[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-google.html
From: |
Félicien PILLOT |
Subject: |
www/proprietary malware-google.html |
Date: |
Tue, 7 Mar 2017 15:25:46 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: FĂ©licien PILLOT <felandral> 17/03/07 15:25:46
Added files:
proprietary : malware-google.html
Log message:
[#1198654] Created a new page containing items from proprietary-*.html
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-google.html?cvsroot=www&rev=1.1
Patches:
Index: malware-google.html
===================================================================
RCS file: malware-google.html
diff -N malware-google.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ malware-google.html 7 Mar 2017 20:25:46 -0000 1.1
@@ -0,0 +1,266 @@
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.79 -->
+<title>Google's Software Is Malware
+- GNU Project - Free Software Foundation</title>
+ <!--#include virtual="/proprietary/po/malware-google.translist" -->
+<!--#include virtual="/server/banner.html" -->
+
+<h2>Google's Software is Malware</h2>
+
+<p><a href="/proprietary/proprietary.html">Other examples of proprietary
+malware</a></p>
+
+<div class="highlight-para">
+<p>
+<em>Malware</em> means software designed to function in ways that
+mistreat or harm the user. (This does not include accidental errors.)
+This page explains how Google software is malware.
+</p>
+
+<p>Malware and nonfree software are two different issues. The
+difference between <a href="/philosophy/free-sw.html">free
+software</a> and nonfree software is in
+<a href="/philosophy/free-software-even-more-important.html">
+whether the users have control of the program or vice versa</a>. It's
+not directly a question of what the program <em>does</em> when it
+runs. However, in practice nonfree software is often malware,
+because the developer's awareness that the users would be powerless to fix
+any malicious functionalities tempts the developer to impose some.
+</p>
+</div>
+
+<p>Here's how Google's software are malware.</p>
+
+<div class="toc">
+ <div class="malfunctions">
+ <ul>
+ <li><strong>Type of malware</strong></li>
+ <li><a href="#back-doors">Back doors</a></li>
+ <li><a href="#censorship">Censorship</a></li>
+ <!--<li><a href="#insecurity">Insecurity</a></li>-->
+ <!--<li><a href="#pressuring">Pressuring</a></li>-->
+ <li><a href="#sabotage">Sabotage</a></li>
+ <li><a href="#interference">Interference</a></li>
+ <!--<li><a href="#surveillance">Surveillance</a></li>-->
+ <li><a href="#drm">Digital restrictions
+ management</a> or “DRM” means functionalities designed
+ to restrict what users can do with the data in their computers.</li>
+ <!--<li><a href="#jails">Jails</a>—systems
+ that impose censorship on application programs.</li>-->
+ <li><a href="#tyrants">Tyrants</a>—systems
+ that reject any operating system not “authorized” by the
+ manufacturer.</li>
+ <!--<li><a href="#deception">Deception</a></li>-->
+ </ul>
+ </div>
+</div>
+
+<h3 id="back-doors">Google Back Doors</h3>
+<ul>
+ <li><p>Chrome has a back door <a
href="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">for
remote erasure of add-ons</a>.</p></li>
+ <li><p>Baidu's proprietary Android library, Moplus, has a back door
that <a
href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made">can
+ “upload files” as well as forcibly install
+ apps</a>.</p>
+ <p>It is used by 14,000 Android applications.</p></li>
+ <li><p><a
href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor">
A Chinese version of Android has a universal back door</a>. Nearly all
+ models of mobile phones have a universal back door in the modem chip. So
+ why did Coolpad bother to introduce another? Because this one is
controlled
+ by Coolpad.</p></li>
+ <li><p>In Android, <a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
+ Google has a back door to remotely delete apps.</a> (It is in a program
+ called GTalkService).</p>
+
+ <p>Google can also
+ <a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
+ forcibly and remotely install apps</a> through GTalkService (which
+ seems, since that article, to have been merged into Google Play).
+ This is not equivalent to a universal back door, but permits various
+ dirty tricks.</p>
+
+ <p>Although Google's <em>exercise</em> of this power has not been
+ malicious so far, the point is that nobody should have such power,
+ which could also be used maliciously. You might well decide to let a
+ security service remotely <em>deactivate</em> programs that it
+ considers malicious. But there is no excuse for allowing it
+ to <em>delete</em> the programs, and you should have the right to
+ decide who (if anyone) to trust in this way.</p></li>
+
+ <li><p><a id="samsung"
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
+ Samsung Galaxy devices running proprietary Android versions come with a
back
+ door</a> that provides remote access to the files stored on the
device.</p></li>
+
+</ul>
+<h3 id="censorship">Google Censorship</h3>
+<ul>
+
+ <li><p>Google <a
href="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">censors
+ add-ons for Chrome</a>.</p></li>
+ <li><p><a
href="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">Google
+ censored installation of Samsung's ad-blocker,</a> saying that
+ blocking ads is “interference” with the sites that
+ advertise (and surveil users through ads).</p>
+
+ <p>The ad-blocker is proprietary software, just like the program (Google
+ Play) that Google used to deny access to install it. Using a nonfree
program
+ gives the owner power over you, and Google has exercised that power.</p>
+
+ <p>Google's censorship, unlike that of Apple and Microsoft, is not total:
+ Android allows users to install apps in other ways. You can install
+ free programs from f-droid.org.</p></li>
+</ul>
+
+<h3 id="sabotage">Google Sabotage</h3>
+
+<p>The wrongs in this section are not precisely malware, since they do
+not involve making the program that runs in a way that hurts the user.
+But they are a lot like malware, since they are technical Apple
+actions that harm to the users of specific Apple software.</p>
+
+<ul>
+ <li><p>
+ Google has long had <a
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
+ back door to remotely unlock an Android device</a>, unless its
+ disk is encrypted (possible since Android 5.0 Lollipop, but
+ still not quite the default).</p></li>
+
+ <li><p>More than 73% of the most popular Android apps <a
href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a> of their users with third
parties.
+ </p></li>
+
+ <li><p>“Cryptic communication,” unrelated to the app's
functionality, was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android apps</a>.</p>
+
+ <p>The article should not have described these apps as
+ “free”—they are not free software. The clear way to
say
+ “zero price” is “gratis.”</p>
+
+ <p>The article takes for granted that the usual analytics tools are
+ legitimate, but is that valid? Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools that
snoop are
+ just as wrong as any other snooping.</p></li>
+
+ <li><p>Gratis Android apps (but not <a href="/philosophy/free-sw.html">free
software</a>) connect to 100
+ <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs,
+ on the average.</p></li>
+
+ <li><p>Spyware is present in some Android devices when they are sold.
Some Motorola phones modify Android to
+ <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ send personal data to Motorola</a>.</p></li>
+
+ <li><p>Spyware in Android phones (and Windows? laptops): The Wall
Street Journal (in an article blocked from us by a paywall)
+ reports that
+ <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android
+ phones and laptops</a>.
+ (I suspect this means Windows laptops.) Here is
+ <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></li>
+
+ <li><p>Google's new voice messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p></li>
+
+ <li><p>Nest thermometers send <a
href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
+ lot of data about the user</a>.</p></li>
+
+ <li><p>Many web sites report all their visitors to Google by using the
Google Analytics service, which
+ <a
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was visited.</a></p></li>
+
+ <li><p>Google Chrome makes it easy for an extension to do <a
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do so.</p></li>
+</ul>
+
+<h3 id="interference">Google Interference</h3>
+<ul>
+ <li><p>An upgrade package for Acrobat Reader <a
href="https://www.bleepingcomputer.com/news/software/adobe-acrobat-reader-dc-update-installs-chrome-browser-extension/">silently
+ alters Chrome</a>.</p></li>
+</ul>
+
+<h3 id="drm">Google DRM</h3>
+<ul>
+ <li><p>
+ Chrome <a
href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements
DRM</a>. So does Chromium, through nonfree software that is
+ effectively part of it.</p>
+
+ <p><a
href="https://bugs.chromium.org/p/chromium/issues/detail?id=686430">More
information</a>.</p></li>
+
+ <li><p>Android <a
href="https://developer.android.com/reference/android/drm/package-summary.html">contains
facilities specifically to support DRM.</a>
+ insecurity</p></li>
+
+ <li><p><a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones, Android, and
+ BlackBerry</a>. While there is not much detail here, it seems that
+ this does not operate via the universal back door that we know nearly
+ all portable phones have. It may involve exploiting various bugs.
+ There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p></li>
+</ul>
+
+<h3 id="tyrants">Google Tyrants</h3>
+<ul>
+ <li><p><a
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
Some Android phones are tyrants</a> (though someone found a way to
+ crack the restriction). Fortunately, most Android devices are not
tyrants.</p></li>
+</ul>
+
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:address@hidden"><address@hidden></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a href="mailto:address@hidden"><address@hidden></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:address@hidden">
+ <address@hidden></a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2016 Free Software Foundation, Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2017/03/07 20:25:46 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>
- www/proprietary malware-google.html,
Félicien PILLOT <=
- www/proprietary malware-google.html, GNUN, 2017/03/07
- www/proprietary malware-google.html, Therese Godefroy, 2017/03/07
- www/proprietary malware-google.html, Therese Godefroy, 2017/03/08
- www/proprietary malware-google.html, Pavel Kharitonov, 2017/03/08
- www/proprietary malware-google.html, Therese Godefroy, 2017/03/08
- www/proprietary malware-google.html, Therese Godefroy, 2017/03/08
- www/proprietary malware-google.html, Félicien PILLOT, 2017/03/08
- www/proprietary malware-google.html, Therese Godefroy, 2017/03/08
- www/proprietary malware-google.html, Félicien PILLOT, 2017/03/09
- www/proprietary malware-google.html, Pavel Kharitonov, 2017/03/13