus-drm-cross-platform">
++ DRM meant to prevent running them on other systems</a>.</p>
+
+Id: 201605190
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2016-05-19
+Keywords: games censorship
+Blurb: <p>Apple censors games, <a
++
href="http://arstechnica.com/gaming/2016/05/apple-says-game-about-palestinian-child-isnt-a-game">
++ banning some games from the cr…app store</a> because of which
++ political points they suggest. Some political points are apparently
++ considered acceptable.</p>
+
+Id: 201605150
+Target: malware-google.html sabotage
+Target: proprietary-sabotage.html proprietary-sabotage
+PubDate: 2016-05-15
+Keywords: revolv
+Blurb: <p>Revolv is an IoT device which managed “smart home”
++ operations: switching the lights, operate motion sensors, regulating
++ temperature, etc. On May 15th, 2016, Google said it would shut down
++ the service linked to the device, making it unusable.</p>
++
++ <p>Although you may own the device, its functioning depended
++ on the server that never belonged to you. So you never
++ really had control of it. This unjust design is called <a
++ href="/philosophy/network-services-arent-free-or-nonfree.html">
++ Service as a Software Substitute (SaaSS)</a>. That is what gave the
++ company the power to convert it into a $300 out-of-warranty brick,
++ for your “dumb home”.</p>
+
+Id: 201605044
+Target: malware-apple.html incompatibility
+Target: proprietary-incompatibility.html proprietary-incompatibility
+PubDate: 2013-11-13
+PubDate: 2016-05-04
+Keywords: apps macos ios icloud
+Blurb: <p>iWork (office software that runs on MacOS,
++ iOS and iCloud) uses secret formats and <a
++ href="https://en.wikipedia.org/wiki/IWork">provides no means of
++ converting them to or from Open Document Formats</a>. iWork
++ formats have changed several times since they were first
++ introduced. This may have had the effect of thwarting <a
++ href="https://github.com/obriensp/iWorkFileFormat">reverse engineering
++ efforts</a>, thus preventing free software from fully supporting
++ them.</p>
++
++ <p>iWork formats are considered <a
++
href="https://wiki.harvard.edu/confluence/download/attachments/204385883/Format%20profile%20-%20Apple%20iWork%20Pages%20v04.docx?version=1&modificationDate=1459873751000&api=v2">
++ unfit for document preservation</a>.</p>
+
+Id: 201605040
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2016-05-04
+Keywords:
+Blurb: <p>The Apple Music client program <a
++
href="https://blog.vellumatlanta.com/2016/05/04/apple-stole-my-music-no-seriously/">scans
++ the user's file system for music files, copies them to an Apple server,
++ and deletes them</a>.</p>
+
+Id: 201605020
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-05-02
+Keywords: samsung
+Blurb: <p>Samsung's “Smart Home” has a big security hole; <a
++
href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">
++ unauthorized people can remotely control it</a>.</p>
++
++ <p>Samsung claims that this is an “open” platform so the
++ problem is partly the fault of app developers. That is clearly true
++ if the apps are proprietary software.</p>
++
++ <p>Anything whose name is “Smart” is most likely going
++ to screw you.</p>
+
+Id: 201604250
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+Target: proprietary-back-doors.html alter-data
+PubDate: 2016-04-25
+Keywords:
+Blurb: <p>A pregnancy test controller application not only can <a
++
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
++ spy on many sorts of data in the phone, and in server accounts,
++ it can alter them too</a>.</p>
+
+Id: 201604120
+Target: malware-apple.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-04-12
+Keywords: apps
+Blurb: <p>A bug in the iThings Messages app <a
++
href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed
++ a malicious web site to extract all the user's messaging
++ history</a>.</p>
+
+Id: 201604110
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-04-11
+Keywords: cameras
+Blurb: <p>Malware was found on <a
++
href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">
++ security cameras available through Amazon</a>.</p>
++
++ <p>A camera that records locally on physical media, and has no network
++ connection, does not threaten people with surveillance—neither
++ by watching people through the camera, nor through malware in the
++ camera.</p>
+
+Id: 201604050
+Target: malware-google.html sabotage
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2016-04-05
+Keywords: revolv
+Blurb: <p>Google/Alphabet <a
++
href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
++ intentionally broke Revolv home automatic control products that
++ depended on a server</a> to function, by shutting down the server.
++ The lesson is, reject all such products. Insist on self-contained
++ computers that run free software!</p>
+
+Id: 201603220
+Target: proprietary-surveillance.html SpywareInCameras
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-03-22
+Keywords:
+Blurb: <p>Over 70 brands of network-connected surveillance cameras have <a
++
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
++ security bugs that allow anyone to watch through them</a>.</p>
+
+Id: 201603170
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2016-03-17
+Keywords:
+Blurb: <p><a
++
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
++ Windows 10 comes with 13 screens of snooping options</a>, all enabled
++ by default, and turning them off would be daunting to most users.</p>
+
+Id: 201603100
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-03-10
+Keywords: payment apps
+Blurb: <p>Many proprietary payment apps <a
++
href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit
++ personal data in an insecure way</a>. However,
++ the worse aspect of these apps is that <a
++ href="/philosophy/surveillance-vs-democracy.html">payment is not
++ anonymous</a>.</p>
+
+Id: 201603090
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2016-03-09
+Keywords: windows
+Blurb: <p>Microsoft has made companies'
++ Windows machines managed by the company's sysadmins <a
++
href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
++ users to complain to the sysadmins about not “upgrading”
++ to Windows 10</a>.</p>
+
+Id: 201603080
+Target: proprietary-surveillance.html SpywareInElectronicReaders
+Target: malware-webpages.html malware-webpages
+PubDate: 2016-03-08
+Keywords: javascript
+Blurb: <p>E-books can contain JavaScript code, and <a
++
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
++ sometimes this code snoops on readers</a>.</p>
+
+Id: 201603020
+Target: proprietary-surveillance.html SpywareOnSmartWatches
+PubDate: 2016-03-02
+Keywords: wearables
+Blurb: <p>A very cheap “smart watch” comes with an Android app <a
++
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
++ that connects to an unidentified site in China</a>.</p>
++
++ <p>The article says this is a back door, but that could be a
++ misunderstanding. However, it is certainly surveillance, at least.</p>
+
+Id: 201602240
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2016-02-24
+Keywords: back-doors phone
+Blurb: <p id="nissan-modem">The Nissan Leaf has a built-in
++ cell phone modem which allows effectively anyone to <a
++ href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
++ access its computers remotely and make changes in various
++ settings</a>.</p>
++
++ <p>That's easy to do because the system has no authentication
++ when accessed through the modem. However, even if it asked
++ for authentication, you couldn't be confident that Nissan
++ has no access. The software in the car is proprietary, <a
++ href="/philosophy/free-software-even-more-important.html">which means
++ it demands blind faith from its users</a>.</p>
++
++ <p>Even if no one connects to the car remotely, the cell phone modem
++ enables the phone company to track the car's movements all the time;
++ it is possible to physically remove the cell phone modem, though.</p>
+
+Id: 201602050
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2016-02-05
+Keywords: ithings
+Blurb: <p>iOS version 9 for iThings <a
++
href="https://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair">sabotages
++ them irreparably if they were repaired by someone other than
++ Apple</a>. Apple eventually backed off from this policy under
++ criticism from the users. However, it has not acknowledged that this
++ was wrong.</p>
+
+Id: 201602030
+Target: proprietary-censorship.html google
+Target: malware-google.html censorship
+PubDate: 2016-02-03
+Keywords:
+Blurb: <p><a
++
href="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">
++ Google censored installation of Samsung's ad-blocker</a> on Android
++ phones, saying that blocking ads is “interference” with
++ the sites that advertise (and surveil users through ads).</p>
++
++ <p>The ad-blocker is proprietary software, just like the program
++ (Google Play) that Google used to deny access to install it. Using
++ a nonfree program gives the owner power over you, and Google has
++ exercised that power.</p>
++
++ <p>Google's censorship, unlike that of Apple, is not total: Android
++ allows users to install apps in other ways. You can install free
++ programs from f-droid.org.</p>
+
+Id: 201601310
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2014-10-23
+PubDate: 2016-01-31
+Keywords: ftdi driver
+Blurb: <p>FTDI's proprietary driver
++ for its USB-to-serial chips has been designed to <a
++
href="http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/">sabotage
++ alternative compatible chips</a>
++ so that they no longer work. Microsoft is <a
++
href="http://it.slashdot.org/story/16/01/31/1720259/ftdi-driver-breaks-hardware-again">installing
++ this automatically</a> as an “upgrade”.</p>
+
+Id: 201601160
+Target: proprietary-interference.html proprietary-interference
+Target: malware-microsoft.html interference
+PubDate: 2016-01-16
+Keywords: windows
+Blurb: <p>Microsoft has <a
++
href="http://www.theverge.com/2016/1/16/10780876/microsoft-windows-support-policy-new-processors-skylake">desupported
++ all future Intel CPUs for Windows 7 and 8</a>. Those
++ machines will be stuck with the nastier Windows 10. <a
++
href="http://gizmodo.com/only-the-latest-version-of-windows-will-run-on-some-fut-1753545825">
++ AMD and Qualcomm CPUs, too</a>.</p>
++
++ <p>Of course, Windows 7 and 8 are unethical too, because they are
++ proprietary software. But this example of Microsoft's wielding its
++ power demonstrates the power it holds.</p>
++
++ <p>Free software developers also stop maintaining old versions of
++ their programs, but this is not unfair to users because the users of
++ free software have control over it. If it is important enough to you,
++ you and other users can hire someone to support the old version on
++ your future platforms.</p>
+
+Id: 201601130
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2016-01-13
+Keywords: symphony
+Blurb: <p>Apps that include <a
++
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
++ Symphony surveillance software snoop on what radio and TV programs
++ are playing nearby</a>. Also on what users post on various sites
++ such as Facebook, Google+ and Twitter.</p>
+
+Id: 201601110
+Target: proprietary-surveillance.html SpywareInTelephones
+Target: malware-mobiles.html surveillance
+PubDate: 2016-01-11
+Keywords:
+Blurb: <p>The natural extension of monitoring
++ people through “their” phones is <a
++
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
++ proprietary software to make sure they can't “fool”
++ the monitoring</a>.</p>
+
+Id: 201601100
+Target: proprietary-drm.html proprietary-drm
+Target: malware-appliances.html malware-appliances
+PubDate: 2016-01-10
+Keywords: 3d-printer
+Blurb: <p>The <a
++ href="http://michaelweinberg.org/post/137045828005/free-the-cube">
++ “Cube” 3D printer was designed with DRM</a>: it
++ won't accept third-party printing materials. It is the Keurig of
++ printers. Now it is being discontinued, which means that eventually
++ authorized materials won't be available and the printers may become
++ unusable.</p>
++
++ <p>With a <a
++ href="http://www.fsf.org/resources/hw/endorsement/aleph-objects">
++ printer that gets the Respects Your Freedom</a>, this problem would
++ not even be a remote possibility.</p>
++
++ <p>How pitiful that the author of that article says that there was
++ “nothing wrong” with designing the device to restrict
++ users in the first place. This is like putting a “cheat me and
++ mistreat me” sign on your chest. We should know better: we
++ should condemn all companies that take advantage of people like him.
++ Indeed, it is the acceptance of their unjust practice that teaches
++ people to be doormats.</p>
+
+Id: 201601050
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2016-01-05
+Keywords:
+Blurb: <p>It appears <a
++
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
++ Windows 10 sends data to Microsoft about what applications are
++ running</a>.</p>
+
+Id: 201512290
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2015-12-29
+Keywords: console
+Blurb: <p>Many <a
++
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
++ video game consoles snoop on their users and report to the
++ internet</a>—even what their users weigh.</p>
++
++ <p>A game console is a computer, and you can't trust a computer with
++ a nonfree operating system.</p>
+
+Id: 201512280
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html back-doors
+Target: proprietary-back-doors.html spy
+PubDate: 2015-12-28
+Keywords:
+Blurb: <p>Microsoft has <a
++
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
++ backdoored its disk encryption</a>.</p>
+
+Id: 201512260
+Target: proprietary-drm.html proprietary-drm
+Target: malware-apple.html drm
+PubDate: 2015-12-26
+Keywords: ithings
+Blurb: <p><a
++
href="https://motherboard.vice.com/en_us/article/bmvxp4/switzerland-wants-a-single-universal-phone-charger-by-2017">
++ Apple uses DRM software to prevent people from charging an iThing
++ with a generic USB cable</a>.</p>
+
+Id: 201512140
+Target: proprietary-drm.html proprietary-drm
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-12-14
+Keywords: philips
+Blurb: <p>Philips “smart” lightbulbs had initially been
++ designed to interact with other companies' smart light bulbs, but <a
++
href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml">
++ later the company updated the firmware to disallow
++ interoperability</a>.</p>
++
++ <p>If a product is “smart”, and you didn't build it,
++ it is cleverly serving its manufacturer <em>against you</em>.</p>
+
+Id: 201512074
+Target: malware-appliances.html malware-appliances
+Target: proprietary-back-doors.html alter-data
+PubDate: 2013-10-14
+PubDate: 2012-12-25
+PubDate: 2015-12-07
+Keywords: router dlink tplink
+Blurb: <p><a
++
href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html">
++ Some D-Link routers</a> have a back door for changing settings in a
++ dlink of an eye.</p>
++
++ <p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link
++ router has a back door</a>.</p>
++
++ <p><a href="https://github.com/elvanderb/TCP-32764">Many models of
++ routers have back doors</a>.</p>
+
+Id: 201511264
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2015-11-26
+Keywords:
+Blurb: <p>A downgrade to Windows 10 deleted surveillance-detection
++ applications. Then another downgrade inserted a general spying
++ program. Users noticed this and complained, so Microsoft renamed it <a
++
href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
++ to give users the impression it was gone</a>.</p>
++
++ <p>To use proprietary software is to invite such treatment.</p>
+
+Id: 201511260
+Target: proprietary-back-doors.html other
+PubDate: 2015-11-26
+Keywords: dell windows
+Blurb: <p>Dell computers, shipped with
++ Windows, had a bogus root certificate that <a
++
href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/">
++ allowed anyone (not just Dell) to remotely authorize any software to
++ run</a> on the computer.</p>
+
+Id: 201511250
+Target: proprietary-surveillance.html SpywareInCameras
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-11-25
+Keywords: nest-cam
+Blurb: <p>The Nest Cam “smart” camera is <a
++ href="http://www.bbc.com/news/technology-34922712">always watching</a>,
++ even when the “owner” switches it “off.”</p>
++
++ <p>A “smart” device means the manufacturer is using it
++ to outsmart you.</p>
+
+Id: 201511244
+Target: malware-google.html sabotage
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: proprietary-back-doors.html alter-data
+PubDate: 2015-11-24
+Keywords: android
+Blurb: <p>Google has long had <a
++
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
++ back door to remotely unlock an Android device</a>, unless its disk
++ is encrypted (possible since Android 5.0 Lollipop, but still not
++ quite the default).</p>
+
+Id: 201511240
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2015-11-24
+Keywords: windows
+Blurb: <p>Windows 10 “upgrades” <a
++
href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/">
++ delete applications</a> without asking permission.</p>
+
+Id: 201511198
+Target: malware-appliances.html malware-appliances
+Target: proprietary-back-doors.html other
+PubDate: 2015-11-19
+Keywords: modem arris
+Blurb: <p>ARRIS cable modem has a <a
++
href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
++ back door in the back door</a>.</p>
+
+Id: 201511194
+Target: proprietary-back-doors.html alter-data
+Target: malware-cars.html malware-cars
+PubDate: 2015-11-19
+Keywords: caterpillar
+Blurb: <p>Caterpillar vehicles come with <a
++
href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">
++ a back door to shutoff the engine</a> remotely.</p>
+
+Id: 201511190
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-11-19
+Keywords: android
+Blurb: <p>“Cryptic communication,”
++ unrelated to the app's functionality, was <a
++ href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
++ found in the 500 most popular gratis Android apps</a>.</p>
++
++ <p>The article should not have described these apps as
++ “free”—they are not free software. The clear way
++ to say “zero price” is “gratis.”</p>
++
++ <p>The article takes for granted that the usual analytics tools are
++ legitimate, but is that valid? Software developers have no right to
++ analyze what users are doing or how. “Analytics” tools
++ that snoop are just as wrong as any other snooping.</p>
+
+Id: 201511130
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-11-13
+Keywords:
+Blurb: <p>Some web and TV advertisements play inaudible
++ sounds to be picked up by proprietary malware running
++ on other devices in range so as to determine that they
++ are nearby. Once your Internet devices are paired with
++ your TV, advertisers can correlate ads with Web activity, and other <a
++
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
++ cross-device tracking</a>.</p>
+
+Id: 201511110
+Target: proprietary-deception.html proprietary-deception
+PubDate: 2015-11-11
+Keywords: instagram-client
+Blurb: <p>A top-ranking proprietary Instagram client promising
++ to tell users who's been watching their pictures was in reality <a
++
href="http://www.theguardian.com/technology/2015/nov/11/top-ranking-free-app-stole-instagram-passwords">stealing
++ their credentials</a>, advertising itself on their feed, and posting
++ images without their consent.</p>
+
+Id: 201511090
+Target: malware-mobiles.html back-doors
+Target: proprietary-back-doors.html install-delete
+PubDate: 2015-11-09
+Keywords: baidu android
+Blurb: <p>Baidu's proprietary Android library, Moplus, has a back door that <a
++
href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made">
++ can “upload files” as well as forcibly install
++ apps</a>.</p>
++
++ <p>It is used by 14,000 Android applications.</p>
+
+Id: 201511060
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-11-06
+Keywords: vizio
+Blurb: <p>Vizio goes a step further than other TV
++ manufacturers in spying on their users: their <a
++
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
++ “smart” TVs analyze your viewing habits in detail and
++ link them your IP address</a> so that advertisers can track you
++ across devices.</p>
++
++ <p>It is possible to turn this off, but having it enabled by default
++ is an injustice already.</p>
+
+Id: 201511020
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-11-02
+Keywords: tivo viacom
+Blurb: <p>Tivo's alliance with Viacom adds 2.3 million households
++ to the 600 millions social media profiles the company
++ already monitors. Tivo customers are unaware they're
++ being watched by advertisers. By combining TV viewing
++ information with online social media participation, Tivo can now <a
++ href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
++ correlate TV advertisement with online purchases</a>, exposing all
++ users to new combined surveillance by default.</p>
+
+Id: 201510300
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-10-30
+Keywords:
+Blurb: <p>More than 73% and 47% of mobile applications, from Android and iOS
++ respectively <a href="https://techscience.org/a/2015103001/">share
++ personal, behavioral and location information</a> of their users with
++ third parties.</p>
+
+Id: 201510270
+Target: malware-apple.html pressuring
+PubDate: 2015-10-27
+Keywords: voice-control
+Blurb: <p>Apple Siri <a
++
href="http://www.theguardian.com/technology/2015/oct/27/apple-music-subscribers-siri-questions">refuses
++ to give you information</a> about music charts if you're not an Apple
++ Music subscriber.</p>
+
+Id: 201510220
+Target: proprietary-interference.html proprietary-interference
+Target: malware-adobe.html malware-adobe
+PubDate: 2015-10-22
+Keywords:
+Blurb: <p>Adobe nonfree software may halt
++ all other work and freeze a computer <a
++ href="http://shallowsky.com/blog/gimp/non-free-software-surprises.html">
++ to perform a license check</a>, at a random time every 30 days.</p>
+
+Id: 201510210
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-10-21
+Keywords: fitbit
+Blurb: <p>FitBit fitness trackers have a <a
++
href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/">
++ Bluetooth vulnerability</a> that allows attackers to send malware
++ to the devices, which can subsequently spread to computers and other
++ FitBit trackers that interact with them.</p>
+
+Id: 201510200
+Target: malware-appliances.html malware-appliances
+Target: proprietary-back-doors.html other
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-10-20
+Keywords: western-digital
+Blurb: <p>“Self-encrypting” disk drives
++ do the encryption with proprietary firmware so you
++ can't trust it. Western Digital's “My Passport” drives <a
++
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
++ have a back door</a>.</p>
+
+Id: 201510050
+Target: proprietary-surveillance.html SpywareInTelephones
+Target: malware-mobiles.html surveillance
+PubDate: 2015-10-05
+Keywords:
+Blurb: <p>According to Edward Snowden, <a
++ href="http://www.bbc.com/news/uk-34444233">agencies can take over
++ smartphones</a> by sending hidden text messages which enable
++ them to turn the phones on and off, listen to the microphone,
++ retrieve geo-location data from the GPS, take photographs, read
++ text messages, read call, location and web browsing history, and
++ read the contact list. This malware is designed to disguise itself
++ from investigation.</p>
+
+Id: 201510020
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2015-10-02
+Keywords: ithings
+Blurb: <p>Apple forced millions of iThings to <a
++ href="https://discussions.apple.com/thread/7256669?tstart=0">download
++ a system upgrade without asking the users</a>. Apple did not
++ forcibly install the upgrade but the downloading alone caused lots
++ of trouble.</p>
+
+Id: 201509290
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2015-09-29
+Keywords: ithings censorship
+Blurb: <p>Apple <a href="http://ifixit.org/blog/7401/ifixit-app-pulled/">
++ banned a program from the App Store</a> because its developers
++ committed the enormity of disassembling some iThings.</p>
+
+Id: 201509240
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2015-09-24
+PubDate: 2014-09-01
+Keywords: icloud
+Blurb: <p>iThings automatically upload to Apple's servers all the photos
++ and videos they make.</p>
++
++ <blockquote><p> iCloud Photo Library stores every photo and video you
++ take, and keeps them up to date on all your devices. Any edits you
++ make are automatically updated everywhere. […] </p></blockquote>
++
++ <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud
++ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
++ <a href="https://support.apple.com/en-us/HT202033">activated by the
++ startup of iOS</a>. The term “cloud” means “please
++ don't ask where.”</p>
++
++ <p>There is a way to
++ <a href="https://support.apple.com/en-us/HT201104"> deactivate
++ iCloud</a>, but it's active by default so it still counts as a
++ surveillance functionality.</p>
++
++ <p>Unknown people apparently took advantage of this to <a
++
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
++ nude photos of many celebrities</a>. They needed to break Apple's
++ security to get at them, but NSA can access any of them through <a
++
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
+
+Id: 201509230
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2015-09-23
+Keywords: censorship
+Blurb: <p>As of 2015, Apple <a
++
href="http://www.theguardian.com/commentisfree/2015/sep/23/apple-anti-choice-tendencies-showing-in-app-store-reproductive-rights">
++ systematically bans apps that endorse abortion rights or would help
++ women find abortions</a>.</p>
++
++ <p>This particular political slant <a
++
href="http://www.theguardian.com/technology/2011/dec/01/siri-abortion-apple-unintenional-omissions">
++ affects other Apple services</a>.</p>
+
+Id: 201509220
+Target: proprietary-surveillance.html SpywareInBIOS
+Target: proprietary-sabotage.html proprietary-sabotage
+PubDate: 2015-09-22
+Keywords: lenovo
+Blurb: <p><a
++
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
++ Lenovo stealthily installed crapware and spyware via
++ BIOS</a> on Windows installs. Note that the specific
++ sabotage method Lenovo used did not affect GNU/Linux; also, a
++ “clean” Windows install is not really clean since <a
++ href="/proprietary/malware-microsoft.html">Microsoft puts in its
++ own malware</a>.</p>
+
+Id: 201509210
+Target: proprietary-deception.html proprietary-deception
+Target: malware-cars.html malware-cars
+PubDate: 2015-09-21
+Keywords: volkswagen
+Blurb: <p>Volkswagen programmed its car engine computers to <a
++
href="https://www.petri.com/volkswagen-used-software-to-cheat-on-emissions">
++ detect the Environmental Protection Agency's emission tests</a>, and
++ run dirty the rest of the time. In real driving, the cars exceeded
++ emissions standards by a factor of up to 35.</p>
++
++ <p>Using free software would not have stopped Volkswagen from
++ programming it this way, but would have made it harder to conceal,
++ and given the users the possibility of correcting the deception.</p>
+
+Id: 201509160
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+Target: proprietary-back-doors.html alter-data
+PubDate: 2015-09-16
+Keywords:
+Blurb: <p>Modern gratis game cr…apps <a
++
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
++ collect a wide range of data about their users and their users'
++ friends and associates</a>.</p>
++
++ <p>Even nastier, they do it through ad networks that merge the data
++ collected by various cr…apps and sites made by different
++ companies.</p>
++
++ <p>They use this data to manipulate people to buy things, and hunt for
++ “whales” who can be led to spend a lot of money. They also
++ use a back door to manipulate the game play for specific players.</p>
++
++ <p>While the article describes gratis games, games that cost money
++ can use the same tactics.</p>
+
+Id: 201508210
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-08-21
+PubDate: 2015-08-21
+Keywords: spotify
+Blurb: <p>Like most “music screaming” disservices, Spotify is
++ based on proprietary malware (DRM and snooping). In August 2015 it <a
++
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
++ demanded users submit to increased snooping</a>, and some are starting
++ to realize that it is nasty.</p>
++
++ <p>This article shows the <a
++
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
++ twisted ways that they present snooping as a way to “serve”
++ users better</a>—never mind whether they want that. This is a
++ typical example of the attitude of the proprietary software industry
++ towards those they have subjugated.</p>
++
++ <p>Out, out, damned Spotify!</p>
+
+Id: 201508180
+Target: proprietary-surveillance.html SpywareInWindows
+PubDate: 2015-08-18
+Keywords: intel
+Blurb: <p><a
++
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
++ Intel devices will be able to listen for speech all the time, even
++ when “off.”</a></p>
+
+Id: 201508130
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2015-08-13
+Keywords:
+Blurb: <p><a
++
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
++ Windows 10 sends identifiable information to Microsoft</a>, even if
++ a user turns off its Bing search and Cortana features, and activates
++ the privacy-protection settings.</p>
+
+Id: 201508120
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-08-12
+Keywords:
+Blurb: <p>Security researchers discovered a <a
++
href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text">
++ vulnerability in diagnostic dongles used for vehicle tracking and
++ insurance</a> that let them take remote control of a car or lorry
++ using an SMS.</p>
+
+Id: 201507300
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2015-07-30
+Keywords:
+Blurb: <p>Windows 10 <a
++
href="https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
++ ships with default settings that show no regard for the privacy of
++ its users</a>, giving Microsoft the “right” to snoop on
++ the users' files, text input, voice input, location info, contacts,
++ calendar records and web browsing history, as well as automatically
++ connecting the machines to open hotspots and showing targeted ads.</p>
++
++ <p>We can suppose Microsoft look at users' files for the US government
++ on demand, though the “privacy policy” does not explicitly
++ say so. Will it look at users' files for the Chinese government
++ on demand?</p>
+
+Id: 201507280
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInChrome
+PubDate: 2015-07-28
+Keywords:
+Blurb: <p>Google Chrome makes it easy for an extension to do <a
++
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
++ snooping on the user's browsing</a>, and many of them do so.</p>
+
+Id: 201507240
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-07-24
+Keywords: vizio
+Blurb: <p>Vizio “smart” TVs recognize and <a
++ href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
++ what people are watching</a>, even if it isn't a TV channel.</p>
+
+Id: 201507214
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-07-21
+Keywords: jeep
+Blurb: <p>Crackers were able to <a
++
href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">
++ take remote control of the Jeep</a> “connected car”. They
++ could track the car, start or stop the engine, and activate or
++ deactivate the brakes, and more.</p>
++
++ <p>I expect that Chrysler and the NSA can do this too.</p>
++
++ <p>If I ever own a car, and it contains a portable phone, I will
++ deactivate that.</p>
+
+Id: 201507150
+Target: proprietary-subscriptions.html proprietary-subscriptions
+Target: malware-microsoft.html subscriptions
+PubDate: 2015-07-15
+Keywords: office
+Blurb: <p>Microsoft Office forces users <a
++
href="https://www.computerworld.com/article/2948755/windows-apps/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to
++ subscribe to Office 365 to be able to create/edit documents</a>.</p>
+
+Id: 201507030
+Target: proprietary-surveillance.html SpywareInAndroid
+Target: malware-mobiles.html surveillance
+PubDate: 2015-07-03
+Keywords: samsung
+Blurb: <p>Samsung phones come with <a
++
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
++ that users can't delete</a>, and they send so much data that their
++ transmission is a substantial expense for users. Said transmission,
++ not wanted or requested by the user, clearly must constitute spying
++ of some kind.</p>
+
+Id: 201506264
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-06-26
+Keywords: android
+Blurb: <p><a
++
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
++ study in 2015</a> found that 90% of the top-ranked gratis proprietary
++ Android apps contained recognizable tracking libraries. For the paid
++ proprietary apps, it was only 60%.</p>
++
++ <p>The article confusingly describes gratis apps as
++ “free”, but most of them are not in fact <a
++ href="/philosophy/free-sw.html">free software</a>. It also uses the
++ ugly word “monetize”. A good replacement for that word
++ is “exploit”; nearly always that will fit perfectly.</p>
+
+Id: 201506260
+Target: proprietary-interference.html proprietary-interference
+PubDate: 2015-06-26
+Keywords: oracle
+Blurb: <p>Oracle made a deal with Yahoo; Oracle's nonfree Java plug-in will <a
++
href="http://searchengineland.com/yahoo-signs-deal-with-oracle-to-attract-new-users-via-java-installs-224097">
++ change the user's initial web page, and default search engine, to
++ Yahoo</a> unless the user intervenes to stop it.</p>
+
+Id: 201506250
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2015-06-25
+Keywords: apps censorship
+Blurb: <p>Apple has banned iThing
++ applications that show the confederate flag. <a
++
href="http://www.huffingtonpost.com/2015/06/25/apple-confederate-flag_n_7663754.html">
++ Not only those that use it as a symbol of racism</a>, but even
++ strategic games that use it to represent confederate army units
++ fighting in the Civil War.</p>
++
++ <p>This ludicrous rigidity illustrates the point that Apple should
++ not be allowed to censor apps. Even if Apple carried out this act of
++ censorship with some care, it would still be wrong. Whether racism
++ is bad, whether educating people about drone attacks is bad, are not
++ the real issue. Apple should not have the power to impose its views
++ about either of these questions, or any other.</p>
+
+Id: 201506180
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInChrome
+PubDate: 2015-06-18
+Keywords:
+Blurb: <p>Google Chrome includes a module that <a
++
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
++ activates microphones and transmits audio to its servers</a>.</p>
+
+Id: 201506170
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2015-06-17
+Keywords:
+Blurb: <p>Microsoft uses Windows 10's “privacy policy”
++ to overtly impose a “right” to look at
++ users' files at any time. Windows 10 full disk encryption <a
++
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
++ gives Microsoft a key</a>.</p>
++
++ <p>Thus, Windows is overt malware in regard to surveillance, as in
++ other issues.</p>
++
++ <p>We can suppose Microsoft look at users' files for the US government
++ on demand, though the “privacy policy” does not explicit
++ say so. Will it look at users' files for the Chinese government
++ on demand?</p>
++
++ <p>The unique “advertising ID” for each user enables
++ other companies to track the browsing of each specific user.</p>
++
++ <p>It's as if Microsoft has deliberately chosen to make Windows 10
++ maximally evil on every dimension; to make a grab for total power
++ over anyone that doesn't drop Windows now.</p>
+
+Id: 201506080
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-06-08
+Keywords: health
+Blurb: <p>Due to bad security in a drug pump, crackers could use it to <a
++
href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">
++ kill patients</a>.</p>
+
+Id: 201505294
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-05-29
+Keywords: apps
+Blurb: <p><a
++
href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html">
++ Many smartphone apps use insecure authentication methods when storing
++ your personal data on remote servers</a>. This leaves personal
++ information like email addresses, passwords, and health information
++ vulnerable. Because many of these apps are proprietary it makes it
++ hard to impossible to know which apps are at risk.</p>
+
+Id: 201505290
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-05-29
+Keywords: verizon
+Blurb: <p>Verizon cable TV <a
++
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
++ snoops on what programs people watch, and even what they wanted to
++ record</a>.</p>
+
+Id: 201505060
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-05-06
+Keywords: android
+Blurb: <p>Gratis Android apps (but not <a
++ href="/philosophy/free-sw.html">free software</a>) connect to 100 <a
++
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
++ and advertising</a> URLs, on the average.</p>
+
+Id: 201505050
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-05-05
+Keywords: health
+Blurb: <p>Hospira infusion pumps, which are used
++ to administer drugs to a patient, were rated “<a
++
href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least
++ secure IP device I've ever seen</a>” by a security
++ researcher.</p>
++
++ <p>Depending on what drug is being infused, the insecurity could open
++ the door to murder.</p>
+
+Id: 201504300
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-04-30
+Keywords: vizio
+Blurb: <p>Vizio <a
++ href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
++ used a firmware “upgrade” to make its TVs snoop on what
++ users watch</a>. The TVs did not do that when first sold.</p>
+
+Id: 201504090
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html back-doors
+Target: proprietary-back-doors.html other
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2015-04-09
+Keywords: macos
+Blurb: <p>Mac OS X had an <a
++
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
++ intentional local back door for 4 years</a>, which could be exploited
++ by attackers to gain root privileges.</p>
+
+Id: 201504060
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2015-04-06
+Keywords: qr-code
+Blurb: <p>Widely used <a
++
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
++ QR-code scanner apps snoop on the user</a>. This is in addition to
++ the snooping done by the phone company, and perhaps by the OS in
++ the phone.</p>
++
++ <p>Don't be distracted by the question of whether the app developers
++ get users to say “I agree”. That is no excuse for
++ malware.</p>
+
+Id: 201503260
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2014-04-10
+PubDate: 2015-03-26
+Keywords: windows
+Blurb: <p><a
++
href="https://www.computerworlduk.com/it-business/windows-xp-end-of-an-era-end-of-an-error-3569489/">Microsoft
++ cut off security fixes for Windows XP, except to some big users that
++ pay exorbitantly</a>.</p>
++
++ <p>Microsoft is going to <a
++
href="https://www.computerworlduk.com/applications/more-than-half-of-all-ie-users-face-patch-axe-in-10-months-3605515/">
++ cut off support for some Internet Explorer versions</a> in the same
++ way.</p>
++
++ <p>A person or company has the right to cease to work on a particular
++ program; the wrong here is Microsoft does this after having made the
++ users dependent on Microsoft, because they are not free to ask anyone
++ else to work on the program for them.</p>
+
+Id: 201503210
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-amazon.html back-doors
+PubDate: 2015-03-21
+Keywords:
+Blurb: <p>Amazon <a
++
href="https://www.techdirt.com/articles/20150321/13350230396/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices.shtml">
++ downgraded the software in users' Swindles</a> so that those already
++ rooted would cease to function at all.</p>
+
+Id: 201502180
+Target: proprietary-surveillance.html SpywareInToys
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-02-18
+Keywords: barbie
+Blurb: <p>Barbie <a
++
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
++ going to spy on children and adults</a>.</p>
+
+Id: 201502090
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2015-02-09
+PubDate: 2015-02-09
+Keywords: samsung
+Blurb: <p>The Samsung “Smart” TV <a
++
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
++ transmits users' voice on the internet to another company, Nuance</a>.
++ Nuance can save it and would then have to give it to the US or some
++ other government.</p>
++
++ <p>Speech recognition is not to be trusted unless it is done by free
++ software in your own computer.</p>
++
++ <p>In its privacy policy, Samsung explicitly confirms that <a
++
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
++ data containing sensitive information will be transmitted to third
++ parties</a>.</p>
+
+Id: 201501030
+Target: proprietary-drm.html proprietary-drm
+Target: malware-mobiles.html drm
+PubDate: 2015-01-03
+Keywords: netflix
+Blurb: <p id="netflix-app-geolocation-drm">The Netflix Android app <a
++
href="http://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/">
++ forces the use of Google DNS</a>. This is one of the methods that
++ Netflix uses to enforce the geolocation restrictions dictated by the
++ movie studios.</p>
+
+Id: 201412180
+Target: malware-mobiles.html back-doors
+Target: proprietary-back-doors.html universal
+PubDate: 2014-12-18
+Keywords: coolpad android
+Blurb: <p><a
++
href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor">
++ A Chinese version of Android has a universal back door</a>. Nearly
++ all models of mobile phones have a <a href="#universal-back-door">
++ universal back door in the modem chip</a>. So why did Coolpad bother
++ to introduce another? Because this one is controlled by Coolpad.</p>
+
+Id: 201412110
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2014-12-11
+Keywords: censorship
+Blurb: <p><a
++
href="http://www.theguardian.com/technology/2014/dec/11/papers-please-game-ipad-nude-body-scans">
++ More examples of Apple's arbitrary and inconsistent censorship</a>.</p>
+
+Id: 201412040
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2014-12-04
+Keywords: ithings
+Blurb: <p>Apple <a
++
href="http://www.theguardian.com/technology/2014/dec/04/apple-deleted-music-ipods-rivals-steve-jobs">
++ deleted from iPods the music that users had got from internet music
++ stores that competed with iTunes</a>.</p>
+
+Id: 201412010
+Target: malware-apple.html tyrants
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2014-12-01
+Keywords:
+Blurb: <p>Apple arbitrarily <a
++ href="http://9to5mac.com/2014/12/01/ios-8-1-signing-window-closed/">blocks
++ users from installing old versions of iOS</a>.</p>
+
+Id: 201411260
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2014-11-26
+Keywords:
+Blurb: <p>Many proprietary apps for mobile devices
++ report which other apps the user has installed. <a
++ href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
++ is doing this in a way that at least is visible and optional</a>. Not
++ as bad as what the others do.</p>
+
+Id: 201411090
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+Target: malware-amazon.html misc
+PubDate: 2014-11-09
+Keywords: amazon
+Blurb: <p>The Amazon “Smart” TV is <a
++
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
++ snooping all the time</a>.</p>
+
+Id: 201411040
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2014-11-04
+Keywords:
+Blurb: <p>Apple has made various <a
++
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
++ MacOS programs send files to Apple servers without asking
++ permission</a>. This exposes the files to Big Brother and perhaps
++ to other snoops.</p>
++
++ <p>It also demonstrates how you can't trust proprietary software,
++ because even if today's version doesn't have a malicious functionality,
++ tomorrow's version might add it. The developer won't remove the
++ malfeature unless many users push back hard, and the users can't
++ remove it themselves.</p>
+
+Id: 201410300
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2014-10-30
+PubDate: 2014-10-28
+Keywords:
+Blurb: <p> MacOS automatically <a
++
href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
++ sends to Apple servers unsaved documents being edited</a>. The
++ things you have not decided to save are <a
++
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
++ even more sensitive</a> than the things you have stored in files.</p>
+
+Id: 201410220
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2014-10-22
+Keywords:
+Blurb: <p>Apple admits the <a
++
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
++ spying in a search facility</a>, but there's a lot <a
++ href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping
++ that Apple has not talked about</a>.</p>
+
+Id: 201410200
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2014-10-20
+Keywords:
+Blurb: <p>Various operations in <a
++
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
++ the latest MacOS send reports to Apple</a> servers.</p>
+
+Id: 201410130
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-games.html malware-games
+PubDate: 2014-10-13
+Keywords: nintendo wii
+Blurb: <p><a
++
href="https://www.eff.org/deeplinks/2014/10/nintendo-updates-take-wii-u-hostage-until-you-agree-new-legal-terms">Nintendo
++ remotely sabotaged all Wiis, making them refuse to work unless the
++ user agrees to a new EULA</a>.</p>
++
++ <p>We can be quite sure this EULA is unjust because injustice is the
++ only motive for imposing an EULA.</p>
+
+Id: 201410081
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2014-10-08
+Keywords: surveillance adobe e-readers
+Blurb: <p>Adobe made “Digital Editions,”
++ the e-reader used by most US libraries, spy on the user <a
++
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">for
++ the sake of DRM.</a></p>
+
+Id: 201410080
+Target: proprietary-surveillance.html SpywareInElectronicReaders
+Target: malware-adobe.html malware-adobe
+PubDate: 2014-10-08
+Keywords: drm
+Blurb: <p>Adobe made “Digital Editions,”
++ the e-reader used by most US libraries, <a
++
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
++ send lots of data to Adobe</a>. Adobe's “excuse”: it's
++ needed to check DRM!</p>
+
+Id: 201410040
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2014-10-04
+Keywords:
+Blurb: <p>It only gets worse with time. <a
++
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
++ Windows 10 requires users to give permission for total snooping</a>,
++ including their files, their commands, their text input, and their
++ voice input.</p>
+
+Id: 201409290
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+PubDate: 2014-09-29
+Keywords:
+Blurb: <p>More or less all “smart” TVs <a
++
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
++ on their users</a>.</p>
++
++ <p>The report was as of 2014, but we don't expect this has got
++ better.</p>
++
++ <p>This shows that laws requiring products to get users' formal
++ consent before collecting personal data are totally inadequate.
++ And what happens if a user declines consent? Probably the TV will
++ say, “Without your consent to tracking, the TV will not
++ work.”</p>
++
++ <p>Proper laws would say that TVs are not allowed to report what the
++ user watches—no exceptions!</p>
+
+Id: 201409220
+Target: malware-apple.html surveillance
+Target: proprietary-surveillance.html SpywareIniThings
+Target: proprietary-back-doors.html spy
+PubDate: 2014-05-08
+PubDate: 2014-09-17
+PubDate: 2014-09-22
+Keywords:
+Blurb: <p>Apple can, and regularly does, <a
++
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
++ remotely extract some data from iPhones for the state</a>.</p>
++
++ <p>This may have improved with <a
++
href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html">
++ iOS 8 security improvements</a>; but <a
++ href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
++ not as much as Apple claims</a>.</p>
+
+Id: 201408290
+Target: proprietary-censorship.html consoles
+PubDate: 2014-08-29
+Keywords: nintendo
+Blurb: <p>The <a
++
href="https://www.gamespot.com/articles/nintendos-new-3ds-charges-30-cents-to-remove-an-in/1100-6421996/">
++ Nintendo 3DS</a> censors web browsing; it is possible to turn off
++ the censorship, but that requires identifying oneself to pay, which
++ is a form of surveillance.</p>
+
+Id: 201407230
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2014-07-23
+Keywords:
+Blurb: <p><a
++
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
++ Several “features” of iOS seem to exist
++ for no possible purpose other than surveillance</a>. Here is the <a
++
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
++ Technical presentation</a>.</p>
+
+Id: 201407170
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareAtHome
+Target: malware-appliances.html malware-appliances
+PubDate: 2014-07-17
+Keywords: nest
+Blurb: <p id="nest-thermometers">Nest thermometers send <a
++ href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
++ data about the user</a>.</p>
+
+Id: 201407090
+Target: proprietary-surveillance.html SpywareOnSmartWatches
+PubDate: 2014-07-09
+Keywords: wearables
+Blurb: <p>An LG “smart” watch is designed <a
++
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
++ to report its location to someone else and to transmit conversations
++ too</a>.</p>
+
+Id: 201405250
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2014-02-07
+PubDate: 2014-05-25
+Keywords: apps censorship
+Blurb: <p>Apple used this censorship power in 2014 to <a
++
href="http://boingboing.net/2014/02/07/apple-yanks-last-remaining-bit.html">
++ ban all bitcoin apps</a> for the iThings for a time. It also <a
++
href="http://www.gamespot.com/articles/apple-removes-game-about-growing-marijuana-from-app-store/1100-6419864/">
++ banned a game about growing marijuana</a>, while permitting games
++ about other crimes such as killing people. Perhaps Apple considers
++ killing more acceptable than marijuana.</p>
+
+Id: 201405201
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-appliances.html malware-appliances
+PubDate: 2014-05-20
+Keywords: lg
+Blurb: <p>LG <a
++
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
++ disabled network features</a> on <em>previously purchased</em>
++ “smart” TVs, unless the purchasers agreed to let LG begin
++ to snoop on them and distribute their personal data.</p>
+
+Id: 201405200
+Target: proprietary-surveillance.html SpywareInTVSets
+PubDate: 2013-11-18
+PubDate: 2013-11-21
+PubDate: 2014-05-20
+Keywords: lg appliances
+Blurb: <p>Spyware in LG “smart” TVs <a
++
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
++ reports what the user watches, and the switch to turn this off has
++ no effect</a>. (The fact that the transmission reports a 404 error
++ really means nothing; the server could save that data anyway.)</p>
++
++ <p>Even worse, it <a
++
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
++ snoops on other devices on the user's local network</a>.</p>
++
++ <p>LG later said it had installed a patch to stop this, but any
++ product could spy this way.</p>
++
++ <p>Meanwhile, LG TVs <a
++
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
++ do lots of spying anyway</a>.</p>
+
+Id: 201405190
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2014-05-19
+Keywords: apps
+Blurb: <p>An app to prevent “identity theft”
++ (access to personal data) by storing users' data on a special server <a
++
href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was
++ deactivated by its developer</a> which had discovered a security
++ flaw.</p>
++
++ <p>That developer seems to be conscientious about protecting personal
++ data from third parties in general, but it can't protect that data
++ from the state. Quite the contrary: confiding your data to someone
++ else's server, if not first encrypted by you with free software,
++ undermines your rights.</p>
+
+Id: 201405140
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-microsoft.html surveillance
+PubDate: 2014-05-14
+Keywords: skydrive
+Blurb: <p><a
++
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
++ Microsoft SkyDrive allows the NSA to directly examine users'
++ data</a>.</p>
+
+Id: 201404250
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2014-04-25
+Keywords: health
+Blurb: <p>Lots of <a
++ href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">
++ hospital equipment has lousy security</a>, and it can be fatal.</p>
+
+Id: 201403150
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2014-03-15
+Keywords: intel
+Blurb: <p><a href="http://soylentnews.org/article.pl?sid=14/03/15/1912255">
++ Intel processors will have tyrant software built in</a>.</p>
+
+Id: 201403121
+Target: malware-mobiles.html back-doors
+Target: proprietary-back-doors.html alter-data
+PubDate: 2014-03-12
+Keywords: samsung android
+Blurb: <p id="samsung"><a
++
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
++ Samsung Galaxy devices running proprietary Android versions come with
++ a back door</a> that provides remote access to the files stored on
++ the device.</p>
+
+Id: 201403120
+Target: proprietary-surveillance.html SpywareInAndroid
+Target: malware-mobiles.html surveillance
+PubDate: 2014-03-12
+Keywords: back-doors
+Blurb: <p><a href="/proprietary/proprietary-back-doors.html#samsung">
++ Samsung's back door</a> provides access to any file on the system.</p>
+
+Id: 201402210
+Target: malware-mobiles.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2014-02-21
+Keywords: whatsapp
+Blurb: <p>The <a
++
href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity
++ of WhatsApp</a> makes eavesdropping a snap.</p>
+
+Id: 201402200
+Target: proprietary-subscriptions.html proprietary-subscriptions
+Target: malware-adobe.html malware-adobe
+PubDate: 2014-02-20
+Keywords:
+Blurb: <p><a
++
href="http://www.scientificamerican.com/article/adobe-software-subscription-model-means-you-cant-own-your-software/">
++ Adobe tools require a subscription</a>. Adobe also tried to <a
++
href="http://chocolateandvodka.com/2014/02/20/adobe-creative-cloud-subscription-warning/">
++ rip people off by making the subscriptions annual</a>, but that is
++ a secondary issue compared with the basic wrong of the time bomb.
++ When a program proprietary, and even malware, don't get distracted
++ by the secondary issues like price.</p>
++
++ <p>Please don't repeat the marketing term “Creative
++ Cloud” except to express revulsion for it. The <a
++ href="/philosophy/words-to-avoid.html#CloudComputing"> term
++ “cloud” is designed to cloud users' minds</a>.</p>
+
+Id: 201402070
+Target: malware-apple.html jails
+Target: proprietary-jails.html apple
+PubDate: 2014-02-07
+Keywords: censorship
+Blurb: <p>Apple rejected an app that displayed the locations
++ of US drone assassinations, giving various excuses. Each
++ time the developers fixed one “problem”, Apple
++ complained about another. After the fifth rejection, Apple <a
++ href="http://mashable.com/2014/02/07/apple-app-tracks-drone-strikes/">
++ admitted it was censoring the app based on the subject matter</a>.</p>
+
+Id: 201401280
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2014-01-28
+PubDate: 2012-11-13
+PubDate: 2014-01-27
+Keywords: angry-birds
+Blurb: <p>Angry Birds <a
++
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
++ spies for companies, and the NSA takes advantage
++ to spy through it too</a>. Here's information on <a
++
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
++ more spyware apps</a>.</p>
++
++ <p><a
++
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
++ More about NSA app spying</a>.</p>
+
+Id: 201401190
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-games.html malware-games
+PubDate: 2014-01-19
+Keywords:
+Blurb: <p>Some proprietary <a
++
href="http://www.theguardian.com/technology/2014/jan/19/apple-talking-cats-in-app-purchases">
++ games lure children to spend their parents' money</a>.</p>
+
+Id: 201401151
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2014-01-15
+Keywords: baidu simeji
+Blurb: <p>The Simeji keyboard is a smartphone version of Baidu's <a
++ href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr
++ title="Input Method Editor">IME</abbr></a>.</p>
+
+Id: 201401150
+Target: proprietary-surveillance.html SpywareInWindows
+PubDate: 2014-01-15
+Keywords: baidu
+Blurb: <p id="baidu-ime"><a
++
href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
++ Baidu's Japanese-input and Chinese-input apps spy on users</a>.</p>
+
+Id: 201401101
+Target: proprietary-surveillance.html SpywareInMacOS
+Target: malware-apple.html surveillance
+PubDate: 2014-01-10
+Keywords:
+Blurb: <p><a
++
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
++ Spotlight search</a> sends users' search terms to Apple.</p>
+
+Id: 201401100
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2014-01-10
+Keywords:
+Blurb: <p>The <a class="not-a-duplicate"
++
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
++ iBeacon</a> lets stores determine exactly where the iThing is, and
++ get other info too.</p>
+
+Id: 201312300
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2013-12-30
+Keywords:
+Blurb: <p><a
++
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
++ Either Apple helps the NSA snoop on all the data in an iThing, or it
++ is totally incompetent</a>.</p>
+
+Id: 201312290
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-12-29
+Keywords: virus memory-stick
+Blurb: <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash
++ memories have modifiable software</a>, which makes them vulnerable
++ to viruses.</p>
++
++ <p>We don't call this a “back door” because it is normal
++ that you can install a new system in a computer, given physical access
++ to it. However, memory sticks and cards should not be modifiable in
++ this way.</p>
+
+Id: 201312270
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2013-12-27
+Keywords: snapchat
+Blurb: <p>The nonfree Snapchat app's principal purpose is to restrict the
++ use of data on the user's computer, but it does surveillance too: <a
++
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
++ it tries to get the user's list of other people's phone
++ numbers</a>.</p>
+
+Id: 201312060
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2013-12-06
+Keywords: flashlight
+Blurb: <p>The Brightest Flashlight app <a
++
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
++ sends user data, including geolocation, for use by companies</a>.</p>
++
++ <p>The FTC criticized this app because it asked the user to
++ approve sending personal data to the app developer but did not ask
++ about sending it to other companies. This shows the weakness of
++ the reject-it-if-you-dislike-snooping “solution” to
++ surveillance: why should a flashlight app send any information to
++ anyone? A free software flashlight app would not.</p>
+
+Id: 201312040
+Target: malware-appliances.html malware-appliances
+Target: malware-microsoft.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-12-04
+Keywords: windows
+Blurb: <p><a
++
href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/">
++ Point-of-sale terminals running Windows were taken over</a> and
++ turned into a botnet for the purpose of collecting customers' credit
++ card numbers.</p>
+
+Id: 201311300
+Target: proprietary-back-doors.html universal
+PubDate: 2013-11-30
+Keywords: myfreeproxy pua
+Blurb: <p><a
++
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/">
++ Some applications come with MyFreeProxy, which is a universal back
++ door</a> that can download programs and run them.</p>
+
+Id: 201311210
+Target: malware-appliances.html malware-appliances
+PubDate: 2013-11-18
+PubDate: 2013-11-21
+Keywords: lg surveillance tvsets
+Blurb: <p>Spyware in LG “smart” TVs <a
++
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
++ reports what the user watches, and the switch to turn this off has
++ no effect</a>. (The fact that the transmission reports a 404 error
++ really means nothing; the server could save that data anyway.)</p>
++
++ <p>Even worse, it <a
++
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
++ snoops on other devices on the user's local network</a>.</p>
++
++ <p>LG later said it had installed a patch to stop this, but any
++ product could spy this way.</p>
+
+Id: 201311130
+Target: proprietary-drm.html proprietary-drm
+Target: malware-cars.html malware-cars
+PubDate: 2013-11-13
+Keywords:
+Blurb: <p><a
++
href="https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy">
++ DRM in cars will drive consumers crazy</a>.</p>
+
+Id: 201311120
+Target: malware-google.html insecurity
+Target: proprietary-surveillance.html SpywareInTelephones
+Target: malware-mobiles.html insecurity
+Target: malware-apple.html insecurity
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-09-07
+PubDate: 2013-11-12
+Keywords: iphone android blackberry
+Blurb: <p><a
++
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
++ The NSA can tap data in smart phones, including iPhones,
++ Android, and BlackBerry</a>. While there is not much
++ detail here, it seems that this does not operate via
++ the universal back door that we know nearly all portable
++ phones have. It may involve exploiting various bugs. There are <a
++
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
++ lots of bugs in the phones' radio software</a>.</p>
+
+Id: 201310260
+Target: proprietary-surveillance.html SpywareAtHome
+PubDate: 2013-10-26
+Keywords: rent-to-own
+Blurb: <p><a
++
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
++ Rent-to-own computers were programmed to spy on their renters</a>.</p>
+
+Id: 201310110
+Target: proprietary-surveillance.html SpywareInFlash
+Target: malware-webpages.html malware-webpages
+PubDate: 2013-10-11
+Keywords: javascript
+Blurb: <p>Flash and JavaScript are used for <a
++
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
++ “fingerprinting” devices</a> to identify users.</p>
+
+Id: 201310070
+Target: proprietary-drm.html proprietary-drm
+Target: malware-appliances.html malware-appliances
+PubDate: 2013-10-07
+Keywords: dvd bluray
+Blurb: <p id="bluray"><a
++
href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up">
++ DVDs and Bluray disks have DRM</a>.</p>
++
++ <p>That page uses spin terms that favor DRM, including <a
++ href="/philosophy/words-to-avoid.html#DigitalRightsManagement">
++ digital “rights” management</a> and <a
++
href="/philosophy/words-to-avoid.html#Protection">“protect”</a>,
++ and it claims that “artists” (rather than companies)
++ are primarily responsible for putting digital restrictions management
++ into these disks. Nonetheless, it is a reference for the facts.</p>
++
++ <p>Every Bluray disk (with few, rare exceptions) has DRM—so
++ don't use Bluray disks!</p>
+
+Id: 201309110
+Target: proprietary-back-doors.html other
+PubDate: 2013-09-11
+Keywords: bitlocker
+Blurb: <p>Here is a big problem whose details are still secret: <a
++ href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/">
++ The FBI asks lots of companies to put back doors in proprietary
++ programs</a>. We don't know of specific cases where this was done,
++ but every proprietary program for encryption is a possibility.</p>
+
+Id: 201309054
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-09-05
+Keywords: encryption
+Blurb: <p><a
++
href="http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">The
++ NSA has put back doors into nonfree encryption software</a>. We don't
++ know which ones they are, but we can be sure they include some widely
++ used systems. This reinforces the point that you can never trust
++ the security of nonfree software.</p>
+
+Id: 201309050
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-09-05
+Keywords:
+Blurb: <p>The FTC punished a company for making webcams with <a
++
href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html">
++ bad security so that it was easy for anyone to watch through
++ them</a>.</p>
+
+Id: 201308290
+Target: proprietary-deception.html proprietary-deception
+Target: malware-apple.html deception
+PubDate: 2013-08-29
+Keywords:
+Blurb: <p>“Dark patterns” are <a
++
href="http://www.theverge.com/2013/8/29/4640308/dark-patterns-inside-the-interfaces-designed-to-trick-you">user
++ interfaces designed to mislead users, or make option settings hard
++ to find</a>.</p>
++
++ <p>This allows a company such as Apple to say, “We allow users
++ to turn this off” while ensuring that few will understand how
++ to actually turn it off.</p>
+
+Id: 201308230
+Target: malware-microsoft.html back-doors
+Target: proprietary-back-doors.html other
+PubDate: 2013-08-23
+Keywords: windows tpm
+Blurb: <p>The German government <a
++
href="http://drleonardcoldwell.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/">veers
++ away from Windows 8 computers with TPM 2.0</a>, due to potential back
++ door capabilities of the TPM 2.0 chip.</p>
+
+Id: 201308080
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2013-08-08
+Keywords:
+Blurb: <p>The iThing also <a
++
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
++ tells Apple its geolocation</a> by default, though that can be
++ turned off.</p>
+
+Id: 201308060
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-08-06
+Keywords: disk
+Blurb: <p><a href="http://spritesmods.com/?art=hddhack&page=6">
++ Replaceable nonfree software in disk drives can be written by a
++ nonfree program</a>. This makes any system vulnerable to persistent
++ attacks that normal forensics won't detect.</p>
+
+Id: 201308040
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInChrome
+PubDate: 2013-08-04
+Keywords:
+Blurb: <p>Google Chrome <a
++ href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
++ spies on browser history, affiliations</a>, and other installed
++ software.</p>
+
+Id: 201308010
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2013-08-01
+Keywords:
+Blurb: <p>Spyware in Android phones (and Windows? laptops): The Wall Street
++ Journal (in an article blocked from us by a paywall) reports that <a
++
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
++ the FBI can remotely activate the GPS and microphone in Android phones
++ and laptops</a>. (I suspect this means Windows laptops.) Here is <a
++ href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
+
+Id: 201307300
+Target: malware-microsoft.html back-doors
+Target: proprietary-back-doors.html other
+PubDate: 2013-07-30
+Keywords: intel amd
+Blurb: <p>Here is a suspicion that
++ we can't prove, but is worth thinking about: <a
++
href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI">
++ Writable microcode for Intel and AMD microprocessors</a> may be a
++ vehicle for the NSA to invade computers, with the help of Microsoft,
++ say respected security experts.</p>
+
+Id: 201307280
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2013-07-28
+Keywords: motorola
+Blurb: <p>Spyware is present in some Android devices when they are
++ sold. Some Motorola phones, made when this company was owned
++ by Google, use a modified version of Android that <a
++ href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
++ sends personal data to Motorola</a>.</p>
+
+Id: 201307270
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-07-27
+PubDate: 2012-04-10
+PubDate: 2013-02-25
+Keywords: health
+Blurb: <p> It is possible to <a
++
href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/">
++ kill people by taking control of medical
++ implants by radio</a>. More information in <a
++ href="http://www.bbc.co.uk/news/technology-17631838">BBC
++ News</a> and <a
++
href="https://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">
++ IOActive Labs Research blog</a>.</p>
+
+Id: 201307260
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2013-07-26
+Keywords: home
+Blurb: <p><a
++
href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/">
++ “Smart homes”</a> turn out to be stupidly vulnerable to
++ intrusion.</p>
+
+Id: 201307250
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2013-07-25
+Keywords: motorola
+Blurb: <p>A Motorola phone <a
++
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
++ listens for voice all the time</a>.</p>
+
+Id: 201307114
+Target: malware-appliances.html malware-appliances
+Target: proprietary-back-doors.html other
+PubDate: 2013-07-11
+Keywords: hp lefthand
+Blurb: <p>HP “storage appliances” that
++ use the proprietary “Left Hand”
++ operating system have back doors that give HP <a
++
href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/">
++ remote login access</a> to them. HP claims that this does not
++ give HP access to the customer's data, but if the back door allows
++ installation of software changes, a change could be installed that
++ would give access to the customer's data.</p>
+
+Id: 201307110
+Target: proprietary-surveillance.html SpywareInSkype
+Target: malware-microsoft.html surveillance
+PubDate: 2013-07-11
+Keywords:
+Blurb: <p>Skype contains <a
++
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
++ Microsoft changed Skype <a
++
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
++ specifically for spying</a>.</p>
+
+Id: 201307080
+Target: proprietary-surveillance.html SpywareInWindows
+Target: malware-microsoft.html surveillance
+PubDate: 2003-02-28
+PubDate: 2013-07-08
+PubDate: 2013-06-10
+Keywords:
+Blurb: <p>Spyware in older versions of Windows: <a
++ href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
++ Windows Update snoops on the user</a>. <a
++
href="https://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
++ Windows 8.1 snoops on local searches</a>. And there's a <a
++ href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
++ key in Windows</a>, whose functions we don't know.</p>
+
+Id: 201307000
+Target: proprietary-surveillance.html SpywareInTelephones
+Target: malware-mobiles.html surveillance
+PubDate: 2013-07
+Keywords: gps
+Blurb: <p>Portable phones with GPS <a
++
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
++ will send their GPS location on remote command, and users cannot stop
++ them</a>. (The US says it will eventually require all new portable phones
++ to have GPS.)</p>
+
+Id: 201306220
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-microsoft.html sabotage
+PubDate: 2013-06-22
+Keywords: windows
+Blurb: <p><a
++
href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft
++ informs the NSA of bugs in Windows before fixing them</a>.</p>
+
+Id: 201306140
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-cars.html malware-cars
+PubDate: 2013-06-14
+Keywords: tesla
+Blurb: <p>Tesla cars allow the company to extract
++ data remotely and determine the car's location
++ at any time. (See Section 2, paragraphs b and c of the <a
++
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
++ privacy statement</a>.) The company says it doesn't store this
++ information, but if the state orders it to get the data and hand it
++ over, the state can store it.</p>
+
+Id: 201305100
+Target: malware-adobe.html malware-adobe
+Target: proprietary-tethers.html proprietary-tethers
+PubDate: 2013-05-10
+Keywords: adobe
+Blurb: <p>Adobe applications <a
++ href="https://www.wired.com/2013/05/adobe-creative-cloud-petition/">
++ require periodic connection to a server</a>.</p>
+
+Id: 201305060
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-adobe.html malware-adobe
+PubDate: 2013-05-06
+Keywords:
+Blurb: <p>Adobe applications have time bombs: they <a
++
href="http://techcrunch.com/2013/05/06/adobe-goes-all-in-with-subscription-based-creative-cloud-will-stop-selling-regular-cs-licenses-shrink-wrapped-boxes/">
++ stop working after a certain time</a>, after which the user
++ must pay to extend the time.</p>
++
++ <p>Once there was a problem with the servers
++ that these programs use to check who has paid, and <a
++
href="http://www.macuser.co.uk/9015-adobe-creative-cloud-outage-leaves-adobe-users-locked-out">
++ the applications refused to work for anyone</a>.</p>
+
+Id: 201304080
+Target: malware-google.html tyrants
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2013-04-08
+Keywords: android
+Blurb: <p>Motorola, then owned by Google, made <a
++
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
++ Android phones that are tyrants</a> (though someone found a way to
++ crack the restriction). Fortunately, most Android devices are not
++ tyrants.</p>
+
+Id: 201303250
+Target: proprietary-surveillance.html SpywareInVehicles
+Target: malware-cars.html malware-cars
+PubDate: 2013-03-25
+Keywords:
+Blurb: <p id="records-drivers">Proprietary software in cars <a
++
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
++ records information about drivers' movements</a>, which is made
++ available to car manufacturers, insurance companies, and others.</p>
++
++ <p>The case of toll-collection systems, mentioned in this article,
++ is not really a matter of proprietary surveillance. These systems
++ are an intolerable invasion of privacy, and should be replaced with
++ anonymous payment systems, but the invasion isn't done by malware. The
++ other cases mentioned are done by proprietary malware in the car.</p>
+
+Id: 201302150
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInAndroid
+PubDate: 2013-02-15
+Keywords:
+Blurb: <p>Google Play intentionally sends app developers <a
++
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
++ the personal details of users that install the app</a>.</p>
++
++ <p>Merely asking the “consent” of users is not enough to
++ legitimize actions like this. At this point, most users have stopped
++ reading the “Terms and Conditions” that spell out what
++ they are “consenting” to. Google should clearly and
++ honestly identify the information it collects on users, instead of
++ hiding it in an obscurely worded EULA.</p>
++
++ <p>However, to truly protect people's privacy, we must prevent Google
++ and other companies from getting this personal information in the
++ first place!</p>
+
+Id: 201301280
+Target: proprietary-sabotage.html proprietary-sabotage
+PubDate: 2013-01-22
+PubDate: 2013-01-28
+Keywords: oracle plugin
+Blurb: <p>Oracle's nonfree Java plug-in for browsers <a
++
href="http://www.zdnet.com/article/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates/">sneakily
++ installs other annoying proprietary software</a>.</p>
++
++ <p>That article disregards all other bad things
++ about proprietary software. For instance, it regards
++ the inclusion of proprietary Flash Player (which has a <a
++
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">surveillance
++ feature</a> and DRM) in Chrome as a good thing. Chrome is a
++ proprietary browser with a universal back door.</p>
++
++ <p>We don't agree with the article's views on those issues, but we
++ present it as a factual reference.</p>
++
++ <p>In 2014, <a
++
href="http://www.computerworld.com/article/2494794/malware-vulnerabilities/oracle-will-continue-to-bundle--crapware--with-java.html">
++ Oracle insisted on continuing this practice</a>.</p>
+
+Id: 201212290
+Target: proprietary-surveillance.html SpywareInNetworks
+Target: malware-appliances.html malware-appliances
+PubDate: 2012-12-29
+Keywords: cisco
+Blurb: <p>The Cisco TNP IP phones are <a
++ href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
++ spying devices</a>.</p>
+
+Id: 201212180
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2012-12-18
+Keywords: samsung tvsets
+Blurb: <p>Samsung “Smart” TVs have <a
++
href="https://wiki.samygo.tv/index.php?title=SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F">
++ turned Linux into the base for a tyrant system</a> so as to impose
++ DRM. What enables Samsung to do this is that Linux is released
++ under GNU GPL version 2, <a
++ href="/licenses/rms-why-gplv3.html">not version 3</a>, together with
++ a weak interpretation of GPL version 2.</p>
+
+Id: 201212170
+Target: proprietary-surveillance.html SpywareInTVSets
+Target: malware-appliances.html malware-appliances
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2012-12-17
+Keywords:
+Blurb: <p id="break-security-smarttv"><a
++
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
++ Crackers found a way to break security on a “smart” TV</a>
++ and use its camera to watch the people who are watching TV.</p>
+
+Id: 201212100
+Target: proprietary-surveillance.html SpywareInMobileApps
+Target: malware-mobiles.html surveillance
+PubDate: 2012-12-10
+Keywords: children
+Blurb: <p>FTC says most mobile apps for children don't respect privacy: <a
++
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
++
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+
+Id: 201212031
+Target: malware-amazon.html surveillance
+PubDate: 2012-12-03
+Keywords:
+Blurb: <p>The Electronic Frontier Foundation has examined and found <a
++ href="https://www.eff.org/pages/reader-privacy-chart-2012">various
++ kinds of surveillance in the Swindle and other e-readers</a>.</p>
+
+Id: 201212030
+Target: proprietary-surveillance.html SpywareInElectronicReaders
+PubDate: 2012-12-03
+Keywords:
+Blurb: <p>Spyware in many e-readers—not only the Kindle: <a
++ href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
++ report even which page the user reads at what time</a>.</p>
+
+Id: 201210240
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2012-10-24
+Keywords:
+Blurb: <p>Many web sites rat their visitors to advertising
++ networks that track users. Of the top 1000 web sites, <a
++
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
++ (as of 5/17/2012) fed their visitors third-party cookies, allowing
++ other sites to track them</a>.</p>
+
+Id: 201210221
+Target: malware-amazon.html back-doors
+PubDate: 2009-07-17
+PubDate: 2012-10-22
+Keywords: back-doors alter-data
+Blurb: <p>The Amazon Kindle-Swindle has a back door that has been used to <a
++
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
++ remotely erase books</a>. One of the books erased was
++ <cite>1984</cite>, by George Orwell.</p>
++
++ <p>Amazon responded to criticism by saying it
++ would delete books only following orders from the
++ state. However, that policy didn't last. In 2012 it <a
++
href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
++ wiped a user's Kindle-Swindle and deleted her account</a>, then
++ offered her kafkaesque “explanations.”</p>
+
+Id: 201210220
+Target: proprietary-back-doors.html alter-data
+PubDate: 2009-07-17
+PubDate: 2012-10-22
+Keywords: amazon back-door
+Blurb: <p id="swindle-eraser">The Amazon
++ Kindle-Swindle has a back door that has been used to <a
++
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
++ remotely erase books</a>. One of the books erased was
++ <cite>1984</cite>, by George Orwell.</p>
++
++ <p>Amazon responded to criticism by saying it
++ would delete books only following orders from the
++ state. However, that policy didn't last. In 2012 it <a
++
href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
++ wiped a user's Kindle-Swindle and deleted her account</a>, then
++ offered her kafkaesque “explanations.”</p>
++
++ <p>Do other ebook readers have back doors in their nonfree software? We
++ don't know, and we have no way to find out. There is no reason to
++ assume that they don't.</p>
+
+Id: 201210170
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2012-10-17
+Keywords:
+Blurb: <p>There is also a feature for web sites to track users, which is <a
++
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
++ enabled by default</a>. (That article talks about iOS 6, but it is
++ still true in iOS 7.)</p>
+
+Id: 201210080
+Target: malware-mobiles.html jails
+Target: proprietary-jails.html microsoft
+Target: malware-microsoft.html jails
+PubDate: 2012-10-08
+Keywords: windows
+Blurb: <p><a
++
href="http://www.itworld.com/article/2832657/operating-systems/microsoft-metro-app-store-lock-down.html">
++ Windows 8 on “mobile devices” (now defunct) was a
++ jail</a>.</p>
+
+Id: 201210020
+Target: malware-appliances.html malware-appliances
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2012-10-02
+Keywords: lg tvsets
+Blurb: <p>Some LG TVs <a
++ href="http://openlgtv.org.ru/wiki/index.php/Achievements">are
++ tyrants</a>.</p>
+
+Id: 201208210
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2012-08-21
+Keywords:
+Blurb: <p>Many web sites report all their visitors
++ to Google by using the Google Analytics service, which <a
++
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
++ tells Google the IP address and the page that was visited</a>.</p>
+
+Id: 201205280
+Target: malware-apple.html tyrants
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2012-05-28
+Keywords: ithings
+Blurb: <p>The Apple iThings are tyrant devices. There is a
++ port of Android to the iThings, but installing it requires <a
++
href="https://web.archive.org/web/20150721065208/http://www.idroidproject.org/wiki/Status">
++ finding a bug or “exploit”</a> to make it possible to
++ install a different system.</p>
+
+Id: 201204280
+Target: proprietary-surveillance.html SpywareIniThings
+Target: malware-apple.html surveillance
+PubDate: 2012-04-28
+Keywords:
+Blurb: <p>Users cannot make an Apple ID (<a
++
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
++ to install even gratis apps</a>) without giving a valid
++ email address and receiving the verification code Apple sends
++ to it.</p>
+
+Id: 201202280
+Target: malware-google.html back-doors
+Target: proprietary-back-doors.html universal
+PubDate: 2012-02-28
+Keywords: chromeos
+Blurb: <p>ChromeOS has a universal back
++ door. At least, Google says it does—in <a
++ href="https://www.google.com/intl/en/chromebook/termsofservice.html">
++ section 4 of the EULA</a>.</p>
+
+Id: 201200000
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2012
+Keywords:
+Blurb: <p>Many web sites try to collect users' address books (the user's list
++ of other people's phone numbers or email addresses). This violates
++ the privacy of those other people.</p>
+
+Id: 201112081
+Target: malware-microsoft.html back-doors
+PubDate: 2011-12-08
+Keywords: back-doors install-delete windows
+Blurb: <p>Windows 8 also has a back door for <a
++
href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html">
++ remotely deleting apps</a>.</p>
++
++ <p>You might well decide to let a security service that you trust
++ remotely <em>deactivate</em> programs that it considers malicious.
++ But there is no excuse for <em>deleting</em> the programs, and you
++ should have the right to decide whom (if anyone) to trust in this
++ way.</p>
+
+Id: 201112080
+Target: proprietary-back-doors.html install-delete
+PubDate: 2011-12-08
+Keywords: microsoft back-door windows
+Blurb: <p> In addition to its <a href="#windows-update">universal back
++ door</a>, Windows 8 has a back door for <a
++
href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html">
++ remotely deleting apps</a>.</p>
++
++ <p>You might well decide to let a security service that you trust
++ remotely <em>deactivate</em> programs that it considers malicious.
++ But there is no excuse for <em>deleting</em> the programs, and you
++ should have the right to decide whom (if anyone) to trust in this
++ way.</p>
+
+Id: 201111170
+Target: proprietary-surveillance.html SpywareInAndroid
+Target: malware-mobiles.html surveillance
+PubDate: 2011-11-17
+Keywords: carrier-iq
+Blurb: <p>Some manufacturers add a <a
++
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
++ hidden general surveillance package such as Carrier IQ</a>.</p>
+
+Id: 201110110
+Target: malware-mobiles.html tyrants
+Target: proprietary-tyrants.html proprietary-tyrants
+Target: malware-microsoft.html tyrants
+PubDate: 2011-10-11
+Keywords: windows
+Blurb: <p><a href="https://fsf.org/campaigns/secure-boot-vs-restricted-boot/">
++ Mobile devices that come with Windows 8 are tyrants</a>.</p>
+
+Id: 201110040
+Target: proprietary-surveillance.html SpywareOnTheWeb
+Target: malware-webpages.html malware-webpages
+PubDate: 2011-10-04
+Keywords: facebook
+Blurb: <p>Pages that contain “Like” buttons <a
++
href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
++ enable Facebook to track visitors to those pages</a>—even users
++ that don't have Facebook accounts.</p>
+
+Id: 201105070
+Target: malware-games.html malware-games
+Target: proprietary-tyrants.html proprietary-tyrants
+PubDate: 2011-05-07
+Keywords: sony playstation
+Blurb: <p><a href="https://www.defectivebydesign.org/sony">The Playstation
++ 3 is a tyrant</a>.</p>
+
+Id: 201103110
+Target: malware-cars.html malware-cars
+Target: proprietary-insecurity.html proprietary-insecurity
+PubDate: 2011-03-11
+PubDate: 2011-03-10
+Keywords:
+Blurb: <p>It is possible to <a
++
href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/">
++ take control of some car computers through malware in music files</a>.
++ Also <a
++ href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">
++ by radio</a>. More information in <a
++ href="http://www.autosec.org/faq.html"> Automotive Security And
++ Privacy Center</a>.</p>
+
+Id: 201103070
+Target: malware-google.html back-doors
+Target: proprietary-back-doors.html install-delete
+PubDate: 2011-03-07
+PubDate: 2010-06-25
+Keywords: system android
+Blurb: <p>In Android, <a
++
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
++ Google has a back door to remotely delete apps</a>. (It was in a
++ program called GTalkService, which seems since then to have been
++ merged into Google Play.)</p>
++
++ <p>Google can also <a
++
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
++ forcibly and remotely install apps</a> through GTalkService. This is
++ not equivalent to a universal back door, but permits various dirty
++ tricks.</p>
++
++ <p>Although Google's <em>exercise</em> of this power has not been
++ malicious so far, the point is that nobody should have such power,
++ which could also be used maliciously. You might well decide to
++ let a security service remotely <em>deactivate</em> programs that
++ it considers malicious. But there is no excuse for allowing it to
++ <em>delete</em> the programs, and you should have the right to decide
++ who (if anyone) to trust in this way.</p>
+
+Id: 201102250
+Target: malware-google.html drm
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2011-02-25
+Keywords: android
+Blurb: <p>Android <a
++
href="https://developer.android.com/reference/android/drm/package-summary.html">
++ contains facilities specifically to support DRM</a>.</p>
+
+Id: 201011220
+Target: malware-apple.html back-doors
+Target: proprietary-back-doors.html alter-data
+PubDate: 2010-11-22
+Keywords: ithings
+Blurb: <p>The iPhone has a back door for <a
++
href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
++ remote wipe</a>. It's not always enabled, but users are led into
++ enabling it without understanding.</p>
+
+Id: 201003300
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-games.html malware-games
+PubDate: 2010-03-30
+Keywords: sony playstation
+Blurb: <p>Sony <a
++
href="https://www.eff.org/deeplinks/2010/03/sony-steals-feature-from-your-playstation-3">sabotaged
++ the Playstation 3</a> with a firmware downgrade that removed the
++ feature that allowed users to run GNU/Linux on it.</p>
++
++ <p>Sony subsequently sent police after Geohot, after he cracked the
++ code that blocked users from changing the firmware, and we responded by
++ calling for a <a href="http://boycottsony.org">boycott of Sony</a>.</p>
++
++ <p>In a court settlement Sony is <a
++
href="http://arstechnica.com/tech-policy/2016/06/if-you-used-to-run-linux-on-your-ps3-you-could-get-55-from-sony/">
++ now paying for the sabotage</a>.</p>
+
+Id: 201003010
+Target: proprietary-surveillance.html SpywareInFlash
+Target: malware-webpages.html malware-webpages
+PubDate: 2010-03-01
+Keywords:
+Blurb: <p>Flash Player's <a
++
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
++ cookie feature helps web sites track visitors</a>.</p>
+
+Id: 201002180
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2010-02-18
+Keywords:
+Blurb: <p>DRM does more nastiness to published works than merely stopping
++ people from looking at and/or copying them. Even when it allows you to
++ look, it harasses you in many ways. Cory Doctorow's article presents
++ <a href="https://boingboing.net/2010/02/18/infographic-buying-d.html">
++ DVDs as an example</a>.</p>
++
++ <p>We condemn the propaganda term “pirate” when it
++ is applied to people that share copies. Many of these DVDs are
++ made and distributed commercially; in reference to that practice,
++ “pirate” might be partly justified. But not when they
++ protect users from harassment.</p>
++
++ <p>The fundamental cause of this harassment, and the fundamental
++ wrong of the DRM in DVDs, is the requirement to use nonfree software
++ to play the DVD. Fortunately we have free replacement software.</p>
+
+Id: 200811210
+Target: proprietary-drm.html proprietary-drm
+Target: malware-apple.html drm
+PubDate: 2008-11-21
+Keywords: hardware macos
+Blurb: <p><a
++
href="https://www.eff.org/deeplinks/2008/11/apple-downgrades-macbook-video-drm">
++ DRM (digital restrictions mechanisms) in MacOS</a>. This article
++ focuses on the fact that a new model of Macbook introduced a
++ requirement for monitors to have malicious hardware, but DRM software
++ in MacOS is involved in activating the hardware. The software for
++ accessing iTunes is also responsible.</p>
+
+Id: 200809060
+Target: malware-google.html surveillance
+Target: proprietary-surveillance.html SpywareInChrome
+PubDate: 2008-09-06
+Keywords: keylogger
+Blurb: <p>Google Chrome contains a key logger that <a
++ href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
++ sends Google every URL typed in</a>, one key at a time.</p>
+
+Id: 200808110
+Target: malware-apple.html back-doors
+Target: proprietary-back-doors.html install-delete
+PubDate: 2008-08-11
+Keywords: ithings
+Blurb: <p>The iPhone has a back door <a
++
href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
++ that allows Apple to remotely delete apps</a> which Apple considers
++ “inappropriate”. Jobs said it's OK for Apple to have
++ this power because of course we can trust Apple.</p>
+
+Id: 200803040
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2008-03-04
+Keywords: hdcp
+Blurb: <p><a
++
href="https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection">
++ HDCP</a> is a DRM system that encrypts video and audio data from
++ the processor to the monitor. It is implemented mainly in hardware,
++ but the system software also participates, which makes it qualify
++ as malware.</p>
++
++ <p>Besides controlling users, HDCP denies their fair-use rights and
++ causes numerous practical problems.</p>
+
+Id: 200802190
+Target: proprietary-drm.html proprietary-drm
+PubDate: 2008-02-19
+Keywords: flash-player
+Blurb: <p><a
++ href="https://www.eff.org/deeplinks/2008/02/adobe-pushes-drm-flash">
++ DRM in Flash Player</a>.</p>
+
+Id: 200709270
+Target: proprietary-sabotage.html proprietary-sabotage
+Target: malware-apple.html sabotage
+PubDate: 2007-09-27
+Keywords: ithings firmware
+Blurb: <p><a
++
href="http://www.computerworld.com/article/2541250/apple-mac/update--apple-plays-hardball--upgrade--bricks--unlocked-iphones.html">
++ An Apple firmware “upgrade” bricked iPhones that had been
++ unlocked</a>. The “upgrade” also deactivated applications
++ not approved by <a href="/proprietary/proprietary-jails.html">Apple
++ censorship</a>. All this was apparently intentional.</p>
+
+Id: 200708131
+Target: proprietary-drm.html proprietary-drm
+Target: malware-microsoft.html drm
+PubDate: 2007-08-13
+Keywords: windows apple
+Blurb: <p><a href="http://arstechnica.com/apple/2007/08/aacs-tentacles/">DRM
++ in Windows</a>, introduced to cater to <a
++ href="/proprietary/proprietary-drm.html#bluray">Bluray</a> disks.
++ (The article talks about how the same malware would later be
++ introduced in MacOS. That had not been done at the time, but it was
++ done subsequently.)</p>
+
+Id: 200708130
+Target: malware-apple.html drm
+PubDate: 2007-08-13
+Keywords: drm microsoft
+Blurb: <p><a href="http://arstechnica.com/apple/2007/08/aacs-tentacles/">
++ DRM that caters to Bluray disks</a>. (The article focused on Windows
++ and said that MacOS would do the same thing subsequently.)</p>
+
+Id: 200703310
+Target: proprietary-drm.html proprietary-drm
+Target: malware-apple.html drm
+PubDate: 2007-03-31
+Keywords: itune
+Blurb: <p>iTunes videos have DRM, which allows Apple to <a
++ href="https://en.wikipedia.org/wiki/FairPlay">dictate where its
++ customers can watch the videos they purchased</a>.</p>
+
+Id: 200700001
+Target: proprietary-back-doors.html universal
+PubDate: 2007
+Keywords: amazon back-door
+Blurb: <p>In addition to its <a href="#swindle-eraser">book
++ eraser</a>, the Kindle-Swindle has a <a
++
href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
++ universal back door</a>.</p>
+
+Id: 200700000
+Target: malware-amazon.html back-doors
+PubDate: 2007
+Keywords: back-doors universal
+Blurb: <p>The Kindle also has a <a
++
href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
++ universal back door</a>.</p>
+
+Id: 200612050
+Target: proprietary-back-doors.html universal
+PubDate: 2006-12-05
+Keywords: mobiles-intro
+Blurb: <p>Almost every phone's communication
++ processor has a universal back door which is <a
++
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
++ often used to make a phone transmit all conversations it hears</a>. See
++ <a href="/proprietary/malware-mobiles.html#universal-back-door">Malware
++ in Mobile Devices</a> for more info.</p>
+
+Id: 200510200
+Target: proprietary-surveillance.html SpywareInGames
+Target: malware-games.html malware-games
+PubDate: 2005-10-20
+Keywords: blizzard
+Blurb: <p>Blizzard Warden is a hidden
++ “cheating-prevention” program that <a
++ href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
++ spies on every process running on a gamer's computer and sniffs a
++ good deal of personal data</a>, including lots of activities which
++ have nothing to do with cheating.</p>
+
Index: README.md
===================================================================
RCS file: README.md
diff -N README.md
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ README.md 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,172 @@
+Copyright (C) 2018 Free Software Foundation, Inc.
+
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without any warranty.
+--------------------------------------------------------------------------
+
+# MALWARE HOWTO
+
+
+## What's in this directory
+
+ It contains ingredients and tools for adding new malware items to
+ proprietary/, and regenerating malware lists.
+ You are more than welcome to improve them.
+
+ *Scripts*
+
+ item-create reformats the new item, and adds it to mal.rec, to
+ the relevant malware pages and to the "Latest additions" list in
+ proprietary.html.
+
+ malgen regenerates malware lists, either in all pages or specific
+ pages. This is useful to restore chronological order or limit the
+ number of items listed in "Latest additions". malgen also updates
+ targets.rec.
+
+ list-targets.awk is called by malgen.
+
+ *Text files*
+
+ mal.rec has the text of each item and meta-information about it
+ (see detailed description below), in Recutils format.
+
+ targets.rec records all the possible targets for item addition. This
+ file is used by item-create and malgen, and is updated automatically
+ at each run of malgen with the help of list-targets.awk.
+
+ item-start is the template for writing a new item.
+
+ item-pending contains the RT references and dates for items that should
+ not be published yet. This file should not contain any actual
+ malware descriptions. Its only purpose is to easily retrieve the
+ corresponding tickets.
+
+
+## How to create a malware item
+
+ 1. Copy "item-start" to "item".
+
+ 2. Complete the Id, RT, PubDate (one for each reference), Target (one
+ for each page the item is supposed to go to), and optionally Keywords
+ fields, as explained below.
+
+ 3. Write the HTML text in the Blurb field.
+
+ 4. Run "item-create" without argument.
+
+ 5. If for some reason addition fails, either totally or partially, edit
+ "item", and run item-create again.
+
+ *Note*: item-create can't be used to edit items that have been
+ successfully added.
+
+
+## How to edit an already added item
+
+ 1. Edit its entry in mal.rec.
+
+ 2. Regenerate all pages by running malgen without argument. This has
+ the additional effect of re-sorting the items, updating targets.rec,
+ and removing old entries from the Latest additions list in
+ proprietary.html.
+
+
+## How to split a page into new sections
+
+ 1. *Leave the items where they are*.
+
+ 2. Create new sections with the proper id's. The cosmetic div that is
+ labeled with the old page id will become the first header, and the
+ first section will contain all the items. The other sections will have
+ empty lists.
+
+ For example, to split malware-appliances into sections (say
+ back-doors, drm, etc.):
+
+ - replace
+ <div class="column-limit" id="malware-appliances"></div>
+ with
+ <h3 id="back-doors">Back Doors</h3>
+ <p>explanations, if any</p>
+
+ - create the other sections:
+ <h3 id="drm">DRM</h3>
+ <p>explanations, if any</p>
+ <ul class="blurbs">
+ </ul>
+ etc.
+ *Note:* <ul class="blurbs"> and </ul> should be on different lines.
+
+ 3. In mal.rec, search for the items that belong to the page being split,
+ then change the corresponding target according to the Blurb and other
+ Target fields.
+
+ In the preceding example, search for "malware-appliances". This
+ will select the lines:
+ Target: malware-appliances.html malware-appliances
+
+ If the item belongs to DRM, replace this with
+ Target: malware-appliances.html drm
+
+ 4. Regenerate the page (or all pages) with malgen.
+
+
+## How to complete the top fields in mal.rec
+
+ *Added*
+
+ Date of addition of the item, inserted automatically by item-create.
+
+ *PubDate* (one or more)
+
+ Publication or last-modification date for each article. If this date
+ is not on the page itself, it can usually be found in the source
+ code.
+
+ *Id* (exactly one)
+
+ A 9-digit integer, made from the publication date of the latest
+ reference in the blurb and a disambiguation digit. For instance,
+ "Id: 201805300" if the latest reference was published on
+ May 30th, 2018.
+
+ Another blurb on a different topic with the same latest-publication
+ date would have "Id: 201805304", and a third one "Id: 201805308".
+
+ Variants of these 3 blurbs (e.g., different wording in malware-* and
+ proprietary-*) would have "Id: 201805301", "Id: 201805305", and
+ "Id: 201805309" respectively.
+
+ *RT*
+
+ Ticket numbers for this item.
+
+ *Target* (one or more)
+
+ This field determines which page and which page section (if any)
+ the item will go to. All the possible targets are listed in
+ targets.rec (automatically regenerated at each run of item-create).
+
+ - If the page doesn't have sections, it has only one list of malware
+ items. The Target field only needs to contains the name of the HTML
+ file. For example:
+ Target: malware-adobe.html
+ Target: proprietary-drm.html
+
+ The target id will be added by item-create:
+ Target: malware-adobe.html malware-adobe
+ Target: proprietary-drm.html proprietary-drm
+
+ - If the page has sections (i.e. several lists), the Target field
+ contains 2 words: the name of the HTML file, and the target id.
+ A list of these id's is in target.rec. For example:
+ Target: malware-microsoft.html back-doors
+ Target: proprietary-back-doors spy
+
+ *Keywords*
+
+ Any keywords that might be useful some day. This field can be left
+ empty.
Index: targets.rec
===================================================================
RCS file: targets.rec
diff -N targets.rec
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ targets.rec 27 Oct 2018 15:24:10 -0000 1.1
@@ -0,0 +1,93 @@
+### Please don't edit this file manually. It gets updated by item-create.
+
+# Copyright (C) 2018 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+
+%rec: Targets
+%doc: Targets for malware lists in proprietary/
+%mandatory: Page
+%type: Targets line
+
+Page: malware-adobe.html
+Targets: malware-adobe
+
+Page: malware-amazon.html
+Targets: back-doors surveillance drm echo-back-doors echo-surveillance misc
+
+Page: malware-apple.html
+Targets: back-doors deception drm incompatibility insecurity jails pressuring
sabotage surveillance tyrants
+
+Page: malware-appliances.html
+Targets: malware-appliances
+
+Page: malware-cars.html
+Targets: malware-cars
+
+Page: malware-games.html
+Targets: malware-games
+
+Page: malware-google.html
+Targets: back-doors censorship drm insecurity sabotage surveillance tyrants
+
+Page: malware-microsoft.html
+Targets: back-doors drm insecurity interference sabotage subscriptions
surveillance jails tyrants
+
+Page: malware-mobiles.html
+Targets: phone-communications back-doors drm insecurity surveillance jails
tyrants
+
+Page: malware-webpages.html
+Targets: malware-webpages
+
+Page: potential-malware.html
+Targets: potential-malware
+
+Page: proprietary-back-doors.html
+Targets: spy alter-data install-delete universal other
+
+Page: proprietary-censorship.html
+Targets: google consoles
+
+Page: proprietary-coverups.html
+Targets: proprietary-coverups
+
+Page: proprietary-deception.html
+Targets: proprietary-deception
+
+Page: proprietary-drm.html
+Targets: proprietary-drm
+
+Page: proprietary.html
+Targets: latest
+
+Page: proprietary-incompatibility.html
+Targets: proprietary-incompatibility
+
+Page: proprietary-insecurity.html
+Targets: proprietary-insecurity
+
+Page: proprietary-interference.html
+Targets: proprietary-interference
+
+Page: proprietary-jails.html
+Targets: apple microsoft
+
+Page: proprietary-sabotage.html
+Targets: proprietary-sabotage
+
+Page: proprietary-subscriptions.html
+Targets: proprietary-subscriptions
+
+Page: proprietary-surveillance.html
+Targets: SpywareInWindows SpywareInMacOS SpywareInBIOS SpywareInTelephones
SpywareIniThings SpywareInAndroid SpywareInElectronicReaders
SpywareInMobileApps SpywareInSkype SpywareInGames SpywareInEquipment
SpywareInTVSets SpywareInCameras SpywareInToys SpywareInDrones SpywareAtHome
SpywareOnWearables SpywareOnSmartWatches SpywareInVehicles SpywareInVR
SpywareOnTheWeb SpywareInJavaScript SpywareInFlash SpywareInChrome
SpywareInNetworks
+
+Page: proprietary-tethers.html
+Targets: proprietary-tethers
+
+Page: proprietary-tyrants.html
+Targets: proprietary-tyrants
+
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary/workshop item-create item-pendi...,
Therese Godefroy <=