[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www proprietary/po/malware-webpages.de-diff.htm...
|
From: |
GNUN |
|
Subject: |
www proprietary/po/malware-webpages.de-diff.htm... |
|
Date: |
Mon, 1 Oct 2018 15:58:12 -0400 (EDT) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 18/10/01 15:58:12
Modified files:
proprietary/po : malware-webpages.de-diff.html
malware-webpages.de.po malware-webpages.fr.po
malware-webpages.pot malware-webpages.ru.po
proprietary-surveillance.de.po
proprietary-surveillance.fr.po
proprietary-surveillance.it-diff.html
proprietary-surveillance.it.po
proprietary-surveillance.ja-diff.html
proprietary-surveillance.ja.po
proprietary-surveillance.pot
proprietary-surveillance.ru.po
thankgnus/po : 2018supporters.de.po 2018supporters.pot
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-webpages.de-diff.html?cvsroot=www&r1=1.4&r2=1.5
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-webpages.de.po?cvsroot=www&r1=1.8&r2=1.9
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-webpages.fr.po?cvsroot=www&r1=1.13&r2=1.14
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-webpages.pot?cvsroot=www&r1=1.7&r2=1.8
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-webpages.ru.po?cvsroot=www&r1=1.14&r2=1.15
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.de.po?cvsroot=www&r1=1.231&r2=1.232
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.fr.po?cvsroot=www&r1=1.317&r2=1.318
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.it-diff.html?cvsroot=www&r1=1.71&r2=1.72
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.it.po?cvsroot=www&r1=1.244&r2=1.245
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ja-diff.html?cvsroot=www&r1=1.82&r2=1.83
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ja.po?cvsroot=www&r1=1.217&r2=1.218
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.pot?cvsroot=www&r1=1.166&r2=1.167
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ru.po?cvsroot=www&r1=1.405&r2=1.406
http://web.cvs.savannah.gnu.org/viewcvs/www/thankgnus/po/2018supporters.de.po?cvsroot=www&r1=1.47&r2=1.48
http://web.cvs.savannah.gnu.org/viewcvs/www/thankgnus/po/2018supporters.pot?cvsroot=www&r1=1.42&r2=1.43
Patches:
Index: proprietary/po/malware-webpages.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-webpages.de-diff.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- proprietary/po/malware-webpages.de-diff.html 25 Jul 2018 02:00:53
-0000 1.4
+++ proprietary/po/malware-webpages.de-diff.html 1 Oct 2018 19:58:10
-0000 1.5
@@ -11,7 +11,12 @@
</style></head>
<body><pre>
<!--#include virtual="/server/header.html" -->
-<!-- Parent-Version: <span
class="removed"><del><strong>1.83</strong></del></span> <span
class="inserted"><ins><em>1.84</em></ins></span> -->
+<!-- Parent-Version: <span
class="removed"><del><strong>1.83</strong></del></span> <span
class="inserted"><ins><em>1.84 -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Generated from propr-blurbs.rec. Please do not edit this file manually !
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</em></ins></span>
+-->
<title>Malware in Webpages
- GNU Project - Free Software Foundation</title>
<style type="text/css" media="print,screen"><!--
@@ -58,54 +63,146 @@
many sites collect information that the user sends, via forms or otherwise, but
here we're not talking about that.</p>
-<ul>
+<span class="removed"><del><strong><ul>
+ <li></strong></del></span>
- <li>
- <span class="inserted"><ins><em><p>Some websites send JavaScript
code to collect all the user's
- input, <a
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
can then
- be used to reproduce the whole session</a>.</p>
+<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT webpages -->
+ <li id="M201807190">
+ <p>British Airways used <a
+
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
+ JavaScript on its web site to give other companies personal data on
+ its customers</a>.</p>
+ </li>
- <p>If you use LibreJS, it will block that malicious Javascript
- code.</p>
+ <li id="M201805170">
+ <p>The Storyful program <a
+
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
+ on the reporters that use it</a>.</p>
</li>
+ <li id="M201712300">
+ <p>Some JavaScript malware <a
+
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
+ swipes usernames from browser-based password managers</a>.</p>
+ </li>
- <li></em></ins></span>
- <p>Many web sites
- <a
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
- snoop on information that users have typed into a form but not
sent</a>.
- </p>
+ <li id="M201712210"></em></ins></span>
+ <p>Many web sites <span class="inserted"><ins><em>use JavaScript
code</em></ins></span> <a
+
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
+ <span class="inserted"><ins><em>to</em></ins></span> snoop on information
that users have typed into a
+ form but not <span class="removed"><del><strong>sent</a>.
+ </p></strong></del></span> <span
class="inserted"><ins><em>sent</a>, in order to learn their identity.
Some are <a
+
href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
+ getting sued</a> for this.</p>
+ </li>
+
+ <li id="M201711150">
+ <p>Some websites send
+ JavaScript code to collect all the user's input, <a
+
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
+ can then be used to reproduce the whole session</a>.</p>
+
+ <p>If you use LibreJS, it will block that malicious JavaScript
+ code.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201701060">
+ <p>When a page uses Disqus
+ for comments, the proprietary Disqus software <a
+
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
+ a Facebook software package into the browser of every anonymous visitor
+ to the page, and makes the page's URL available to
Facebook</a>.</p>
+ </li>
+
+ <li id="M201612064">
+ <p>Online sales, with tracking and surveillance of customers, <a
+
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
+ businesses to show different people different prices</a>. Most of
+ the tracking is done by recording interactions with servers, but
+ proprietary software contributes.</p>
</li>
- <li>
- <p>A
- <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
- research paper</a> that investigated the privacy and security of
283
- Android VPN apps concluded that “in spite of the promises for
- privacy, security, and anonymity given by the majority of VPN
+
+ <li id="M201611161"></em></ins></span>
+ <p>A <a
+
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated the privacy and security of
+ 283 Android VPN apps concluded that “in spite of the promises
+ for privacy, security, and anonymity given by the majority of VPN
apps—millions of users may be unawarely subject to poor security
guarantees and abusive practices inflicted by VPN apps.”</p>
- <p>Following is a non-exhaustive list of some proprietary VPN apps
from the
- research paper that tracks users and infringes their privacy:</p>
+ <span class="removed"><del><strong><p>Following is a non-exhaustive
list</strong></del></span>
+
+ <span class="inserted"><ins><em><p>Here are two examples, taken from
the research paper,</em></ins></span> of <span
class="removed"><del><strong>some</strong></del></span>
+ proprietary VPN apps <span class="removed"><del><strong>from the
+ research paper</strong></del></span> that <span
class="removed"><del><strong>tracks</strong></del></span> <span
class="inserted"><ins><em>use JavaScript to track</em></ins></span> users and
<span class="removed"><del><strong>infringes</strong></del></span> <span
class="inserted"><ins><em>infringe</em></ins></span>
+ their privacy:</p>
+
<dl>
<dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into the HTML pages returned to the
users. The
- stated purpose of the JS injection is to display ads. Uses roughly five
- tracking libraries. Also, it redirects the user's traffic through
- valueclick.com (an advertising website).</dd>
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display ads. Uses
+ roughly five tracking libraries. Also, it redirects the user's
+ traffic through valueclick.com (an advertising website).</dd>
+
<dt>WiFi Protector VPN</dt>
- <dd>Injects JavaScript code into HTML pages, and also uses roughly
five
- tracking libraries. Developers of this app have confirmed that the
- non-premium version of the app does JavaScript injection for tracking
- the user and displaying ads.</dd>
+ <dd>Injects JavaScript code into HTML pages, and also uses roughly
+ five tracking libraries. Developers of this app have confirmed that
+ the non-premium version of the app does JavaScript injection for
+ tracking the user and displaying ads.</dd>
</dl>
</li>
- <li>
- <p>E-books can contain JavaScript code, and
- <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
+ <span class="removed"><del><strong><li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201603080"></em></ins></span>
+ <p>E-books can contain JavaScript code, and <a
+
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
sometimes this code snoops on readers</a>.</p>
</li>
+
+ <span class="inserted"><ins><em><li id="M201310110">
+ <p>Flash and JavaScript are used for <a
+
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices</a> to identify users.</p>
+ </li>
+
+ <li id="M201210240">
+ <p>Many web sites rat their visitors to advertising
+ networks that track users. Of the top 1000 web sites, <a
+
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
+ (as of 5/17/2012) fed their visitors third-party cookies, allowing
+ other sites to track them</a>.</p>
+ </li>
+
+ <li id="M201208210">
+ <p>Many web sites report all their visitors
+ to Google by using the Google Analytics service, which <a
+
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was
visited</a>.</p>
+ </li>
+
+ <li id="M201200000">
+ <p>Many web sites try to collect users' address books (the user's
list
+ of other people's phone numbers or email addresses). This violates
+ the privacy of those other people.</p>
+ </li>
+
+ <li id="M201110040">
+ <p>Pages that contain “Like” buttons <a
+
href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
+ enable Facebook to track visitors to those pages</a>—even users
+ that don't have Facebook accounts.</p>
+ </li>
+
+ <li id="M201003010">
+ <p>Flash Player's <a
+
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
+ cookie feature helps web sites track visitors</a>.</p>
+ </li></em></ins></span>
</ul>
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
@@ -164,7 +261,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/07/25 02:00:53 $
+$Date: 2018/10/01 19:58:10 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/malware-webpages.de.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-webpages.de.po,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -b -r1.8 -r1.9
--- proprietary/po/malware-webpages.de.po 25 Jul 2018 02:00:53 -0000
1.8
+++ proprietary/po/malware-webpages.de.po 1 Oct 2018 19:58:10 -0000
1.9
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: malware-webpages.html\n"
"Report-Msgid-Bugs-To: Webmasters <address@hidden>\n"
-"POT-Creation-Date: 2018-07-25 01:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2017-12-05 22:00+0100\n"
"Last-Translator: Jоегg Kоhпе <joeko (AT) online [PUNKT] de>\n"
"Language-Team: German <address@hidden>\n"
@@ -72,12 +72,24 @@
"aufzuerlegen."
#. type: Content of: <div><p>
+# || No change detected. The change might only be in amounts of spaces.
+#, fuzzy
+#| msgid ""
+#| "If you know of an example that ought to be in this page but isn't here, "
+#| "please write to <a href=\"mailto:address@hidden";><address@hidden"
+#| "org></a> to inform us. Please include the URL of a trustworthy "
+#| "reference or two to present the specifics."
msgid ""
"If you know of an example that ought to be in this page but isn't here, "
"please write to <a href=\"mailto:address@hidden";><address@hidden"
"org></a> to inform us. Please include the URL of a trustworthy reference "
"or two to present the specifics."
msgstr ""
+"Sollten Sie von einem Beispiel wissen, dass hier genannt werden sollte aber "
+"nicht aufgeführt wird, informieren Sie uns bitte unter <a href=\"mailto:";
+"address@hidden"><address@hidden></a> darüber. Bitte geben Sie "
+"die URL einer vertrauenswürdigen Referenz (oder zwei) an, um die "
+"Einzelheiten aufzuzeigen."
#. type: Content of: <p>
msgid ""
@@ -96,6 +108,56 @@
#. type: Content of: <ul><li><p>
msgid ""
+"British Airways used <a href=\"https://www.theverge.com/2018/7/19/17591732/";
+"british-airways-gdpr-compliance-twitter-personal-data-security\">nonfree "
+"JavaScript on its web site to give other companies personal data on its "
+"customers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"The Storyful program <a href=\"https://www.theguardian.com/world/2018/may/17/";
+"revealed-how-storyful-uses-tool-monitor-what-journalists-watch\">spies on "
+"the reporters that use it</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Some JavaScript malware <a href=\"https://www.theverge.";
+"com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research"
+"\"> swipes usernames from browser-based password managers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+# | Many web sites {+use JavaScript code+} <a
+# |
href=\"http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081\";>
+# | {+to+} snoop on information that users have typed into a form but not
+# | [-sent</a>.-] {+sent</a>, in order to learn their identity. Some are <a
+# |
href=\"https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege\";>
+# | getting sued</a> for this.+}
+#, fuzzy
+#| msgid ""
+#| "Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
+#| "company-has-already-logge-1795906081\"> snoop on information that users "
+#| "have typed into a form but not sent</a>."
+msgid ""
+"Many web sites use JavaScript code <a href=\"http://gizmodo.com/before-you-";
+"hit-submit-this-company-has-already-logge-1795906081\"> to snoop on "
+"information that users have typed into a form but not sent</a>, in order to "
+"learn their identity. Some are <a href=\"https://www.manatt.com/Insights/";
+"Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-"
+"Allege\"> getting sued</a> for this."
+msgstr ""
+"Viele Präsenzen <a href=\"https://gizmodo.com/before-you-hit-submit-this-";
+"company-has-already-logge-1795906081\" title=\"Kashmir Hill und Surya Mattu, "
+"Before You Hit 'Submit,' This Company Has Already Logged Your Personal Data, "
+"unter: https://gizmodo.com/before-you-hit-submit-this-company-has-already-";
+"logge-1795906081, Gizmodo 2017.\">schnüffeln bereits Information aus, die "
+"Besucher erst in Formulare eingegeben, aber noch gar nicht gesendet haben</"
+"a>."
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Some websites send JavaScript code to collect all the user's input, <a href="
"\"https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-";
"personal-data-by-session-replay-scripts/\">which can then be used to "
@@ -110,22 +172,29 @@
"der gesamten Sitzung verwendet werden können</a>."
#. type: Content of: <ul><li><p>
-msgid "If you use LibreJS, it will block that malicious Javascript code."
+# | If you use LibreJS, it will block that malicious Java[-s-]{+S+}cript code.
+#, fuzzy
+#| msgid "If you use LibreJS, it will block that malicious Javascript code."
+msgid "If you use LibreJS, it will block that malicious JavaScript code."
msgstr "Mit LibreJS wird dieser schädliche JavaScript-Code blockiert."
#. type: Content of: <ul><li><p>
msgid ""
-"Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
-"company-has-already-logge-1795906081\"> snoop on information that users have "
-"typed into a form but not sent</a>."
+"When a page uses Disqus for comments, the proprietary Disqus software <a "
+"href=\"https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-";
+"comments-when-not-logged-in-sends-the-url-to-facebook\">loads a Facebook "
+"software package into the browser of every anonymous visitor to the page, "
+"and makes the page's URL available to Facebook</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Online sales, with tracking and surveillance of customers, <a href=\"https://";
+"www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-"
+"browsing-history-could-mean-rip-off-prices\">enables businesses to show "
+"different people different prices</a>. Most of the tracking is done by "
+"recording interactions with servers, but proprietary software contributes."
msgstr ""
-"Viele Präsenzen <a href=\"https://gizmodo.com/before-you-hit-submit-this-";
-"company-has-already-logge-1795906081\" title=\"Kashmir Hill und Surya Mattu, "
-"Before You Hit 'Submit,' This Company Has Already Logged Your Personal Data, "
-"unter: https://gizmodo.com/before-you-hit-submit-this-company-has-already-";
-"logge-1795906081, Gizmodo 2017.\">schnüffeln bereits Information aus, die "
-"Besucher erst in Formulare eingegeben, aber noch gar nicht gesendet haben</"
-"a>."
#. type: Content of: <ul><li><p>
msgid ""
@@ -152,9 +221,17 @@
"die von VPN-Apps verursacht werden, unterliegen könnten.â</a>"
#. type: Content of: <ul><li><p>
+# | [-Following is a non-exhaustive list-]{+Here are two examples, taken from
+# | the research paper,+} of [-some-] proprietary VPN apps [-from the research
+# | paper-] that [-tracks-] {+use JavaScript to track+} users and
+# | infringe[-s-] their privacy:
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of some proprietary VPN apps from the "
+#| "research paper that tracks users and infringes their privacy:"
msgid ""
-"Following is a non-exhaustive list of some proprietary VPN apps from the "
-"research paper that tracks users and infringes their privacy:"
+"Here are two examples, taken from the research paper, of proprietary VPN "
+"apps that use JavaScript to track users and infringe their privacy:"
msgstr ""
"Nachfolgend eine unvollständige Ãbersicht einiger proprietärer VPN-Apps
aus "
"der Forschungsarbeit, die die Nutzer verfolgen und deren Privatsphäre "
@@ -206,6 +283,54 @@
"mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds The "
"Guardian 2017.\">so die Leserschaft bisweilen ausschnüffeln</a>."
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash and JavaScript are used for <a href=\"http://arstechnica.com/";
+"security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-"
+"fingerprinting/\"> “fingerprinting” devices</a> to identify "
+"users."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites rat their visitors to advertising networks that track users. "
+"Of the top 1000 web sites, <a href=\"https://www.law.berkeley.edu/research/";
+"bclt/research/privacy-at-bclt/web-privacy-census/\">84% (as of 5/17/2012) "
+"fed their visitors third-party cookies, allowing other sites to track them</"
+"a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites report all their visitors to Google by using the Google "
+"Analytics service, which <a href=\"http://www.pcworld.idg.com.au/";
+"article/434164/"
+"google_analytics_breaks_norwegian_privacy_laws_local_agency_said/\"> tells "
+"Google the IP address and the page that was visited</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites try to collect users' address books (the user's list of other "
+"people's phone numbers or email addresses). This violates the privacy of "
+"those other people."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Pages that contain “Like” buttons <a href=\"https://www.smh.com.";
+"au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-"
+"uncovered-20111004-1l61i.html\"> enable Facebook to track visitors to those "
+"pages</a>—even users that don't have Facebook accounts."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash Player's <a href=\"http://www.imasuper.com/66/technology/flash-cookies-";
+"the-silent-privacy-killer/\"> cookie feature helps web sites track visitors</"
+"a>."
+msgstr ""
+
#. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.
#. type: Content of: <div>
msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*"
Index: proprietary/po/malware-webpages.fr.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-webpages.fr.po,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- proprietary/po/malware-webpages.fr.po 25 Sep 2018 21:06:12 -0000
1.13
+++ proprietary/po/malware-webpages.fr.po 1 Oct 2018 19:58:10 -0000
1.14
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-webpages.html\n"
-"POT-Creation-Date: 2018-07-25 01:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-09-02 00:24+0200\n"
"Last-Translator: Thérèse Godefroy <godef.th AT free.fr>\n"
"Language-Team: French <address@hidden>\n"
@@ -14,6 +14,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 19:55+0000\n"
#. type: Content of: <title>
msgid "Malware in Webpages - GNU Project - Free Software Foundation"
@@ -91,6 +92,52 @@
#. type: Content of: <ul><li><p>
msgid ""
+"British Airways used <a href=\"https://www.theverge.com/2018/7/19/17591732/";
+"british-airways-gdpr-compliance-twitter-personal-data-security\">nonfree "
+"JavaScript on its web site to give other companies personal data on its "
+"customers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"The Storyful program <a href=\"https://www.theguardian.com/world/2018/may/17/";
+"revealed-how-storyful-uses-tool-monitor-what-journalists-watch\">spies on "
+"the reporters that use it</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Some JavaScript malware <a href=\"https://www.theverge.";
+"com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research"
+"\"> swipes usernames from browser-based password managers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+# | Many web sites {+use JavaScript code+} <a
+# |
href=\"http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081\";>
+# | {+to+} snoop on information that users have typed into a form but not
+# | [-sent</a>.-] {+sent</a>, in order to learn their identity. Some are <a
+# |
href=\"https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege\";>
+# | getting sued</a> for this.+}
+#, fuzzy
+#| msgid ""
+#| "Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
+#| "company-has-already-logge-1795906081\"> snoop on information that users "
+#| "have typed into a form but not sent</a>."
+msgid ""
+"Many web sites use JavaScript code <a href=\"http://gizmodo.com/before-you-";
+"hit-submit-this-company-has-already-logge-1795906081\"> to snoop on "
+"information that users have typed into a form but not sent</a>, in order to "
+"learn their identity. Some are <a href=\"https://www.manatt.com/Insights/";
+"Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-"
+"Allege\"> getting sued</a> for this."
+msgstr ""
+"De nombreux sites web <a href=\"http://gizmodo.com/before-you-hit-submit-";
+"this-company-has-already-logge-1795906081\">récupèrent l'information que
les "
+"utilisateurs ont saisie dans un formulaire mais n'ont pas envoyée</a>."
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Some websites send JavaScript code to collect all the user's input, <a href="
"\"https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-";
"personal-data-by-session-replay-scripts/\">which can then be used to "
@@ -102,18 +149,29 @@
"qui permet de reproduire l'ensemble de la session</a>."
#. type: Content of: <ul><li><p>
-msgid "If you use LibreJS, it will block that malicious Javascript code."
+# | If you use LibreJS, it will block that malicious Java[-s-]{+S+}cript code.
+#, fuzzy
+#| msgid "If you use LibreJS, it will block that malicious Javascript code."
+msgid "If you use LibreJS, it will block that malicious JavaScript code."
msgstr "Si vous utilisez LibreJS, il bloquera ce code JavaScript malveillant."
#. type: Content of: <ul><li><p>
msgid ""
-"Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
-"company-has-already-logge-1795906081\"> snoop on information that users have "
-"typed into a form but not sent</a>."
+"When a page uses Disqus for comments, the proprietary Disqus software <a "
+"href=\"https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-";
+"comments-when-not-logged-in-sends-the-url-to-facebook\">loads a Facebook "
+"software package into the browser of every anonymous visitor to the page, "
+"and makes the page's URL available to Facebook</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Online sales, with tracking and surveillance of customers, <a href=\"https://";
+"www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-"
+"browsing-history-could-mean-rip-off-prices\">enables businesses to show "
+"different people different prices</a>. Most of the tracking is done by "
+"recording interactions with servers, but proprietary software contributes."
msgstr ""
-"De nombreux sites web <a href=\"http://gizmodo.com/before-you-hit-submit-";
-"this-company-has-already-logge-1795906081\">récupèrent l'information que
les "
-"utilisateurs ont saisie dans un formulaire mais n'ont pas envoyée</a>."
#. type: Content of: <ul><li><p>
msgid ""
@@ -133,9 +191,17 @@
"fallacieuses et des pratiques abusives que ces applis leur infligent. »"
#. type: Content of: <ul><li><p>
+# | [-Following is a non-exhaustive list-]{+Here are two examples, taken from
+# | the research paper,+} of [-some-] proprietary VPN apps [-from the research
+# | paper-] that [-tracks-] {+use JavaScript to track+} users and
+# | infringe[-s-] their privacy:
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of some proprietary VPN apps from the "
+#| "research paper that tracks users and infringes their privacy:"
msgid ""
-"Following is a non-exhaustive list of some proprietary VPN apps from the "
-"research paper that tracks users and infringes their privacy:"
+"Here are two examples, taken from the research paper, of proprietary VPN "
+"apps that use JavaScript to track users and infringe their privacy:"
msgstr ""
"La liste suivante, non exhaustive, est tirée de cet article. Elle
répertorie "
"des applis VPN privatrices qui traquent les utilisateurs et portent atteinte "
@@ -184,6 +250,54 @@
"books-faster-than-women-study-finds\">parfois ce code espionne "
"l'utilisateur</a>."
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash and JavaScript are used for <a href=\"http://arstechnica.com/";
+"security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-"
+"fingerprinting/\"> “fingerprinting” devices</a> to identify "
+"users."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites rat their visitors to advertising networks that track users. "
+"Of the top 1000 web sites, <a href=\"https://www.law.berkeley.edu/research/";
+"bclt/research/privacy-at-bclt/web-privacy-census/\">84% (as of 5/17/2012) "
+"fed their visitors third-party cookies, allowing other sites to track them</"
+"a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites report all their visitors to Google by using the Google "
+"Analytics service, which <a href=\"http://www.pcworld.idg.com.au/";
+"article/434164/"
+"google_analytics_breaks_norwegian_privacy_laws_local_agency_said/\"> tells "
+"Google the IP address and the page that was visited</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites try to collect users' address books (the user's list of other "
+"people's phone numbers or email addresses). This violates the privacy of "
+"those other people."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Pages that contain “Like” buttons <a href=\"https://www.smh.com.";
+"au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-"
+"uncovered-20111004-1l61i.html\"> enable Facebook to track visitors to those "
+"pages</a>—even users that don't have Facebook accounts."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash Player's <a href=\"http://www.imasuper.com/66/technology/flash-cookies-";
+"the-silent-privacy-killer/\"> cookie feature helps web sites track visitors</"
+"a>."
+msgstr ""
+
#. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.
#. type: Content of: <div>
msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*"
Index: proprietary/po/malware-webpages.pot
===================================================================
RCS file: /web/www/www/proprietary/po/malware-webpages.pot,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- proprietary/po/malware-webpages.pot 25 Jul 2018 02:00:53 -0000 1.7
+++ proprietary/po/malware-webpages.pot 1 Oct 2018 19:58:10 -0000 1.8
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-webpages.html\n"
-"POT-Creation-Date: 2018-07-25 01:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <address@hidden>\n"
"Language-Team: LANGUAGE <address@hidden>\n"
@@ -69,20 +69,62 @@
#. type: Content of: <ul><li><p>
msgid ""
+"British Airways used <a "
+"href=\"https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security\";>nonfree
"
+"JavaScript on its web site to give other companies personal data on its "
+"customers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"The Storyful program <a "
+"href=\"https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch\";>spies
"
+"on the reporters that use it</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Some JavaScript malware <a "
+"href=\"https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research\";>
"
+"swipes usernames from browser-based password managers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites use JavaScript code <a "
+"href=\"http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081\";>
"
+"to snoop on information that users have typed into a form but not sent</a>, "
+"in order to learn their identity. Some are <a "
+"href=\"https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege\";>
"
+"getting sued</a> for this."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Some websites send JavaScript code to collect all the user's input, <a "
"href=\"https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/\";>which
"
"can then be used to reproduce the whole session</a>."
msgstr ""
#. type: Content of: <ul><li><p>
-msgid "If you use LibreJS, it will block that malicious Javascript code."
+msgid "If you use LibreJS, it will block that malicious JavaScript code."
msgstr ""
#. type: Content of: <ul><li><p>
msgid ""
-"Many web sites <a "
-"href=\"http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081\";>
"
-"snoop on information that users have typed into a form but not sent</a>."
+"When a page uses Disqus for comments, the proprietary Disqus software <a "
+"href=\"https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook\";>loads
"
+"a Facebook software package into the browser of every anonymous visitor to "
+"the page, and makes the page's URL available to Facebook</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Online sales, with tracking and surveillance of customers, <a "
+"href=\"https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices\";>enables
"
+"businesses to show different people different prices</a>. Most of the "
+"tracking is done by recording interactions with servers, but proprietary "
+"software contributes."
msgstr ""
#. type: Content of: <ul><li><p>
@@ -98,8 +140,8 @@
#. type: Content of: <ul><li><p>
msgid ""
-"Following is a non-exhaustive list of some proprietary VPN apps from the "
-"research paper that tracks users and infringes their privacy:"
+"Here are two examples, taken from the research paper, of proprietary VPN "
+"apps that use JavaScript to track users and infringe their privacy:"
msgstr ""
#. type: Content of: <ul><li><dl><dt>
@@ -133,6 +175,52 @@
"sometimes this code snoops on readers</a>."
msgstr ""
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash and JavaScript are used for <a "
+"href=\"http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/\";>
"
+"“fingerprinting” devices</a> to identify users."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites rat their visitors to advertising networks that track users. "
+"Of the top 1000 web sites, <a "
+"href=\"https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/\";>84%
"
+"(as of 5/17/2012) fed their visitors third-party cookies, allowing other "
+"sites to track them</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites report all their visitors to Google by using the Google "
+"Analytics service, which <a "
+"href=\"http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/\";>
"
+"tells Google the IP address and the page that was visited</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites try to collect users' address books (the user's list of other "
+"people's phone numbers or email addresses). This violates the privacy of "
+"those other people."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Pages that contain “Like” buttons <a "
+"href=\"https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html\";>
"
+"enable Facebook to track visitors to those pages</a>—even users that "
+"don't have Facebook accounts."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash Player's <a "
+"href=\"http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/\";>
"
+"cookie feature helps web sites track visitors</a>."
+msgstr ""
+
#. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.
#. type: Content of: <div>
msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*"
Index: proprietary/po/malware-webpages.ru.po
===================================================================
RCS file: /web/www/www/proprietary/po/malware-webpages.ru.po,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -b -r1.14 -r1.15
--- proprietary/po/malware-webpages.ru.po 25 Jul 2018 16:30:38 -0000
1.14
+++ proprietary/po/malware-webpages.ru.po 1 Oct 2018 19:58:10 -0000
1.15
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: malware-webpages.html\n"
-"POT-Creation-Date: 2018-07-25 01:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-06-22 08:22+0000\n"
"Last-Translator: Ineiev <address@hidden>\n"
"Language-Team: Russian <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 19:55+0000\n"
#. type: Content of: <title>
msgid "Malware in Webpages - GNU Project - Free Software Foundation"
@@ -93,6 +94,52 @@
#. type: Content of: <ul><li><p>
msgid ""
+"British Airways used <a href=\"https://www.theverge.com/2018/7/19/17591732/";
+"british-airways-gdpr-compliance-twitter-personal-data-security\">nonfree "
+"JavaScript on its web site to give other companies personal data on its "
+"customers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"The Storyful program <a href=\"https://www.theguardian.com/world/2018/may/17/";
+"revealed-how-storyful-uses-tool-monitor-what-journalists-watch\">spies on "
+"the reporters that use it</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Some JavaScript malware <a href=\"https://www.theverge.";
+"com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research"
+"\"> swipes usernames from browser-based password managers</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+# | Many web sites {+use JavaScript code+} <a
+# |
href=\"http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081\";>
+# | {+to+} snoop on information that users have typed into a form but not
+# | [-sent</a>.-] {+sent</a>, in order to learn their identity. Some are <a
+# |
href=\"https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege\";>
+# | getting sued</a> for this.+}
+#, fuzzy
+#| msgid ""
+#| "Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
+#| "company-has-already-logge-1795906081\"> snoop on information that users "
+#| "have typed into a form but not sent</a>."
+msgid ""
+"Many web sites use JavaScript code <a href=\"http://gizmodo.com/before-you-";
+"hit-submit-this-company-has-already-logge-1795906081\"> to snoop on "
+"information that users have typed into a form but not sent</a>, in order to "
+"learn their identity. Some are <a href=\"https://www.manatt.com/Insights/";
+"Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-"
+"Allege\"> getting sued</a> for this."
+msgstr ""
+"Ðногие ÑайÑÑ <a
href=\"http://gizmodo.com/before-you-hit-submit-this-company-";
+"has-already-logge-1795906081\">подглÑдÑваÑÑ Ð·Ð° Ñем, ÑÑо
полÑзоваÑели ввели в "
+"ÑоÑмÑ, но не оÑпÑавили</a>."
+
+#. type: Content of: <ul><li><p>
+msgid ""
"Some websites send JavaScript code to collect all the user's input, <a href="
"\"https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-";
"personal-data-by-session-replay-scripts/\">which can then be used to "
@@ -104,20 +151,31 @@
"заÑем Ñ Ð¿Ð¾Ð¼Ð¾ÑÑÑ ÑÑого можно воÑпÑоизвеÑÑи
веÑÑ ÑÐµÐ°Ð½Ñ ÑабоÑÑ</a>."
#. type: Content of: <ul><li><p>
-msgid "If you use LibreJS, it will block that malicious Javascript code."
+# | If you use LibreJS, it will block that malicious Java[-s-]{+S+}cript code.
+#, fuzzy
+#| msgid "If you use LibreJS, it will block that malicious Javascript code."
+msgid "If you use LibreJS, it will block that malicious JavaScript code."
msgstr ""
"ÐÑли полÑзоваÑÑÑÑ LibreJS, Ñо ÑÑи вÑедоноÑнÑе
пÑогÑÐ°Ð¼Ð¼Ñ Ð½Ð° JavaScript "
"блокиÑÑÑÑÑÑ."
#. type: Content of: <ul><li><p>
msgid ""
-"Many web sites <a href=\"http://gizmodo.com/before-you-hit-submit-this-";
-"company-has-already-logge-1795906081\"> snoop on information that users have "
-"typed into a form but not sent</a>."
+"When a page uses Disqus for comments, the proprietary Disqus software <a "
+"href=\"https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-";
+"comments-when-not-logged-in-sends-the-url-to-facebook\">loads a Facebook "
+"software package into the browser of every anonymous visitor to the page, "
+"and makes the page's URL available to Facebook</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Online sales, with tracking and surveillance of customers, <a href=\"https://";
+"www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-"
+"browsing-history-could-mean-rip-off-prices\">enables businesses to show "
+"different people different prices</a>. Most of the tracking is done by "
+"recording interactions with servers, but proprietary software contributes."
msgstr ""
-"Ðногие ÑайÑÑ <a
href=\"http://gizmodo.com/before-you-hit-submit-this-company-";
-"has-already-logge-1795906081\">подглÑдÑваÑÑ Ð·Ð° Ñем, ÑÑо
полÑзоваÑели ввели в "
-"ÑоÑмÑ, но не оÑпÑавили</a>."
#. type: Content of: <ul><li><p>
msgid ""
@@ -137,9 +195,17 @@
"VPN</a>”."
#. type: Content of: <ul><li><p>
+# | [-Following is a non-exhaustive list-]{+Here are two examples, taken from
+# | the research paper,+} of [-some-] proprietary VPN apps [-from the research
+# | paper-] that [-tracks-] {+use JavaScript to track+} users and
+# | infringe[-s-] their privacy:
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of some proprietary VPN apps from the "
+#| "research paper that tracks users and infringes their privacy:"
msgid ""
-"Following is a non-exhaustive list of some proprietary VPN apps from the "
-"research paper that tracks users and infringes their privacy:"
+"Here are two examples, taken from the research paper, of proprietary VPN "
+"apps that use JavaScript to track users and infringe their privacy:"
msgstr ""
"Ðалее ÑледÑÐµÑ Ð½ÐµÐ¸ÑÑеÑпÑваÑÑий ÑпиÑок
некоÑоÑÑÑ
неÑвободнÑÑ
пÑиложений Ð´Ð»Ñ "
"VPN, коÑоÑÑе ÑледÑÑ Ð·Ð° полÑзоваÑелÑми и
вÑоÑгаÑÑÑÑ Ð² иÑ
лиÑнÑÑ Ð¶Ð¸Ð·Ð½Ñ:"
@@ -187,6 +253,54 @@
"study-finds\">пÑогÑÐ°Ð¼Ð¼Ñ Ð½Ð° JavaScript, коÑоÑÑе иногда
подглÑдÑваÑÑ Ð·Ð° "
"ÑиÑаÑелÑми</a>."
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash and JavaScript are used for <a href=\"http://arstechnica.com/";
+"security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-"
+"fingerprinting/\"> “fingerprinting” devices</a> to identify "
+"users."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites rat their visitors to advertising networks that track users. "
+"Of the top 1000 web sites, <a href=\"https://www.law.berkeley.edu/research/";
+"bclt/research/privacy-at-bclt/web-privacy-census/\">84% (as of 5/17/2012) "
+"fed their visitors third-party cookies, allowing other sites to track them</"
+"a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites report all their visitors to Google by using the Google "
+"Analytics service, which <a href=\"http://www.pcworld.idg.com.au/";
+"article/434164/"
+"google_analytics_breaks_norwegian_privacy_laws_local_agency_said/\"> tells "
+"Google the IP address and the page that was visited</a>."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Many web sites try to collect users' address books (the user's list of other "
+"people's phone numbers or email addresses). This violates the privacy of "
+"those other people."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Pages that contain “Like” buttons <a href=\"https://www.smh.com.";
+"au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-"
+"uncovered-20111004-1l61i.html\"> enable Facebook to track visitors to those "
+"pages</a>—even users that don't have Facebook accounts."
+msgstr ""
+
+#. type: Content of: <ul><li><p>
+msgid ""
+"Flash Player's <a href=\"http://www.imasuper.com/66/technology/flash-cookies-";
+"the-silent-privacy-killer/\"> cookie feature helps web sites track visitors</"
+"a>."
+msgstr ""
+
# type: Content of: <div><div>
#. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.
#. type: Content of: <div>
Index: proprietary/po/proprietary-surveillance.de.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.de.po,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -b -r1.231 -r1.232
--- proprietary/po/proprietary-surveillance.de.po 1 Oct 2018 09:59:22
-0000 1.231
+++ proprietary/po/proprietary-surveillance.de.po 1 Oct 2018 19:58:10
-0000 1.232
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
"Report-Msgid-Bugs-To: Webmasters <address@hidden>\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-05-18 22:00+0200\n"
"Last-Translator: Jоегg Kоhпе <joeko (AT) online [PUNKT] de>\n"
"Language-Team: German <address@hidden>\n"
@@ -2153,9 +2153,17 @@
"unterliegen könnten.â</cite>"
#. type: Content of: <ul><li><p>
+# | Following is a non-exhaustive [-list-] {+list, taken from the research
+# | paper,+} of {+some+} proprietary VPN apps [-from the research paper-] that
+# | [-tracks-] {+track users+} and [-infringes the privacy of users:-]
+# | {+infringe their privacy:+}
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of proprietary VPN apps from the "
+#| "research paper that tracks and infringes the privacy of users:"
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
"Im Folgenden eine unvollständige Ãbersicht proprietärer VPN-Apps aus der "
"Arbeit, welche Nutzer verfolgt und die Privatsphäre verletzt:"
@@ -2248,7 +2256,7 @@
# | Injects JavaScript code into HTML pages, and also uses roughly [-5-]
# | {+five+} tracking libraries. Developers of this app have confirmed that
# | the non-premium version of the app does JavaScript injection for tracking
-# | and display ads.
+# | {+the user+} and [-display-] {+displaying+} ads.
#, fuzzy
#| msgid ""
#| "Injects JavaScript code into HTML pages, and also uses roughly 5 tracking "
@@ -2257,7 +2265,8 @@
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
"Fügt JavaScript-Code in HTML-Dokumente ein und nutzt ebenso etwa 5 Tracking-"
"Bibliotheken. Entwickler haben bestätigt, dass die Nicht-Premium-Version der
"
Index: proprietary/po/proprietary-surveillance.fr.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.fr.po,v
retrieving revision 1.317
retrieving revision 1.318
diff -u -b -r1.317 -r1.318
--- proprietary/po/proprietary-surveillance.fr.po 1 Oct 2018 11:16:18
-0000 1.317
+++ proprietary/po/proprietary-surveillance.fr.po 1 Oct 2018 19:58:10
-0000 1.318
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-10-01 13:15+0200\n"
"Last-Translator: Félicien Pillot <felicien AT gnu.org>\n"
"Language-Team: French <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 19:55+0000\n"
"Plural-Forms: \n"
"X-Generator: Gtranslator 2.91.5\n"
@@ -1743,9 +1744,17 @@
"fallacieuses et des pratiques abusives que ces applis leur infligent. »"
#. type: Content of: <ul><li><p>
+# | Following is a non-exhaustive [-list-] {+list, taken from the research
+# | paper,+} of {+some+} proprietary VPN apps [-from the research paper-] that
+# | [-tracks-] {+track users+} and [-infringes the privacy of users:-]
+# | {+infringe their privacy:+}
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of proprietary VPN apps from the "
+#| "research paper that tracks and infringes the privacy of users:"
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
"La liste suivante, non exhaustive, est tirée de cet article. Elle
répertorie "
"des applis VPN privatrices qui traquent les utilisateurs et portent atteinte "
@@ -1822,10 +1831,21 @@
msgstr "WiFi Protector VPN"
#. type: Content of: <ul><li><dl><dd>
+# | Injects JavaScript code into HTML pages, and also uses roughly five
+# | tracking libraries. Developers of this app have confirmed that the
+# | non-premium version of the app does JavaScript injection for tracking
+# | {+the user+} and [-display-] {+displaying+} ads.
+#, fuzzy
+#| msgid ""
+#| "Injects JavaScript code into HTML pages, and also uses roughly five "
+#| "tracking libraries. Developers of this app have confirmed that the non-"
+#| "premium version of the app does JavaScript injection for tracking and "
+#| "display ads."
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
"Injecte du code JavaScript dans les pages HTML et utilise également cinq "
"bibliothèques de pistage. Ses développeurs ont confirmé que l'injection de
"
Index: proprietary/po/proprietary-surveillance.it-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.it-diff.html,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -b -r1.71 -r1.72
--- proprietary/po/proprietary-surveillance.it-diff.html 1 Oct 2018
09:59:22 -0000 1.71
+++ proprietary/po/proprietary-surveillance.it-diff.html 1 Oct 2018
19:58:10 -0000 1.72
@@ -207,6 +207,7 @@
files</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT windows -->
<li id="M201712110">
<p>HP's proprietary operating system <a
href="http://www.bbc.com/news/technology-42309371">includes a
@@ -223,11 +224,11 @@
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
by force setting the telemetry mode to
“Full”</a>.</p>
- <p>The</em></ins></span> <a <span
class="removed"><del><strong>href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can</strong></del></span>
- <span
class="inserted"><ins><em>href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
+ <p>The <a
+
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
“Full” telemetry mode</a> allows Microsoft Windows
- engineers to access, among other things, registry keys <a
- href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
+ engineers to access, among other things, registry keys</em></ins></span>
<a <span
class="removed"><del><strong>href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
can contain sensitive information like administrator's login
password</a>.</p>
</li>
@@ -307,24 +308,16 @@
<span class="inserted"><ins><em><li id="M201508180">
<p><a
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
- Intel devices will be able</em></ins></span> to <span
class="removed"><del><strong>snoop on</strong></del></span> <span
class="inserted"><ins><em>listen for speech all</em></ins></span> the <span
class="removed"><del><strong>users' files, text input, voice input,
- location info, contacts, calendar records and web browsing
- history, as well as automatically connecting the machines to open
- hotspots and showing targeted ads.</p></li>
-
- <li><p>
- <a</strong></del></span> <span class="inserted"><ins><em>time, even
+ Intel devices will be able</em></ins></span> to <span
class="removed"><del><strong>snoop on</strong></del></span> <span
class="inserted"><ins><em>listen for speech all</em></ins></span> the <span
class="removed"><del><strong>users' files,</strong></del></span> <span
class="inserted"><ins><em>time, even
when “off.”</a></p>
</li>
<li id="M201508130">
- <p><a</em></ins></span>
+ <p><a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
Windows 10 sends identifiable information to Microsoft</a>, even if
a user turns off its Bing search and Cortana features, and activates
- the privacy-protection <span
class="removed"><del><strong>settings.</p></li>
-
- <li><p></strong></del></span> <span
class="inserted"><ins><em>settings.</p>
+ the privacy-protection settings.</p>
</li>
<li id="M201507300">
@@ -332,9 +325,17 @@
href="https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
ships with default settings that show no regard for the privacy of
its users</a>, giving Microsoft the “right” to snoop on
- the users' files, text input, voice input, location info, contacts,
+ the users' files,</em></ins></span> text input, voice input, location
info, contacts,
calendar records and web browsing history, as well as automatically
- connecting the machines to open hotspots and showing targeted
ads.</p>
+ connecting the machines to open hotspots and showing targeted <span
class="removed"><del><strong>ads.</p></li>
+
+ <li><p>
+ <a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
+ Windows 10 sends identifiable information to Microsoft</a>, even if a
user
+ turns off its Bing search and Cortana features, and activates the
+ privacy-protection settings.</p></li>
+
+ <li><p></strong></del></span> <span
class="inserted"><ins><em>ads.</p>
<p>We can suppose</em></ins></span> Microsoft <span
class="inserted"><ins><em>look at users' files for the US government
on demand, though the “privacy policy” does not explicitly
@@ -414,6 +415,7 @@
edited</a>. The</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT macos -->
<li id="M201809070">
<p>Adware Doctor, an ad blocker for MacOS,</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
@@ -491,11 +493,12 @@
<li></strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT bios -->
<li id="M201509220"></em></ins></span>
- <p><a <span
class="removed"><del><strong>href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90% of</strong></del></span>
+ <p><a <span
class="removed"><del><strong>href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware and spyware via
- BIOS</a> on Windows installs. Note that</em></ins></span> the <span
class="removed"><del><strong>top-ranked gratis</strong></del></span> <span
class="inserted"><ins><em>specific
+ BIOS</a> on Windows installs. Note</em></ins></span> that <span
class="removed"><del><strong>90%</strong></del></span> <span
class="inserted"><ins><em>the specific
sabotage method Lenovo used did not affect GNU/Linux; also, a
“clean” Windows install is not really clean since <a
href="/proprietary/malware-microsoft.html">Microsoft puts in its
@@ -517,11 +520,12 @@
</div>
<ul class="blurbs">
+<!-- INSERT phones -->
<li id="M201601110">
<p>The natural extension of monitoring
people through “their” phones is <a
-
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html"></em></ins></span>
- proprietary <span class="removed"><del><strong>Android apps contained
recognizable tracking libraries. For</strong></del></span> <span
class="inserted"><ins><em>software to make sure they can't “fool”
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ proprietary software to make sure they can't “fool”
the monitoring</a>.</p>
</li>
@@ -564,6 +568,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT ithings -->
<li id="M201711250">
<p>The DMCA and the EU Copyright Directive make it <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
@@ -591,15 +596,16 @@
<li id="M201611170">
<p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
- lots of personal data to Apple's servers</a>. Big Brother can get
+ lots</em></ins></span> of <span class="inserted"><ins><em>personal data to
Apple's servers</a>. Big Brother can get
them from there.</p>
</li>
<li id="M201609280">
<p>The iMessage app on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number that the user types into it</a>; the
- server records these numbers for at least 30 days.</p>
+ a server every phone number that</em></ins></span> the <span
class="removed"><del><strong>top-ranked gratis
+ proprietary Android apps contained recognizable tracking libraries.
For</strong></del></span> <span class="inserted"><ins><em>user types into
it</a>;</em></ins></span> the <span class="removed"><del><strong>paid
proprietary apps,</strong></del></span>
+ <span class="inserted"><ins><em>server records these numbers for at least
30 days.</p>
</li>
<li id="M201509240">
@@ -612,8 +618,8 @@
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
information</a> as accessed on 24 Sep 2015.) The iCloud feature is
- <a href="https://support.apple.com/en-us/HT202033">activated
by</em></ins></span> the <span class="removed"><del><strong>paid proprietary
apps,</strong></del></span>
- <span class="inserted"><ins><em>startup of iOS</a>. The term
“cloud” means “please
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means “please
don't ask where.”</p>
<p>There is a way to
@@ -627,94 +633,91 @@
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
nude photos of many celebrities</a>. They needed to break Apple's
security to get at them,</em></ins></span> but <span
class="removed"><del><strong>most</strong></del></span> <span
class="inserted"><ins><em>NSA can access any</em></ins></span> of them <span
class="removed"><del><strong>are not in fact</strong></del></span> <span
class="inserted"><ins><em>through</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>.
- It also uses the ugly word “monetize”. A good
replacement</strong></del></span>
+ It also uses</strong></del></span>
<span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
<li id="M201409220">
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones</em></ins></span> for <span
class="removed"><del><strong>that word is “exploit”; nearly always
that will fit
- perfectly.</p></strong></del></span> <span
class="inserted"><ins><em>the state</a>.</p>
+ remotely extract some data from iPhones for</em></ins></span> the <span
class="removed"><del><strong>ugly word “monetize”. A good
replacement</strong></del></span> <span
class="inserted"><ins><em>state</a>.</p>
<p>This may have improved with <a
href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
- not as much as Apple claims</a>.</p></em></ins></span>
+ not as much as Apple claims</a>.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>Apps</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201407230">
+ <li id="M201407230">
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
Several “features” of iOS seem to exist</em></ins></span>
- for <span class="removed"><del><strong>BART</strong></del></span> <span
class="inserted"><ins><em>no possible purpose other than
surveillance</a>. Here is the</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
- <p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
- <p>With proprietary apps, one can only hope that they
don't.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ for <span class="removed"><del><strong>that word</strong></del></span>
<span class="inserted"><ins><em>no possible purpose other than
surveillance</a>. Here</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always that will fit
+ perfectly.</p></strong></del></span> <span
class="inserted"><ins><em>the <a
+
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
Technical presentation</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li>
- <p>A study found 234 Android apps that track users
by</strong></del></span>
+ <p>Apps for BART</strong></del></span>
<span class="inserted"><ins><em><li id="M201401100">
- <p>The</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
- to ultrasound from beacons placed in</strong></del></span> <span
class="inserted"><ins><em>class="not-a-duplicate"
+ <p>The</em></ins></span> <a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop</strong></del></span>
<span class="inserted"><ins><em>class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets</em></ins></span> stores <span
class="removed"><del><strong>or played by TV programs</a>.
- </p></strong></del></span> <span
class="inserted"><ins><em>determine exactly where the iThing is, and
- get other info too.</p></em></ins></span>
+ iBeacon</a> lets stores determine exactly where the iThing is, and
+ get other info too.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>Pairs of Android apps can collude to transmit users'
personal</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201312300">
+ <li id="M201312300">
<p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA snoop on all the</em></ins></span> data <span
class="removed"><del><strong>to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
- tens of thousands of pairs that
collude</a>.</p></strong></del></span> <span
class="inserted"><ins><em>in an iThing, or it
- is totally incompetent</a>.</p></em></ins></span>
+ Either Apple helps the NSA snoop</em></ins></span> on <span
class="removed"><del><strong>users</a>.</p>
+ <p>With free software apps, users could <em>make
sure</em></strong></del></span> <span class="inserted"><ins><em>all the
data in an iThing, or it
+ is totally incompetent</a>.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Google Play intentionally sends app developers</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201308080">
- <p>The iThing also</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
-the personal details of users</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple its geolocation</a> by default, though</em></ins></span>
that <span class="removed"><del><strong>install the app</a>.</p>
-
-<p>Merely asking the “consent” of
users</strong></del></span> <span class="inserted"><ins><em>can be
- turned off.</p>
+ <li id="M201308080">
+ <p>The iThing also <a
+
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though</em></ins></span>
that <span class="removed"><del><strong>they don't snoop.</p>
+ <p>With proprietary apps, one</strong></del></span> can <span
class="removed"><del><strong>only hope that they
don't.</p></strong></del></span> <span class="inserted"><ins><em>be
+ turned off.</p></em></ins></span>
</li>
- <li id="M201210170">
- <p>There</em></ins></span> is <span class="removed"><del><strong>not
enough</strong></del></span> <span class="inserted"><ins><em>also a feature for
web sites</em></ins></span> to <span class="removed"><del><strong>legitimize
actions like this. At this point, most users have
-stopped reading the “Terms and Conditions” that spell out
-what they are “consenting” to. Google should clearly
-and honestly identify the information it collects on</strong></del></span>
<span class="inserted"><ins><em>track</em></ins></span> users, <span
class="removed"><del><strong>instead
-of hiding</strong></del></span> <span class="inserted"><ins><em>which is <a
-
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6,
but</em></ins></span> it <span class="inserted"><ins><em>is
- still true</em></ins></span> in <span class="inserted"><ins><em>iOS
7.)</p>
+<span class="removed"><del><strong><li>
+ <p>A study found 234 Android apps that</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201210170">
+ <p>There is also a feature for web sites to</em></ins></span> track
<span class="removed"><del><strong>users by</strong></del></span> <span
class="inserted"><ins><em>users, which is</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or
played</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled</em></ins></span> by <span class="removed"><del><strong>TV
programs</a>.
+ </p></strong></del></span> <span
class="inserted"><ins><em>default</a>. (That article talks about iOS 6,
but it is
+ still true in iOS 7.)</p></em></ins></span>
</li>
- <li id="M201204280">
- <p>Users cannot make</em></ins></span> an <span
class="removed"><del><strong>obscurely worded EULA.</p>
+<span class="removed"><del><strong><li>
+ <p>Pairs of Android apps can collude to transmit users' personal
+ data</strong></del></span>
-<p>However,</strong></del></span> <span class="inserted"><ins><em>Apple
ID (<a
+ <span class="inserted"><ins><em><li id="M201204280">
+ <p>Users cannot make an Apple ID (<a
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">
- necessary</em></ins></span> to <span class="removed"><del><strong>truly
protect people's privacy, we must prevent Google</strong></del></span> <span
class="inserted"><ins><em>install even gratis apps</a>) without giving a
valid
- email address</em></ins></span> and <span
class="removed"><del><strong>other companies from getting this personal
information in</strong></del></span> <span
class="inserted"><ins><em>receiving</em></ins></span> the <span
class="removed"><del><strong>first
-place!</p></strong></del></span> <span
class="inserted"><ins><em>verification code Apple sends
- to it.</p>
+ necessary</em></ins></span> to <span class="removed"><del><strong>servers.
<a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands of pairs that collude</a>.</p>
+</li>
+
+<li>
+<p>Google Play intentionally sends app developers <a
+href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+the personal details of users that</strong></del></span> install <span
class="inserted"><ins><em>even gratis apps</a>) without giving a valid
+ email address and receiving</em></ins></span> the <span
class="removed"><del><strong>app</a>.</p>
+
+<p>Merely asking the “consent” of users is not
enough</strong></del></span> <span class="inserted"><ins><em>verification code
Apple sends</em></ins></span>
+ to <span class="removed"><del><strong>legitimize actions like this. At
this point, most users have
+stopped reading the “Terms and Conditions” that spell out
+what they are “consenting” to.</strong></del></span> <span
class="inserted"><ins><em>it.</p>
</li>
</ul>
@@ -725,17 +728,23 @@
</div>
<ul class="blurbs">
+<!-- INSERT android -->
<li id="M201711210">
- <p>Android tracks location for Google <a
+ <p>Android tracks location for</em></ins></span> Google <span
class="removed"><del><strong>should clearly
+and honestly identify</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
- even when “location services” are turned off, even when
- the phone has no SIM card</a>.</p>
+ even when “location services” are turned off, even
when</em></ins></span>
+ the <span class="removed"><del><strong>information it collects on users,
instead</strong></del></span> <span class="inserted"><ins><em>phone has no SIM
card</a>.</p>
</li>
<li id="M201611150">
<p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
- sold with spyware sending lots of data to
China</a>.</p></em></ins></span>
+ sold with spyware sending lots</em></ins></span> of <span
class="removed"><del><strong>hiding it in an obscurely worded EULA.</p>
+
+<p>However,</strong></del></span> <span
class="inserted"><ins><em>data</em></ins></span> to <span
class="removed"><del><strong>truly protect people's privacy, we must prevent
Google
+and other companies from getting this personal information in the first
+place!</p></strong></del></span> <span
class="inserted"><ins><em>China</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li></strong></del></span>
@@ -758,10 +767,10 @@
<p>Samsung phones come with</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
behavioral</strong></del></span>
<span
class="inserted"><ins><em>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
- that users can't delete</a>,</em></ins></span> and <span
class="removed"><del><strong>location
information</a></strong></del></span> <span
class="inserted"><ins><em>they send so much data that their
- transmission is a substantial expense for users. Said transmission,
- not wanted or requested by the user, clearly must constitute
spying</em></ins></span>
- of <span class="removed"><del><strong>their users with third
parties.</p></strong></del></span> <span class="inserted"><ins><em>some
kind.</p></em></ins></span>
+ that users can't delete</a>,</em></ins></span> and <span
class="removed"><del><strong>location information</a>
of</strong></del></span> <span class="inserted"><ins><em>they send so much data
that</em></ins></span> their <span class="removed"><del><strong>users with
third parties.</p></strong></del></span>
+ <span class="inserted"><ins><em>transmission is a substantial expense for
users. Said transmission,
+ not wanted or requested by the user, clearly must constitute spying
+ of some kind.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>“Cryptic
communication,” unrelated</strong></del></span>
@@ -799,170 +808,113 @@
<span class="inserted"><ins><em><li id="M201307280">
<p>Spyware</em></ins></span> is present in some Android devices when
- they are sold. Some Motorola phones modify Android to <a <span
class="removed"><del><strong>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ they are sold. Some Motorola phones modify Android to <a
+
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
send personal data to Motorola</a>.</p>
</li>
- <li><p>Some manufacturers add a
- <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier
IQ.</a></p>
+ <span
class="removed"><del><strong><li><p>Some</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201307250">
+ <p>A Motorola phone <a
+
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
+ </li>
+
+ <li id="M201302150">
+ <p>Google Play intentionally sends app developers <a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
+
+ <p>Merely asking the “consent” of users is not enough to
+ legitimize actions like this. At this point, most users have stopped
+ reading the “Terms and Conditions” that spell out what
+ they are “consenting” to. Google should clearly and
+ honestly identify the information it collects on users, instead of
+ hiding it in an obscurely worded EULA.</p>
+
+ <p>However, to truly protect people's privacy, we must prevent Google
+ and other companies from getting this personal information in the
+ first place!</p>
+ </li>
+
+ <li id="M201111170">
+ <p>Some</em></ins></span> manufacturers add a <a
+
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier <span
class="removed"><del><strong>IQ.</a></p>
</li>
<li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access to any file on the
system.</p>
+ Samsung's back door</a> provides access to any file on the
system.</p></strong></del></span> <span
class="inserted"><ins><em>IQ</a>.</p></em></ins></span>
</li>
</ul>
-<!-- #SpywareOnMobiles -->
+<span class="removed"><del><strong><!-- #SpywareOnMobiles -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
<div class="big-section">
<h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
-<div style="clear: left;"></div>
+<div style="clear: left;"></div></strong></del></span>
<div class="big-subsection">
- <h4 id="SpywareIniThings">Spyware in iThings</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareIniThings">Spyware
in iThings</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInElectronicReaders">E-Readers</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareIniThings">#SpywareIniThings</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span></em></ins></span>
</div>
-<ul>
- <li><p>Apple proposes
- <a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
+<span class="removed"><del><strong><ul>
+ <li><p>Apple proposes</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT e-readers -->
+ <li id="M201603080">
+ <p>E-books can contain JavaScript code, and</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
— which would mean no way to use it without having your
fingerprints
- taken. Users would have no way to tell whether the phone is snooping on
- them.</p></li>
+ taken. Users would have no way to tell whether the phone is
snooping</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
+ sometimes this code snoops</em></ins></span> on
+ <span class="removed"><del><strong>them.</p></li>
<li><p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
- lots of</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send</em></ins></span> personal data to <span
class="removed"><del><strong>Apple's servers</a>. Big Brother can
- get them from there.</p></strong></del></span> <span
class="inserted"><ins><em>Motorola</a>.</p></em></ins></span>
+ lots of personal data to Apple's servers</a>. Big Brother can
+ get them from there.</p></strong></del></span> <span
class="inserted"><ins><em>readers</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>The iMessage app on
iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201307250">
- <p>A Motorola</em></ins></span> phone <span
class="removed"><del><strong>number that the user types into it</a>; the
server records these numbers</strong></del></span> <span
class="inserted"><ins><em><a
-
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens</em></ins></span> for <span class="removed"><del><strong>at least
30
- days.</p></strong></del></span> <span
class="inserted"><ins><em>voice all the
time</a>.</p></em></ins></span>
- </li>
+ a server every phone number that the user types into
it</a>;</strong></del></span>
- <span class="removed"><del><strong><li><p>Users cannot make an
Apple ID</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201302150">
- <p>Google Play intentionally sends app developers</em></ins></span>
<a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
- without giving a valid email address and receiving</strong></del></span>
- <span
class="inserted"><ins><em>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></em></ins></span>
- the <span class="removed"><del><strong>code Apple
- sends to it.</p>
+ <span class="inserted"><ins><em><li id="M201410080">
+ <p>Adobe made “Digital Editions,”</em></ins></span>
+ the <span class="removed"><del><strong>server records these numbers for at
least 30
+ days.</p>
</li>
- <li><p>Around 47%</strong></del></span> <span
class="inserted"><ins><em>personal details</em></ins></span> of <span
class="inserted"><ins><em>users that install</em></ins></span> the <span
class="removed"><del><strong>most popular iOS apps
- <a class="not-a-duplicate"
- href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral and location information</a></strong></del></span>
<span class="inserted"><ins><em>app</a>.</p>
-
- <p>Merely asking the “consent”</em></ins></span> of
<span class="removed"><del><strong>their</strong></del></span> users <span
class="removed"><del><strong>with third parties.</p>
- </li>
-
- <li><p>iThings automatically upload</strong></del></span> <span
class="inserted"><ins><em>is not enough</em></ins></span> to <span
class="removed"><del><strong>Apple's servers all</strong></del></span>
- <span class="inserted"><ins><em>legitimize actions like this. At this
point, most users have stopped
- reading</em></ins></span> the <span
class="removed"><del><strong>photos</strong></del></span> <span
class="inserted"><ins><em>“Terms</em></ins></span> and
- <span class="removed"><del><strong>videos</strong></del></span> <span
class="inserted"><ins><em>Conditions” that spell out
what</em></ins></span>
- they <span class="removed"><del><strong>make.</p>
-
- <blockquote><p>
- iCloud Photo Library stores every photo and video you take,
- and keeps them up to date on all your devices.
- Any edits you make</strong></del></span> are <span
class="removed"><del><strong>automatically updated everywhere. [...]
- </p></blockquote>
-
- <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a> as accessed on 24 Sep 2015.) The iCloud feature is
- <a href="https://support.apple.com/en-us/HT202033">activated
by</strong></del></span> <span
class="inserted"><ins><em>“consenting” to. Google should clearly
and
- honestly identify</em></ins></span> the
- <span class="removed"><del><strong>startup</strong></del></span> <span
class="inserted"><ins><em>information it collects on users,
instead</em></ins></span> of <span class="removed"><del><strong>iOS</a>.
The term “cloud” means
- “please don't ask where.”</p>
-
- <p>There is a way to <a
href="https://support.apple.com/en-us/HT201104">
- deactivate iCloud</a>, but it's active by default
so</strong></del></span>
- <span class="inserted"><ins><em>hiding</em></ins></span> it <span
class="removed"><del><strong>still counts as</strong></del></span> <span
class="inserted"><ins><em>in an obscurely worded EULA.</p>
-
- <p>However, to truly protect people's privacy, we must prevent Google
- and other companies from getting this personal information in the
- first place!</p>
- </li>
-
- <li id="M201111170">
- <p>Some manufacturers add</em></ins></span> a <span
class="inserted"><ins><em><a
-
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general</em></ins></span> surveillance <span
class="removed"><del><strong>functionality.</p>
-
- <p>Unknown people apparently took advantage of</strong></del></span>
<span class="inserted"><ins><em>package such as Carrier IQ</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">E-Readers</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
-</div>
-
-<ul class="blurbs">
- <li id="M201603080">
- <p>E-books can contain JavaScript code, and <a
-
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
- sometimes</em></ins></span> this <span
class="removed"><del><strong>to</strong></del></span> <span
class="inserted"><ins><em>code snoops on readers</a>.</p>
- </li>
-
- <li id="M201410080">
- <p>Adobe made “Digital Editions,”
- the e-reader used by most US libraries,</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos</strong></del></span>
+ <li><p>Users cannot make an Apple ID</strong></del></span> <span
class="inserted"><ins><em>e-reader used by most US libraries,</em></ins></span>
<a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
- send lots</em></ins></span> of <span class="removed"><del><strong>many
celebrities</a>. They needed</strong></del></span> <span
class="inserted"><ins><em>data</em></ins></span> to <span
class="removed"><del><strong>break Apple's
- security</strong></del></span> <span
class="inserted"><ins><em>Adobe</a>. Adobe's “excuse”: it's
- needed</em></ins></span> to <span class="removed"><del><strong>get at
them, but NSA can access any of them through</strong></del></span> <span
class="inserted"><ins><em>check DRM!</p>
+ send lots of data</em></ins></span> to <span
class="removed"><del><strong>install even gratis apps)</a>
+ without giving a valid email address and receiving the code Apple
+ sends</strong></del></span> <span
class="inserted"><ins><em>Adobe</a>. Adobe's “excuse”: it's
+ needed</em></ins></span> to <span
class="removed"><del><strong>it.</p></strong></del></span> <span
class="inserted"><ins><em>check DRM!</p></em></ins></span>
</li>
- <li id="M201212031">
- <p>The Electronic Frontier Foundation has examined and
found</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
- </p></li>
-
- <li><p>Spyware</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">various
- kinds of surveillance</em></ins></span> in <span
class="removed"><del><strong>iThings:
- the <a class="not-a-duplicate"
-
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly
where</strong></del></span> the <span class="removed"><del><strong>iThing
is,</strong></del></span> <span
class="inserted"><ins><em>Swindle</em></ins></span> and <span
class="removed"><del><strong>get</strong></del></span> other <span
class="removed"><del><strong>info too.</p></strong></del></span> <span
class="inserted"><ins><em>e-readers</a>.</p></em></ins></span>
- </li>
-
- <span class="removed"><del><strong><li><p>There is also a
feature for web sites to track users, which is
- <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6, but it
- is still true</strong></del></span>
+ <span class="removed"><del><strong><li><p>Around
47%</strong></del></span>
- <span class="inserted"><ins><em><li id="M201212030">
- <p>Spyware</em></ins></span> in <span
class="removed"><del><strong>iOS 7.)</p>
+ <span class="inserted"><ins><em><li id="M201212031">
+ <p>The Electronic Frontier Foundation has examined and found <a
+ href="https://www.eff.org/pages/reader-privacy-chart-2012">various
+ kinds</em></ins></span> of <span class="inserted"><ins><em>surveillance
in</em></ins></span> the <span class="removed"><del><strong>most popular
iOS</strong></del></span> <span class="inserted"><ins><em>Swindle and other
e-readers</a>.</p>
</li>
- <li><p>The iThing also</strong></del></span> <span
class="inserted"><ins><em>many e-readers—not only the
Kindle:</em></ins></span> <a
-<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple its geolocation</a> by default, though that can be
- turned off.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">
they
- report even which page the user reads at what
time</a>.</p></em></ins></span>
+ <li id="M201212030">
+ <p>Spyware in many e-readers—not only the Kindle: <a
+ href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
+ report even which page the user reads at what time</a>.</p>
</li>
-
- <span class="removed"><del><strong><li><p>Apple can, and
regularly does,</strong></del></span>
-<span class="inserted"><ins><em></ul>
+</ul>
@@ -978,94 +930,123 @@
</div>
<ul class="blurbs">
+<!-- INSERT apps -->
<li id="M201808030">
- <p>Some Google apps on Android</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones for</strong></del></span>
+ <p>Some Google</em></ins></span> apps <span
class="inserted"><ins><em>on Android</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
+ href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
- record</em></ins></span> the <span
class="removed"><del><strong>state</a>.</p></strong></del></span>
<span class="inserted"><ins><em>user's location even when users disable
“location
+ record the user's</em></ins></span> location <span
class="removed"><del><strong>information</a></strong></del></span> <span
class="inserted"><ins><em>even when users disable “location
tracking”</a>.</p>
- <p>There are other ways to turn off the other kinds of location
- tracking, but most users will be tricked by the misleading
control.</p></em></ins></span>
+ <p>There are other ways to turn off the other
kinds</em></ins></span> of <span
class="removed"><del><strong>their</strong></del></span> <span
class="inserted"><ins><em>location
+ tracking, but most</em></ins></span> users <span
class="removed"><del><strong>with third
parties.</p></strong></del></span> <span class="inserted"><ins><em>will
be tricked by the misleading control.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps</strong></del></span>
+ <span class="removed"><del><strong><li><p>iThings automatically
upload to Apple's servers all</strong></del></span>
<span class="inserted"><ins><em><li id="M201806110">
<p>The Spanish football streaming app <a
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks</em></ins></span>
- the <span class="removed"><del><strong>NSA snoop on
all</strong></del></span> <span class="inserted"><ins><em>user's movements and
listens through</em></ins></span> the <span class="removed"><del><strong>data
in an iThing,
- or</strong></del></span> <span
class="inserted"><ins><em>microphone</a>.</p>
+ the <span class="removed"><del><strong>photos and
+ videos they make.</p>
- <p>This makes them act as spies for licensing enforcement.</p>
+ <blockquote><p>
+ iCloud Photo Library stores every photo and video you
take,</strong></del></span> <span class="inserted"><ins><em>user's
movements</em></ins></span> and <span
class="removed"><del><strong>keeps</strong></del></span> <span
class="inserted"><ins><em>listens through the microphone</a>.</p>
- <p>I expect</em></ins></span> it <span
class="inserted"><ins><em>implements DRM, too—that
there</em></ins></span> is <span class="removed"><del><strong>totally
incompetent.</a></p>
- </li>
+ <p>This makes</em></ins></span> them <span
class="removed"><del><strong>up to date on all your devices.
+ Any edits you make are automatically updated everywhere. [...]
+ </p></blockquote>
- <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features” of iOS seem to exist
for</strong></del></span> no
- <span class="removed"><del><strong>possible purpose other than
surveillance</a>. Here is</strong></del></span> <span
class="inserted"><ins><em>way to save
- a recording. But I can't be sure from</em></ins></span> the
- <span class="removed"><del><strong><a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p>
- </li>
-</ul>
+ <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a></strong></del></span> <span
class="inserted"><ins><em>act</em></ins></span> as <span
class="removed"><del><strong>accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means
+ “please don't ask where.”</p>
+ <p>There</strong></del></span> <span class="inserted"><ins><em>spies
for licensing enforcement.</p>
-<div class="big-subsection">
- <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
-</div>
+ <p>I expect it implements DRM, too—that
there</em></ins></span> is <span
class="removed"><del><strong>a</strong></del></span> <span
class="inserted"><ins><em>no</em></ins></span> way to <span
class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active by default so it still
counts as</strong></del></span> <span
class="inserted"><ins><em>save</em></ins></span>
+ a
+ <span class="removed"><del><strong>surveillance functionality.</p>
-<ul>
- <li><p>According</strong></del></span> <span
class="inserted"><ins><em>article.</p>
+ <p>Unknown people apparently took advantage of
this</strong></del></span> <span class="inserted"><ins><em>recording. But I
can't be sure from the article.</p>
- <p>If you learn</em></ins></span> to <span
class="removed"><del><strong>Edward Snowden,</strong></del></span> <span
class="inserted"><ins><em>care much less about sports, you will benefit in
+ <p>If you learn</em></ins></span> to <span
class="inserted"><ins><em>care much less about sports, you will benefit in
many ways. This is one more.</p>
</li>
<li id="M201804160">
- <p>More than</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
- of the 5,855 Android apps studied</em></ins></span> by <span
class="removed"><del><strong>sending hidden text messages which enable
them</strong></del></span> <span class="inserted"><ins><em>researchers were
found</em></ins></span> to <span
class="removed"><del><strong>turn</strong></del></span> <span
class="inserted"><ins><em>snoop
- and collect information about its users</a>. 40%
of</em></ins></span> the <span
class="removed"><del><strong>phones</strong></del></span> <span
class="inserted"><ins><em>apps were
- found to insecurely snitch</em></ins></span> on <span
class="inserted"><ins><em>its users. Furthermore, they could
- detect only some methods of snooping, in these proprietary apps whose
- source code they cannot look at. The other apps might be snooping
+ <p>More than</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%</em></ins></span>
+ of <span class="removed"><del><strong>many celebrities</a>. They
needed</strong></del></span> <span class="inserted"><ins><em>the 5,855 Android
apps studied by researchers were found</em></ins></span> to <span
class="removed"><del><strong>break Apple's
+ security</strong></del></span> <span class="inserted"><ins><em>snoop
+ and collect information about its users</a>. 40% of the apps were
+ found</em></ins></span> to <span class="removed"><del><strong>get at them,
but NSA can access any</strong></del></span> <span
class="inserted"><ins><em>insecurely snitch on its users. Furthermore, they
could
+ detect only some methods</em></ins></span> of <span
class="removed"><del><strong>them through
+ <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
+ </p></li>
+
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>snooping,</em></ins></span> in <span
class="removed"><del><strong>iThings:
+ the <a class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly where the iThing is,
+ and get</strong></del></span> <span class="inserted"><ins><em>these
proprietary apps whose
+ source code they cannot look at. The</em></ins></span> other <span
class="removed"><del><strong>info too.</p>
+ </li>
+
+ <li><p>There</strong></del></span> <span
class="inserted"><ins><em>apps might be snooping
in other ways.</p>
- <p>This is evidence that proprietary apps generally work against
- their users. To protect their privacy</em></ins></span> and <span
class="removed"><del><strong>off, listen</strong></del></span> <span
class="inserted"><ins><em>freedom, Android users
- need</em></ins></span> to <span class="inserted"><ins><em>get rid
of</em></ins></span> the <span class="removed"><del><strong>microphone,
retrieve geo-location data from the
- GPS, take photographs, read text messages, read call, location and web
- browsing history,</strong></del></span> <span
class="inserted"><ins><em>proprietary software—both proprietary
- Android by <a href="https://replicant.us">switching to
Replicant</a>,</em></ins></span>
- and <span class="removed"><del><strong>read</strong></del></span> the
<span class="removed"><del><strong>contact list. This malware is designed to
- disguise itself</strong></del></span> <span
class="inserted"><ins><em>proprietary apps by getting apps</em></ins></span>
from <span class="removed"><del><strong>investigation.</p>
- </li>
-
- <li><p>Samsung phones come with</strong></del></span> <span
class="inserted"><ins><em>the free software
- only</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps</strong></del></span>
<span class="inserted"><ins><em>href="https://f-droid.org/">F-Droid
store</a></em></ins></span> that <span class="inserted"><ins><em><a
- href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
- the user if an app contains anti-features</a>.</p>
+ <p>This</em></ins></span> is <span class="removed"><del><strong>also
a feature for web sites</strong></del></span> <span
class="inserted"><ins><em>evidence that proprietary apps generally work against
+ their users. To protect their privacy and freedom, Android users
+ need</em></ins></span> to <span class="removed"><del><strong>track users,
which is
+ <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled</strong></del></span> <span class="inserted"><ins><em>get rid of
the proprietary software—both proprietary
+ Android</em></ins></span> by <span
class="removed"><del><strong>default</a>. (That article talks about iOS
6, but it
+ is still true in iOS 7.)</p>
+ </li>
+
+ <li><p>The iThing also</strong></del></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
+ </li>
+
+ <li><p>Apple can,</strong></del></span> <span
class="inserted"><ins><em>href="https://replicant.us">switching to
Replicant</a>,</em></ins></span>
+ and <span class="removed"><del><strong>regularly does,
+ <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for</strong></del></span> the
<span class="removed"><del><strong>state</a>.</p>
</li>
- <li id="M201804020">
+ <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps</strong></del></span> <span
class="inserted"><ins><em>proprietary apps by getting apps
from</em></ins></span> the <span class="removed"><del><strong>NSA snoop on
all</strong></del></span> <span class="inserted"><ins><em>free software
+ only <a href="https://f-droid.org/">F-Droid store</a> that
<a
+ href="https://f-droid.org/wiki/page/Antifeatures"> prominently
warns</em></ins></span>
+ the <span class="removed"><del><strong>data in</strong></del></span> <span
class="inserted"><ins><em>user if</em></ins></span> an <span
class="removed"><del><strong>iThing,
+ or it is totally incompetent.</a></p></strong></del></span>
<span class="inserted"><ins><em>app contains
anti-features</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features” of iOS seem</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804020">
<p>Grindr collects information about <a
href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
- which</em></ins></span> users <span class="removed"><del><strong>can't
delete</a>,
- and they send</strong></del></span> <span class="inserted"><ins><em>are
HIV-positive, then provides the information to
- companies</a>.</p>
-
- <p>Grindr should not have</em></ins></span> so much <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>information about its users.
- It could be designed so</em></ins></span> that <span
class="removed"><del><strong>their transmission</strong></del></span> <span
class="inserted"><ins><em>users communicate such info to each
- other but not to the server's database.</p>
+ which users are HIV-positive, then provides the
information</em></ins></span> to <span class="removed"><del><strong>exist for no
+ possible purpose</strong></del></span>
+ <span class="inserted"><ins><em>companies</a>.</p>
+
+ <p>Grindr should not have so much information about its users.
+ It could be designed so that users communicate such info to
each</em></ins></span>
+ other <span class="inserted"><ins><em>but not to the server's
database.</p>
</li>
<li id="M201803050">
<p>The moviepass app and dis-service
- spy on users even more than users expected. It <a
+ spy on users even more</em></ins></span> than <span
class="removed"><del><strong>surveillance</a>.
Here</strong></del></span> <span class="inserted"><ins><em>users expected. It
<a
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
where they travel before and after going to a movie</a>.</p>
@@ -1074,131 +1055,150 @@
<li id="M201711240">
<p>Tracking software in popular Android apps</em></ins></span>
- is <span class="inserted"><ins><em>pervasive and sometimes very clever.
Some trackers can <a
-
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
- follow</em></ins></span> a
- <span class="removed"><del><strong>substantial expense for users. Said
transmission, not wanted or
- requested</strong></del></span> <span class="inserted"><ins><em>user's
movements around a physical store</em></ins></span> by <span
class="removed"><del><strong>the user, clearly must constitute spying of some
- kind.</p></li>
-
- <li><p>A Motorola phone</strong></del></span> <span
class="inserted"><ins><em>noticing WiFi
- networks</a>.</p>
+ is <span class="removed"><del><strong>the</strong></del></span> <span
class="inserted"><ins><em>pervasive and sometimes very clever. Some trackers
can</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
+ follow a user's movements around a physical store by noticing WiFi
+ networks</a>.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTelephones">Spyware</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201708270">
+ <p>The Sarahah app <a
+
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers and email addresses</a></em></ins></span>
in <span class="removed"><del><strong>Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
+</div>
- <li id="M201708270">
- <p>The Sarahah app</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
- uploads</em></ins></span> all <span class="inserted"><ins><em>phone
numbers and email addresses</a> in user's address
- book to developer's server. Note that this article
misuses</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
<span class="inserted"><ins><em>words
+<ul>
+ <li><p>According</strong></del></span> <span
class="inserted"><ins><em>user's address
+ book</em></ins></span> to <span class="removed"><del><strong>Edward
Snowden,</strong></del></span> <span class="inserted"><ins><em>developer's
server. Note that this article misuses the words
“<a href="/philosophy/free-sw.html">free
software</a>”
- referring to zero price.</p></em></ins></span>
+ referring to zero price.</p>
</li>
- <span class="removed"><del><strong><li><p>Spyware
in</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201707270">
- <p>20 dishonest</em></ins></span> Android <span
class="removed"><del><strong>phones (and Windows? laptops): The Wall
- Street Journal (in an article blocked from us by a paywall)
- reports that</strong></del></span> <span class="inserted"><ins><em>apps
recorded</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
- the FBI can remotely activate the GPS</strong></del></span>
+ <li id="M201707270">
+ <p>20 dishonest Android apps recorded</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
+ by sending hidden</strong></del></span>
<span
class="inserted"><ins><em>href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
- calls</em></ins></span> and <span class="removed"><del><strong>microphone
in Android
- phones</strong></del></span> <span class="inserted"><ins><em>sent
them</em></ins></span> and <span class="removed"><del><strong>laptops</a>.
- (I suspect this means Windows laptops.) Here is
- <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
- </li>
-
- <li><p>Portable phones with GPS will send their GPS
location</strong></del></span> <span class="inserted"><ins><em>text messages
and emails to snoopers</a>.</p>
-
- <p>Google did not intend to make these apps spy;</em></ins></span> on
- <span class="removed"><del><strong>remote command</strong></del></span>
<span class="inserted"><ins><em>the contrary, it
- worked in various ways to prevent that,</em></ins></span> and <span
class="removed"><del><strong>users</strong></del></span> <span
class="inserted"><ins><em>deleted these apps after
- discovering what they did. So we</em></ins></span> cannot <span
class="removed"><del><strong>stop them:</strong></del></span> <span
class="inserted"><ins><em>blame Google specifically
- for the snooping of these apps.</p>
-
- <p>On the other hand, Google redistributes nonfree Android apps, and
- therefore shares in the responsibility for the injustice of their being
- nonfree. It also distributes its own nonfree apps, such as Google
Play,</em></ins></span>
- <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
-
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
- (The US says it will eventually require all new portable phones
- to</strong></del></span> <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
- are malicious</a>.</p>
+ calls and sent them and</em></ins></span> text messages <span
class="removed"><del><strong>which enable them</strong></del></span> <span
class="inserted"><ins><em>and emails</em></ins></span> to <span
class="removed"><del><strong>turn the phones</strong></del></span> <span
class="inserted"><ins><em>snoopers</a>.</p>
- <p>Could Google</em></ins></span> have <span
class="removed"><del><strong>GPS.)</p>
- </li>
+ <p>Google did not intend to make these apps spy;</em></ins></span>
on <span class="removed"><del><strong>and off, listen</strong></del></span>
<span class="inserted"><ins><em>the contrary, it
+ worked in various ways</em></ins></span> to <span
class="inserted"><ins><em>prevent that, and deleted these apps after
+ discovering what they did. So we cannot blame Google specifically
+ for</em></ins></span> the <span class="removed"><del><strong>microphone,
retrieve geo-location data from</strong></del></span> <span
class="inserted"><ins><em>snooping of these apps.</p>
+
+ <p>On</em></ins></span> the
+ <span class="removed"><del><strong>GPS, take photographs, read text
messages, read call, location and web
+ browsing history,</strong></del></span> <span
class="inserted"><ins><em>other hand, Google redistributes nonfree Android
apps,</em></ins></span> and <span
class="removed"><del><strong>read</strong></del></span>
+ <span class="inserted"><ins><em>therefore shares in</em></ins></span> the
<span class="removed"><del><strong>contact list. This
malware</strong></del></span> <span class="inserted"><ins><em>responsibility
for the injustice of their being
+ nonfree. It also distributes its own nonfree apps, such as Google Play,
+ <a href="/philosophy/free-software-even-more-important.html">which
+ are malicious</a>.</p>
- <li><p>The nonfree Snapchat app's principal
purpose</strong></del></span> <span class="inserted"><ins><em>done a better job
of preventing apps from
- cheating? There</em></ins></span> is <span class="inserted"><ins><em>no
systematic way for Google, or Android users,
- to inspect executable proprietary apps to see what they do.</p>
-
- <p>Google could demand the source code for these apps, and study
- the source code somehow to determine whether they mistreat users in
- various ways. If it did a good job of this, it could more or less
- prevent such snooping, except when the app developers are clever
- enough</em></ins></span> to <span
class="removed"><del><strong>restrict</strong></del></span> <span
class="inserted"><ins><em>outsmart</em></ins></span> the <span
class="removed"><del><strong>use</strong></del></span> <span
class="inserted"><ins><em>checking.</p>
+ <p>Could Google have done a better job of preventing apps from
+ cheating? There</em></ins></span> is <span
class="removed"><del><strong>designed</strong></del></span> <span
class="inserted"><ins><em>no systematic way for Google, or Android
users,</em></ins></span>
+ to
+ <span class="removed"><del><strong>disguise itself from
investigation.</p>
+ </li>
+
+ <li><p>Samsung phones come with
+ <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,</strong></del></span> <span
class="inserted"><ins><em>inspect executable proprietary apps to see what they
do.</p>
+
+ <p>Google could demand the source code for these
apps,</em></ins></span> and <span class="inserted"><ins><em>study
+ the source code somehow to determine whether</em></ins></span> they <span
class="removed"><del><strong>send so much data that their transmission
is</strong></del></span> <span class="inserted"><ins><em>mistreat users in
+ various ways. If it did</em></ins></span> a
+ <span class="removed"><del><strong>substantial expense for users. Said
transmission, not wanted</strong></del></span> <span
class="inserted"><ins><em>good job of this, it could more</em></ins></span> or
+ <span class="removed"><del><strong>requested by</strong></del></span>
<span class="inserted"><ins><em>less
+ prevent such snooping, except when</em></ins></span> the <span
class="removed"><del><strong>user, clearly</strong></del></span> <span
class="inserted"><ins><em>app developers are clever
+ enough to outsmart the checking.</p>
<p>But since Google itself develops malicious apps, we cannot trust
- Google to protect us. We must demand release</em></ins></span> of <span
class="removed"><del><strong>data on the user's computer, but it does
surveillance
- too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries</strong></del></span> <span class="inserted"><ins><em>source
code</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> the <span
class="removed"><del><strong>user's list of other people's phone
- numbers.</a></p></strong></del></span>
+ Google to protect us. We</em></ins></span> must <span
class="removed"><del><strong>constitute spying</strong></del></span> <span
class="inserted"><ins><em>demand release</em></ins></span> of <span
class="removed"><del><strong>some
+ kind.</p></li>
+
+ <li><p>A Motorola phone
+ <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all</strong></del></span> <span
class="inserted"><ins><em>source code to</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
<span class="inserted"><ins><em>public, so we can depend on each
other.</p></em></ins></span>
</li>
-<span class="removed"><del><strong></ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInMobileApps">Spyware</strong></del></span>
+ <span class="removed"><del><strong><li><p>Spyware in Android
phones (and Windows? laptops): The Wall
+ Street Journal (in an article blocked from us by a paywall)
+ reports that</strong></del></span>
<span class="inserted"><ins><em><li id="M201705230">
- <p>Apps for BART <a
-
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
+ <p>Apps for BART</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
<p>With free software apps, users could <em>make
sure</em> that they
don't snoop.</p>
- <p>With proprietary apps, one can only hope that they
don't.</p>
+ <p>With proprietary apps, one</em></ins></span> can <span
class="removed"><del><strong>remotely activate the GPS and microphone
in</strong></del></span> <span class="inserted"><ins><em>only hope that they
don't.</p>
</li>
<li id="M201705040">
- <p>A study found 234 Android apps that track users by <a
-
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
- to ultrasound from beacons placed</em></ins></span> in <span
class="removed"><del><strong>Mobile Applications</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
-</div>
-
-<ul>
- <li></strong></del></span> <span class="inserted"><ins><em>stores or
played by TV
- programs</a>.</p>
+ <p>A study found 234</em></ins></span> Android
+ <span class="removed"><del><strong>phones and laptops</a>.
+ (I suspect this means Windows laptops.) Here is</strong></del></span>
<span class="inserted"><ins><em>apps that track users by</em></ins></span>
<a <span
class="removed"><del><strong>href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or played by TV
+ programs</a>.</p></em></ins></span>
</li>
- <li id="M201704260"></em></ins></span>
- <p>Faceapp appears to do lots of surveillance, judging by <a
-
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access it demands to personal data in the <span
class="removed"><del><strong>device</a>.
- </p></strong></del></span> <span
class="inserted"><ins><em>device</a>.</p>
+ <span class="removed"><del><strong><li><p>Portable phones with
GPS will send their GPS location on
+ remote command and users cannot stop them:</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704260">
+ <p>Faceapp appears to do lots of surveillance, judging
by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access</em></ins></span> it <span
class="removed"><del><strong>will eventually require all new portable
phones</strong></del></span> <span
class="inserted"><ins><em>demands</em></ins></span> to <span
class="removed"><del><strong>have GPS.)</p></strong></del></span> <span
class="inserted"><ins><em>personal data in the
device</a>.</p></em></ins></span>
</li>
- <li id="M201704190">
+ <span class="removed"><del><strong><li><p>The nonfree Snapchat
app's principal purpose is</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704190">
<p>Users are suing Bose for <a
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
distributing a spyware app for its headphones</a>. Specifically,
- the app would record the names of the audio files users listen to
- along with the headphone's unique serial number.</p>
+ the app would record the names of the audio files users
listen</em></ins></span> to <span
class="removed"><del><strong>restrict</strong></del></span>
+ <span class="inserted"><ins><em>along with</em></ins></span> the <span
class="removed"><del><strong>use</strong></del></span> <span
class="inserted"><ins><em>headphone's unique serial number.</p>
<p>The suit accuses that this was done without the users' consent.
- If the fine print of the app said that users gave consent for this,
- would that make it acceptable? No way! It should be flat out <a
- href="/philosophy/surveillance-vs-democracy.html"> illegal to design
- the app to snoop at all</a>.</p>
+ If the fine print</em></ins></span> of <span
class="removed"><del><strong>data on</strong></del></span> the <span
class="removed"><del><strong>user's computer, but it does surveillance
+ too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"></strong></del></span>
<span class="inserted"><ins><em>app said that users gave consent for this,
+ would that make</em></ins></span> it <span
class="removed"><del><strong>tries</strong></del></span> <span
class="inserted"><ins><em>acceptable? No way! It should be flat out <a
+ href="/philosophy/surveillance-vs-democracy.html">
illegal</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>design</em></ins></span>
+ the <span class="removed"><del><strong>user's list of other people's phone
+ numbers.</a></p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
+</div>
+
+<ul>
+ <li>
+ <p>Faceapp appears</strong></del></span> <span
class="inserted"><ins><em>app</em></ins></span> to <span
class="removed"><del><strong>do lots</strong></del></span> <span
class="inserted"><ins><em>snoop at all</a>.</p>
</li>
<li id="M201704074">
- <p>Pairs of Android apps can collude
- to transmit users' personal data to servers. <a
+ <p>Pairs</em></ins></span> of <span
class="removed"><del><strong>surveillance, judging by
+ <a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access it demands</strong></del></span> <span
class="inserted"><ins><em>Android apps can collude</em></ins></span>
+ to <span class="inserted"><ins><em>transmit users'</em></ins></span>
personal data <span class="removed"><del><strong>in the device</a>.
+ </p></strong></del></span> <span
class="inserted"><ins><em>to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found tens of thousands of pairs that
collude</a>.</p></em></ins></span>
</li>
@@ -1226,7 +1226,7 @@
<span class="inserted"><ins><em><li id="M201701210">
<p>The</em></ins></span> Meitu photo-editing app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- <span class="removed"><del><strong>user data to a Chinese
company</a>.</p></li>
+ user data to a Chinese <span
class="removed"><del><strong>company</a>.</p></li>
<li><p>A pregnancy test controller application not only
can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
@@ -1234,8 +1234,7 @@
alter them too</a>.
</p></li>
- <li><p>The</strong></del></span>
- <span class="inserted"><ins><em>user data to a Chinese
company</a>.</p>
+ <li><p>The</strong></del></span> <span
class="inserted"><ins><em>company</a>.</p>
</li>
<li id="M201611280">
@@ -1248,23 +1247,31 @@
massive surveillance.</p>
</li>
- <span
class="removed"><del><strong><li><p>Google's</strong></del></span>
+ <span class="removed"><del><strong><li><p>Google's new voice
messaging app</strong></del></span>
<span class="inserted"><ins><em><li id="M201611160">
- <p>A <a
-
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
- research paper</a> that investigated the privacy and security of
+ <p>A</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p>
+ </li>
+
+ <li><p>Apps</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a></em></ins></span> that <span
class="removed"><del><strong>include
+ <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio</strong></del></span>
<span class="inserted"><ins><em>investigated the privacy</em></ins></span> and
<span class="removed"><del><strong>TV programs
+ are playing nearby</a>. Also on what</strong></del></span> <span
class="inserted"><ins><em>security of
283 Android VPN apps concluded that “in spite of the promises
for privacy, security, and anonymity given by the majority of VPN
- apps—millions of users may be unawarely subject to poor security
+ apps—millions of</em></ins></span> users <span
class="removed"><del><strong>post on various sites</strong></del></span> <span
class="inserted"><ins><em>may be unawarely subject to poor security
guarantees and abusive practices inflicted by VPN apps.”</p>
- <p>Following is a non-exhaustive list of proprietary VPN apps from
- the research paper that tracks and infringes the privacy of
users:</p>
+ <p>Following is a non-exhaustive list, taken from the research paper,
+ of some proprietary VPN apps that track users and infringe their
+ privacy:</p>
<dl>
<dt>SurfEasy</dt>
- <dd>Includes tracking libraries such as NativeX and Appflood,
+ <dd>Includes tracking libraries</em></ins></span> such as <span
class="removed"><del><strong>Facebook, Google+</strong></del></span> <span
class="inserted"><ins><em>NativeX</em></ins></span> and <span
class="removed"><del><strong>Twitter.</p></strong></del></span> <span
class="inserted"><ins><em>Appflood,
meant to track users and show them targeted ads.</dd>
<dt>sFly Network Booster</dt>
@@ -1291,20 +1298,22 @@
<dd>Injects JavaScript code into HTML pages, and also uses roughly
five tracking libraries. Developers of this app have confirmed that
the non-premium version of the app does JavaScript injection for
- tracking and display ads.</dd>
+ tracking the user and displaying ads.</dd>
</dl>
</li>
<li id="M201609210">
- <p>Google's</em></ins></span> new voice messaging app <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
- all conversations</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
- all conversations</a>.</p>
+ <p>Google's new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p></em></ins></span>
</li>
- <li id="M201606050">
- <p>Facebook's new Magic Photo app <a
-
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
+ <span
class="removed"><del><strong><li><p>Facebook's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201606050">
+ <p>Facebook's</em></ins></span> new Magic Photo app <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"></em></ins></span>
scans your mobile phone's photo collections for known faces</a>,
and suggests you to share the picture you take according to who is
in the frame.</p>
@@ -1318,7 +1327,9 @@
even if the user didn't “upload” them to the service.</p>
</li>
- <li id="M201605310">
+ <span
class="removed"><del><strong><li><p>Like</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201605310">
<p>Facebook's app listens all the time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop on what people are listening to or watching</a>. In addition,
@@ -1330,60 +1341,41 @@
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
spy on many sorts of data in the phone, and in server accounts,
- it can alter them too</a>.</p></em></ins></span>
+ it can alter them too</a>.</p>
</li>
- <span
class="removed"><del><strong><li><p>Apps</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201601130">
- <p>Apps</em></ins></span> that include <a
+ <li id="M201601130">
+ <p>Apps that include <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
Symphony surveillance software snoop on what radio and TV programs
are playing nearby</a>. Also on what users post on various sites
such as Facebook, Google+ and Twitter.</p>
</li>
- <span class="removed"><del><strong><li><p>Facebook's new Magic
Photo app
- <a
-href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
-scans your mobile phone's photo collections for known faces</a>,
- and suggests you</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201511190">
+ <li id="M201511190">
<p>“Cryptic communication,”
- unrelated</em></ins></span> to <span
class="removed"><del><strong>share</strong></del></span> the <span
class="removed"><del><strong>picture you take according to who
- is</strong></del></span> <span class="inserted"><ins><em>app's
functionality, was <a
+ unrelated to the app's functionality, was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found</em></ins></span> in the <span
class="removed"><del><strong>frame.</p>
-
- <p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures</strong></del></span>
<span class="inserted"><ins><em>500 most popular gratis Android
apps</a>.</p>
+ found in the 500 most popular gratis Android apps</a>.</p>
<p>The article should not have described these apps as
- “free”—they</em></ins></span> are <span
class="removed"><del><strong>likely</strong></del></span> <span
class="inserted"><ins><em>not free software. The clear way</em></ins></span>
- to <span class="removed"><del><strong>be
- sent across</strong></del></span> <span class="inserted"><ins><em>say
“zero price” is “gratis.”</p>
+ “free”—they are not free software. The clear way
+ to say “zero price” is “gratis.”</p>
- <p>The article takes for granted that</em></ins></span> the <span
class="removed"><del><strong>wire</strong></del></span> <span
class="inserted"><ins><em>usual analytics tools are
- legitimate, but is that valid? Software developers have no
right</em></ins></span> to <span class="removed"><del><strong>Facebook's
servers</strong></del></span>
- <span class="inserted"><ins><em>analyze what users are doing or how.
“Analytics” tools
+ <p>The article takes for granted that the usual analytics tools are
+ legitimate, but is that valid? Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools
that snoop are just as wrong as any other snooping.</p>
</li>
<li id="M201510300">
- <p>More than 73%</em></ins></span> and <span
class="removed"><del><strong>face-recognition
- algorithms.</p>
-
- <p>If so, none</strong></del></span> <span
class="inserted"><ins><em>47%</em></ins></span> of <span
class="removed"><del><strong>Facebook users' pictures are private
- anymore, even if the user didn't “upload” them to the
service.</p></strong></del></span> <span class="inserted"><ins><em>mobile
applications, from Android and iOS
+ <p>More than 73% and 47% of mobile applications, from Android and iOS
respectively <a href="https://techscience.org/a/2015103001/">share
personal, behavioral and location information</a> of their users with
- third parties.</p></em></ins></span>
+ third parties.</p>
</li>
- <span
class="removed"><del><strong><li><p>Like</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201508210">
+ <li id="M201508210">
<p>Like</em></ins></span> most “music screaming”
disservices, Spotify is
based on proprietary malware (DRM and snooping). In August 2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
@@ -1477,25 +1469,25 @@
approve sending personal data to the app developer but did not ask
about sending it to other companies. This shows the weakness of
the reject-it-if-you-dislike-snooping “solution” to
- surveillance: why should a <span class="removed"><del><strong>flashlight
- app send any</strong></del></span> <span
class="inserted"><ins><em>flashlight app send any information to
+ surveillance: why should a flashlight app send any information to
anyone? A free software flashlight app would not.</p>
</li>
- <li id="M201212100">
+ <span class="inserted"><ins><em><li id="M201212100">
<p>FTC says most mobile apps for children don't respect privacy:
<a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
- </li>
+ </li></em></ins></span>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInSkype">Skype</h4>
+ <h4 <span class="removed"><del><strong>id="SpywareInGames">Spyware in
Games</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInSkype">Skype</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>
<ul class="blurbs">
+<!-- INSERT skype -->
<li id="M201307110">
<p>Skype contains <a
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
@@ -1507,11 +1499,15 @@
<div class="big-subsection">
- <h4 id="SpywareInGames">Games</h4>
+ <h4 id="SpywareInGames">Games</h4></em></ins></span>
<span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+ <li><p>nVidia's</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT games -->
<li id="M201806240">
<p>Red Shell is a spyware that
is found in many proprietary games. It <a
@@ -1529,42 +1525,60 @@
<li id="M201711070">
<p>The driver for a certain gaming keyboard <a
-
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends</em></ins></span>
- information to <span class="removed"><del><strong>anyone? A free software
flashlight
- app would not.</p></strong></del></span> <span
class="inserted"><ins><em>China</a>.</p></em></ins></span>
+
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
+ information to China</a>.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInGames">Spyware in Games</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
-</div>
-
-<ul>
- <li><p>nVidia's</strong></del></span>
- <span class="inserted"><ins><em><li id="M201611070">
+ <li id="M201611070">
<p>nVidia's</em></ins></span> proprietary GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
users identify themselves and then sends personal data about them to
nVidia servers</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Angry
Birds</strong></del></span>
+ <span
class="removed"><del><strong><li><p>Angry</strong></del></span>
<span class="inserted"><ins><em><li id="M201512290">
- <p>Many</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies, and the NSA takes advantage to spy through it
too</a>.
- Here's information</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
- video game consoles snoop</em></ins></span> on
- <span class="removed"><del><strong><a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ <p>Many <a
+
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users and report to the
+ internet</a>—even what their users weigh.</p>
+
+ <p>A game console is a computer, and you can't trust a computer with
+ a nonfree operating system.</p>
+ </li>
+
+ <li id="M201509160">
+ <p>Modern gratis game cr…apps <a
+
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range of data about their users and their users'
+ friends and associates</a>.</p>
+
+ <p>Even nastier, they do it through ad networks that merge the data
+ collected by various cr…apps and sites made by different
+ companies.</p>
+
+ <p>They use this data to manipulate people to buy things, and hunt
for
+ “whales” who can be led to spend a lot of money. They also
+ use a back door to manipulate the game play for specific players.</p>
+
+ <p>While the article describes gratis games, games that cost money
+ can use the same tactics.</p>
+ </li>
+
+ <li id="M201401280">
+ <p>Angry</em></ins></span> Birds <a
+
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies, and the NSA takes advantage
+ to spy through it too</a>. Here's information on <a
+
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
more spyware apps</a>.</p>
- <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+
+ <p><a
+
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
More about NSA app spying</a>.</p>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
@@ -1574,88 +1588,128 @@
<ul>
<li>
- <p>The “smart” toys My Friend
Cayla</strong></del></span> <span class="inserted"><ins><em>their
users</em></ins></span> and <span class="removed"><del><strong>i-Que transmit
- <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations</strong></del></span> <span
class="inserted"><ins><em>report</em></ins></span> to <span
class="removed"><del><strong>Nuance Communications</a>,
- a speech recognition company based in</strong></del></span> the <span
class="removed"><del><strong>U.S.</p>
+ <p>The “smart” toys My Friend Cayla and i-Que transmit
+ <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
+ a speech recognition company based in the U.S.</p>
<p>Those toys also contain major security vulnerabilities; crackers
can remotely control the toys with a mobile phone. This would
- enable crackers to listen in on</strong></del></span>
- <span class="inserted"><ins><em>internet</a>—even what their
users weigh.</p>
-
- <p>A game console is</em></ins></span> a <span
class="removed"><del><strong>child's speech,</strong></del></span> <span
class="inserted"><ins><em>computer,</em></ins></span> and <span
class="removed"><del><strong>even speak
- into the toys themselves.</p></strong></del></span> <span
class="inserted"><ins><em>you can't trust a computer with
- a nonfree operating system.</p></em></ins></span>
+ enable crackers to listen in on a child's speech, and even speak
+ into the toys themselves.</p>
</li>
- <span class="removed"><del><strong><li>
- <p>A computerized vibrator</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201509160">
- <p>Modern gratis game cr…apps</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ <li>
+ <p>A computerized vibrator
+ <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
was snooping on its users through the proprietary control
app</a>.</p>
<p>The app was reporting the temperature of the vibrator minute by
- minute (thus, indirectly, whether it was surrounded by a person's
+ minute (thus, indirectly, whether it was surrounded
by</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M200510200">
+ <p>Blizzard Warden is</em></ins></span> a <span
class="removed"><del><strong>person's
body), as well as the vibration frequency.</p>
- <p>Note the totally inadequate proposed
response:</strong></del></span>
- <span
class="inserted"><ins><em>href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
- collect</em></ins></span> a <span class="removed"><del><strong>labeling
- standard with which manufacturers would make
statements</strong></del></span> <span class="inserted"><ins><em>wide range of
data</em></ins></span> about their <span class="removed"><del><strong>products,
rather than free software which</strong></del></span> users <span
class="removed"><del><strong>could have
- checked</strong></del></span> and <span
class="removed"><del><strong>changed.</p>
+ <p>Note the totally inadequate proposed
response:</strong></del></span> <span class="inserted"><ins><em>hidden
+ “cheating-prevention” program that <a
+ href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
+ spies on every process running on</em></ins></span> a <span
class="removed"><del><strong>labeling
+ standard with which manufacturers would make statements about
+ their products, rather than free software</strong></del></span> <span
class="inserted"><ins><em>gamer's computer and sniffs a
+ good deal of personal data</a>, including lots of
activities</em></ins></span> which <span class="removed"><del><strong>users
could</strong></del></span>
+ have
+ <span class="removed"><del><strong>checked and
changed.</p></strong></del></span> <span
class="inserted"><ins><em>nothing to do with cheating.</p>
+ </li>
+</ul>
+
- <p>The company that made the vibrator
+
+<div class="big-section">
+ <h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul class="blurbs">
+<!-- INSERT stings -->
+ <li id="M201708280"></em></ins></span>
+ <p>The <span class="removed"><del><strong>company that made the
vibrator
<a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for collecting lots of personal information about how
- people used it</a>.</p>
+ was sued for collecting lots</strong></del></span> <span
class="inserted"><ins><em>bad security in many Internet</em></ins></span> of
<span class="removed"><del><strong>personal information about
how</strong></del></span> <span class="inserted"><ins><em>Stings devices allows
<a
+
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop on the</em></ins></span> people <span
class="removed"><del><strong>used it</a>.</p>
- <p>The company's statement that</strong></del></span> <span
class="inserted"><ins><em>their users'
- friends and associates</a>.</p>
+ <p>The company's statement</strong></del></span> that <span
class="removed"><del><strong>it was anonymizing the data
may</strong></del></span> <span class="inserted"><ins><em>use
them</a>.</p>
- <p>Even nastier, they do</em></ins></span> it <span
class="removed"><del><strong>was anonymizing</strong></del></span> <span
class="inserted"><ins><em>through ad networks that merge</em></ins></span> the
data <span class="removed"><del><strong>may be
- true, but it doesn't really matter. If it had sold
the</strong></del></span>
- <span class="inserted"><ins><em>collected by various cr…apps and
sites made by different
- companies.</p>
+ <p>Don't</em></ins></span> be
+ <span class="removed"><del><strong>true, but it doesn't really matter.
If it had sold the data to</strong></del></span> a
+ <span class="removed"><del><strong>data broker,</strong></del></span>
<span class="inserted"><ins><em>sucker—reject all</em></ins></span> the
<span class="removed"><del><strong>data broker would have been
able</strong></del></span> <span class="inserted"><ins><em>stings.</p>
+
+ <p>It is unfortunate that the article uses the term <a
+
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTVSets">TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+</div>
+
+<p>Emo Phillips made a joke: The other day a woman came
up</em></ins></span> to <span
class="removed"><del><strong>figure</strong></del></span> <span
class="inserted"><ins><em>me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see</em></ins></span> out
+ <span class="removed"><del><strong>who</strong></del></span> the <span
class="removed"><del><strong>user was.</p>
- <p>They use this</em></ins></span> data to <span
class="removed"><del><strong>a
- data broker, the data broker would have been able</strong></del></span>
<span class="inserted"><ins><em>manipulate people</em></ins></span> to <span
class="removed"><del><strong>figure out</strong></del></span> <span
class="inserted"><ins><em>buy things, and hunt for
- “whales”</em></ins></span> who <span
class="removed"><del><strong>the user was.</p>
-
- <p>Following this lawsuit,
- <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered</strong></del></span> <span
class="inserted"><ins><em>can be led</em></ins></span> to <span
class="removed"><del><strong>pay</strong></del></span> <span
class="inserted"><ins><em>spend</em></ins></span> a <span
class="removed"><del><strong>total</strong></del></span> <span
class="inserted"><ins><em>lot</em></ins></span> of <span
class="removed"><del><strong>C$4m</a>
- to its customers.</p>
- </li>
-
- <li><p> “CloudPets” toys with microphones
- <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to the
- manufacturer</a>. Guess what?
- <a
href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found</strong></del></span> <span class="inserted"><ins><em>money. They also
- use</em></ins></span> a <span
class="removed"><del><strong>way</strong></del></span> <span
class="inserted"><ins><em>back door</em></ins></span> to <span
class="removed"><del><strong>access</strong></del></span> <span
class="inserted"><ins><em>manipulate</em></ins></span> the <span
class="removed"><del><strong>data</a>
- collected by</strong></del></span> <span class="inserted"><ins><em>game
play for specific players.</p>
+ <p>Following this lawsuit,</strong></del></span> <span
class="inserted"><ins><em>other way.” Evidently that was
+before Amazon “smart” TVs.</p>
- <p>While</em></ins></span> the <span
class="removed"><del><strong>manufacturer's snooping.</p>
+<ul class="blurbs">
+<!-- INSERT tvsets -->
+ <li id="M201804010">
+ <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered to pay</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ load downgrades that install</em></ins></span> a <span
class="removed"><del><strong>total</strong></del></span> <span
class="inserted"><ins><em>surveillance app</a>.</p>
- <p>That</strong></del></span> <span
class="inserted"><ins><em>article describes gratis games, games that cost money
- can use</em></ins></span> the <span
class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>same tactics.</p>
+ <p>We link to the article for the facts it presents. It
+ is too bad that the article finishes by advocating the
+ moral weakness</em></ins></span> of <span
class="removed"><del><strong>C$4m</a></strong></del></span> <span
class="inserted"><ins><em>surrendering</em></ins></span> to <span
class="removed"><del><strong>its customers.</p></strong></del></span>
<span class="inserted"><ins><em>Netflix. The Netflix app <a
+ href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
+ malware too</a>.</p></em></ins></span>
</li>
- <li id="M201401280">
- <p>Angry Birds <a
-
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies,</em></ins></span> and the <span
class="removed"><del><strong>FBI could listen to these conversations
- was unacceptable by itself.</p></li>
+ <span class="removed"><del><strong><li><p>
“CloudPets” toys with microphones</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201702060">
+ <p>Vizio “smart”</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts and
+ cable</a>. Even if the image is coming from the user's own
computer,</em></ins></span>
+ the
+ <span class="removed"><del><strong>manufacturer</a>. Guess what?
+ <a
href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found</strong></del></span> <span class="inserted"><ins><em>TV reports what it
is. The existence of</em></ins></span> a way to <span
class="removed"><del><strong>access the data</a>
+ collected by</strong></del></span> <span
class="inserted"><ins><em>disable</em></ins></span> the <span
class="removed"><del><strong>manufacturer's snooping.</p>
+
+ <p>That</strong></del></span>
+ <span class="inserted"><ins><em>surveillance, even if it were not hidden
as it was in these TVs,
+ does not legitimize</em></ins></span> the <span
class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>surveillance.</p>
+ </li>
+
+ <li id="M201511130">
+ <p>Some web</em></ins></span> and <span
class="removed"><del><strong>the FBI could listen</strong></del></span> <span
class="inserted"><ins><em>TV advertisements play inaudible
+ sounds</em></ins></span> to <span class="removed"><del><strong>these
conversations
+ was unacceptable</strong></del></span> <span
class="inserted"><ins><em>be picked up</em></ins></span> by <span
class="removed"><del><strong>itself.</p></li>
<li><p>Barbie
- <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span> <span class="inserted"><ins><em>NSA takes
advantage</em></ins></span>
- to spy <span class="inserted"><ins><em>through it too</a>. Here's
information</em></ins></span> on <span class="removed"><del><strong>children
and adults</a>.</p>
+ <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p>
</li>
</ul>
<!-- #SpywareAtLowLevel -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+<!-- WEBMASTERS: make sure to place new items</strong></del></span> <span
class="inserted"><ins><em>proprietary malware running</em></ins></span>
+ on <span class="removed"><del><strong>top under each subsection -->
<div class="big-section">
<h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
@@ -1665,110 +1719,92 @@
<div class="big-subsection">
- <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
+ <h4 id="SpywareInBIOS">Spyware</strong></del></span> <span
class="inserted"><ins><em>other devices</em></ins></span> in <span
class="removed"><del><strong>BIOS</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>
<ul>
-<li><p></strong></del></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware and</strong></del></span>
- <span
class="inserted"><ins><em>href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
- more</em></ins></span> spyware <span class="removed"><del><strong>via
BIOS</a> on Windows installs.
-Note that the specific sabotage method Lenovo used did not affect
-GNU/Linux; also, a “clean” Windows install</strong></del></span>
<span class="inserted"><ins><em>apps</a>.</p>
-
- <p><a
-
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
- More about NSA app spying</a>.</p>
+<li><p>
+<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
+Note</strong></del></span> <span class="inserted"><ins><em>range so as to
determine</em></ins></span> that <span class="removed"><del><strong>the
specific sabotage method Lenovo used did not affect
+GNU/Linux; also, a “clean” Windows install is not really
+clean since</strong></del></span> <span class="inserted"><ins><em>they
+ are nearby. Once your Internet devices are paired with
+ your TV, advertisers can correlate ads with Web activity, and
other</em></ins></span> <a <span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
+puts</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
+ cross-device tracking</a>.</p>
</li>
- <li id="M200510200">
- <p>Blizzard Warden</em></ins></span> is <span
class="removed"><del><strong>not really
-clean since</strong></del></span> <span class="inserted"><ins><em>a hidden
- “cheating-prevention” program that</em></ins></span> <a
<span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
-puts in its own malware</a>.
+ <li id="M201511060">
+ <p>Vizio goes a step further than other TV
+ manufacturers</em></ins></span> in <span class="removed"><del><strong>its
own malware</a>.
</p></li>
</ul>
<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure to place new items</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
- spies on every process running</em></ins></span> on <span
class="removed"><del><strong>top under each subsection
--></strong></del></span> <span class="inserted"><ins><em>a gamer's computer
and sniffs a
- good deal of personal data</a>, including lots of activities which
- have nothing to do with cheating.</p>
- </li>
-</ul></em></ins></span>
-
-
+<!-- WEBMASTERS: make sure to place new items</strong></del></span> <span
class="inserted"><ins><em>spying</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
<div class="big-section">
- <h3 <span class="removed"><del><strong>id="SpywareAtWork">Spyware at
Work</h3></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInEquipment">Spyware in Connected
Equipment</h3></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtWork">#SpywareAtWork</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInEquipment">#SpywareInEquipment</a>)</span></em></ins></span>
+ <h3 id="SpywareAtWork">Spyware at Work</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
</div>
<div style="clear: left;"></div>
-<span class="removed"><del><strong><ul>
+<ul>
<li><p>Investigation
- Shows</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
- <li id="M201708280">
- <p>The bad security in many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows</strong></del></span> <span class="inserted"><ins><em>their
users: their</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
- <p>Specifically, it can collect</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
- to snoop on</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
- this way, because they pass it through Microsoft.</p></li>
-
- <li><p>Spyware in Cisco TNP IP phones:</strong></del></span>
<span class="inserted"><ins><em>people that use them</a>.</p>
+ <p>Specifically, it</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in detail and
+ link them your IP address</a> so that advertisers</em></ins></span>
can <span class="removed"><del><strong>collect the emails of members of
Parliament</strong></del></span> <span class="inserted"><ins><em>track you
+ across devices.</p>
- <p>Don't be a sucker—reject all the stings.</p>
+ <p>It is possible to turn</em></ins></span> this <span
class="removed"><del><strong>way, because they pass</strong></del></span> <span
class="inserted"><ins><em>off, but having</em></ins></span> it <span
class="removed"><del><strong>through Microsoft.</p></li>
- <p>It is unfortunate that the article uses the
term</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
- <span
class="inserted"><ins><em>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p></em></ins></span>
+ <li><p>Spyware in Cisco TNP IP phones:
+ <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>enabled by default
+ is an injustice already.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInSkype">Spyware in
Skype</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInTVSets">TV
Sets</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInSkype">#SpywareInSkype</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></em></ins></span>
+ <h4 id="SpywareInSkype">Spyware in Skype</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>
-<span class="removed"><del><strong><ul>
+<ul>
<li><p>Spyware in Skype:
<a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype</strong></del></span>
-<span class="inserted"><ins><em><p>Emo Phillips made a joke: The other
day a woman came up to me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out the other way.” Evidently that was
-before Amazon “smart” TVs.</p>
-
-<ul class="blurbs">
- <li id="M201804010">
- <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically</strong></del></span>
- <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
- load downgrades that install a surveillance app</a>.</p>
-
- <p>We link to the article</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p>
+ <span class="inserted"><ins><em><li id="M201511020">
+ <p>Tivo's alliance with Viacom adds 2.3 million households
+ to the 600 millions social media profiles the company
+ already monitors. Tivo customers are unaware they're
+ being watched by advertisers. By combining TV viewing
+ information with online social media participation, Tivo can
now</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically for spying</a>.</p>
</li>
</ul>
<!-- #SpywareOnTheRoad -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>the facts it presents. It
- is too bad that the article finishes by advocating the
- moral weakness of surrendering</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
+<!-- WEBMASTERS: make sure</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+ correlate TV advertisement with online purchases</a>, exposing all
+ users</em></ins></span> to <span
class="removed"><del><strong>place</strong></del></span> new <span
class="removed"><del><strong>items on top under each subsection -->
<div class="big-section">
- <h3 id="SpywareOnTheRoad">Spyware on</strong></del></span> <span
class="inserted"><ins><em>Netflix.</em></ins></span> The <span
class="removed"><del><strong>Road</h3>
+ <h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
<span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -1780,74 +1816,66 @@
<ul>
<li>
- <p>The Nest Cam</strong></del></span> <span
class="inserted"><ins><em>Netflix app <a
- href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
- malware too</a>.</p>
+ <p>The Nest Cam</strong></del></span> <span
class="inserted"><ins><em>combined surveillance by default.</p>
</li>
- <li id="M201702060">
- <p>Vizio</em></ins></span> “smart” <span
class="removed"><del><strong>camera is</strong></del></span> <a
- <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always
- watching</a>, even when</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts and
- cable</a>. Even if</em></ins></span> the <span
class="removed"><del><strong>“owner” switches</strong></del></span>
<span class="inserted"><ins><em>image is coming from the user's own computer,
- the TV reports what</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
- <p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>is. The existence of a way to
disable</em></ins></span> the <span class="removed"><del><strong>manufacturer
is using</strong></del></span>
- <span class="inserted"><ins><em>surveillance, even if</em></ins></span> it
<span class="removed"><del><strong>to outsmart
- you.</p></strong></del></span> <span
class="inserted"><ins><em>were not hidden as it was in these TVs,
- does not legitimize the surveillance.</p></em></ins></span>
+ <li id="M201507240">
+ <p>Vizio</em></ins></span> “smart” <span
class="removed"><del><strong>camera is</strong></del></span> <span
class="inserted"><ins><em>TVs recognize and</em></ins></span> <a
+ <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
+ what people are</em></ins></span> watching</a>, even <span
class="removed"><del><strong>when the “owner” switches it
“off.”</p>
+ <p>A “smart” device means the manufacturer is
using</strong></del></span> <span
class="inserted"><ins><em>if</em></ins></span> it <span
class="removed"><del><strong>to outsmart
+ you.</p></strong></del></span> <span
class="inserted"><ins><em>isn't a TV channel.</p></em></ins></span>
</li>
<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">Spyware</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201511130">
- <p>Some web and TV advertisements play inaudible
- sounds to be picked up by proprietary malware running
- on other devices</em></ins></span> in <span
class="removed"><del><strong>e-Readers</h4>
+ <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>
<ul>
- <li><p>E-books</strong></del></span> <span
class="inserted"><ins><em>range so as to determine that they
- are nearby. Once your Internet devices are paired with
- your TV, advertisers</em></ins></span> can <span
class="removed"><del><strong>contain Javascript code,</strong></del></span>
<span class="inserted"><ins><em>correlate ads with Web
activity,</em></ins></span> and <span
class="inserted"><ins><em>other</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
- this code snoops on readers</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
- cross-device tracking</a>.</p></em></ins></span>
- </li>
-
- <span
class="removed"><del><strong><li><p>Spyware</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201511060">
- <p>Vizio goes a step further than other TV
- manufacturers</em></ins></span> in <span class="removed"><del><strong>many
e-readers—not only the
- Kindle:</strong></del></span> <span class="inserted"><ins><em>spying on
their users: their</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.eff.org/pages/reader-privacy-chart-2012">
- they report even which page the user reads at what
time</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers can track you
- across devices.</p>
+ <li><p>E-books can contain Javascript code,
+ and</strong></del></span>
- <p>It is possible to turn this off, but having it enabled by default
- is an injustice already.</p></em></ins></span>
+ <span class="inserted"><ins><em><li id="M201505290">
+ <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"></em></ins></span>
+ snoops on <span
class="removed"><del><strong>readers</a>.</p></strong></del></span>
<span class="inserted"><ins><em>what programs people watch, and even what they
wanted to
+ record</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>Spyware in many
e-readers—not only the
+ Kindle:</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201504300">
+ <p>Vizio</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.eff.org/pages/reader-privacy-chart-2012">
+ they report even which page the user reads at</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+ used a firmware “upgrade” to make its TVs snoop
on</em></ins></span> what <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
+ <span class="inserted"><ins><em>users watch</a>. The TVs did not do
that when first sold.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>Adobe made
“Digital Editions,”</strong></del></span>
- <span class="inserted"><ins><em><li id="M201511020">
- <p>Tivo's alliance with Viacom adds 2.3 million households
- to</em></ins></span> the <span class="removed"><del><strong>e-reader
used</strong></del></span> <span class="inserted"><ins><em>600 millions social
media profiles the company
- already monitors. Tivo customers are unaware they're
- being watched</em></ins></span> by <span class="removed"><del><strong>most
US libraries,</strong></del></span> <span
class="inserted"><ins><em>advertisers. By combining TV viewing
- information with online social media participation, Tivo can
now</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
- send lots of data to Adobe</a>. Adobe's “excuse”: it's
- needed</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
- correlate TV advertisement with online purchases</a>, exposing all
- users</em></ins></span> to <span class="removed"><del><strong>check
DRM!</p></strong></del></span> <span class="inserted"><ins><em>new
combined surveillance by default.</p></em></ins></span>
+ <span class="inserted"><ins><em><li id="M201502090">
+ <p>The Samsung “Smart” TV <a
+
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
+ transmits users' voice on the internet to another company,
Nuance</a>.
+ Nuance can save it and would then have to give it to</em></ins></span> the
<span class="removed"><del><strong>e-reader used
+ by most</strong></del></span> US <span
class="removed"><del><strong>libraries,</strong></del></span> <span
class="inserted"><ins><em>or some
+ other government.</p>
+
+ <p>Speech recognition is not to be trusted unless it is done by free
+ software in your own computer.</p>
+
+ <p>In its privacy policy, Samsung explicitly confirms
that</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots of</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice</em></ins></span>
+ data <span class="inserted"><ins><em>containing sensitive information will
be transmitted</em></ins></span> to <span
class="removed"><del><strong>Adobe</a>. Adobe's “excuse”:
it's
+ needed to check DRM!</p></strong></del></span> <span
class="inserted"><ins><em>third
+ parties</a>.</p></em></ins></span>
</li>
<span class="removed"><del><strong></ul>
@@ -1859,71 +1887,34 @@
<ul>
<li><p>Computerized cars with nonfree software
are</strong></del></span>
- <span class="inserted"><ins><em><li id="M201507240">
- <p>Vizio “smart” TVs recognize and</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
- snooping devices</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
- what people are watching</a>, even if it isn't a TV
channel.</p></em></ins></span>
+ <span class="inserted"><ins><em><li id="M201411090">
+ <p>The Amazon “Smart” TV is</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data"></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance"></em></ins></span>
+ snooping <span
class="removed"><del><strong>devices</a>.</p></strong></del></span>
<span class="inserted"><ins><em>all the
time</a>.</p></em></ins></span>
</li>
<li <span class="removed"><del><strong>id="nissan-modem"><p>The
Nissan Leaf has a built-in cell phone modem which allows
effectively
- anyone</strong></del></span> <span
class="inserted"><ins><em>id="M201505290">
- <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
- access its computers remotely</strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
- snoops on what programs people watch,</em></ins></span> and <span
class="removed"><del><strong>make changes in various
+ anyone</strong></del></span> <span
class="inserted"><ins><em>id="M201409290">
+ <p>More or less all “smart” TVs</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely and make changes in various
settings</a>.</p>
- <p>That's easy</strong></del></span> <span
class="inserted"><ins><em>even what they wanted to
- record</a>.</p>
- </li>
-
- <li id="M201504300">
- <p>Vizio <a
-
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
- used a firmware “upgrade”</em></ins></span> to <span
class="inserted"><ins><em>make its TVs snoop on what
- users watch</a>. The TVs did not</em></ins></span> do <span
class="removed"><del><strong>because the system has no
authentication</strong></del></span> <span
class="inserted"><ins><em>that</em></ins></span> when
- <span class="removed"><del><strong>accessed through</strong></del></span>
<span class="inserted"><ins><em>first sold.</p>
- </li>
-
- <li id="M201502090">
- <p>The Samsung “Smart” TV <a
-
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
- transmits users' voice on</em></ins></span> the <span
class="removed"><del><strong>modem. However, even if</strong></del></span>
<span class="inserted"><ins><em>internet to another company, Nuance</a>.
- Nuance can save</em></ins></span> it <span
class="removed"><del><strong>asked for
- authentication, you couldn't</strong></del></span> <span
class="inserted"><ins><em>and would then have to give it to the US or some
- other government.</p>
-
- <p>Speech recognition is not to</em></ins></span> be <span
class="removed"><del><strong>confident that Nissan has no
- access. The</strong></del></span> <span class="inserted"><ins><em>trusted
unless it is done by free</em></ins></span>
- software in <span class="removed"><del><strong>the
car</strong></del></span> <span class="inserted"><ins><em>your own
computer.</p>
-
- <p>In its privacy policy, Samsung explicitly confirms that <a
-
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be transmitted to third
- parties</a>.</p>
- </li>
-
- <li id="M201411090">
- <p>The Amazon “Smart” TV</em></ins></span> is
- <span class="removed"><del><strong>proprietary,</strong></del></span>
<a <span
class="removed"><del><strong>href="/philosophy/free-software-even-more-important.html">which
- means it demands blind faith from its</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
- snooping all the time</a>.</p>
- </li>
-
- <li id="M201409290">
- <p>More or less all “smart” TVs <a
-
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their</em></ins></span> users</a>.</p>
-
- <span class="removed"><del><strong><p>Even if no one
connects</strong></del></span>
-
- <span class="inserted"><ins><em><p>The report was as of 2014, but we
don't expect this has got
+ <p>That's easy to do because the system</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their users</a>.</p>
+
+ <p>The report was as of 2014, but we don't expect
this</em></ins></span> has <span class="removed"><del><strong>no authentication
when
+ accessed through the modem. However, even if it asked for
+ authentication, you couldn't be confident</strong></del></span> <span
class="inserted"><ins><em>got
better.</p>
- <p>This shows that laws requiring products</em></ins></span> to
<span class="inserted"><ins><em>get users' formal
+ <p>This shows</em></ins></span> that <span
class="removed"><del><strong>Nissan has no
+ access. The software in the car is
+ proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+ means it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects</strong></del></span> <span
class="inserted"><ins><em>laws requiring products</em></ins></span> to <span
class="inserted"><ins><em>get users' formal
consent before collecting personal data are totally inadequate.
And what happens if a user declines consent? Probably</em></ins></span>
the <span class="removed"><del><strong>car remotely, the cell phone
modem enables the phone company</strong></del></span> <span
class="inserted"><ins><em>TV will
@@ -1937,152 +1928,149 @@
<li <span
class="removed"><del><strong>id="records-drivers"><p>Proprietary
software</strong></del></span> <span
class="inserted"><ins><em>id="M201405200">
<p>Spyware</em></ins></span> in <span
class="removed"><del><strong>cars</strong></del></span> <span
class="inserted"><ins><em>LG “smart” TVs</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
- which is made available to car manufacturers, insurance companies, and
- others.</p>
+ which is made available to car manufacturers, insurance
companies,</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ reports what the user watches,</em></ins></span> and
+ <span class="removed"><del><strong>others.</p>
- <p>The case of toll-collection systems, mentioned in this article,
is not
- really a matter of proprietary surveillance. These systems are an
+ <p>The case of toll-collection systems, mentioned
in</strong></del></span> <span class="inserted"><ins><em>the switch to
turn</em></ins></span> this <span class="removed"><del><strong>article, is not
+ really</strong></del></span> <span class="inserted"><ins><em>off has
+ no effect</a>. (The fact that the transmission
reports</em></ins></span> a <span class="removed"><del><strong>matter of
proprietary surveillance. These systems are an
intolerable invasion of privacy, and should be replaced with anonymous
- payment systems, but the invasion isn't done by malware. The other
- cases mentioned are done by proprietary malware in the
car.</p></li>
-
- <li><p>Tesla cars allow</strong></del></span>
- <span
class="inserted"><ins><em>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what</em></ins></span> the <span
class="removed"><del><strong>company to extract data
remotely</strong></del></span> <span class="inserted"><ins><em>user
watches,</em></ins></span> and
- <span class="removed"><del><strong>determine</strong></del></span> the
<span class="removed"><del><strong>car's location at any time. (See
- <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b and c.</a>). The company says it doesn't
- store</strong></del></span> <span class="inserted"><ins><em>switch to
turn</em></ins></span> this <span class="removed"><del><strong>information, but
if</strong></del></span> <span class="inserted"><ins><em>off has
- no effect</a>. (The fact that</em></ins></span> the <span
class="removed"><del><strong>state orders it to get</strong></del></span> <span
class="inserted"><ins><em>transmission reports a 404 error
- really means nothing;</em></ins></span> the <span
class="inserted"><ins><em>server could save that</em></ins></span> data
- <span class="removed"><del><strong>and hand</strong></del></span> <span
class="inserted"><ins><em>anyway.)</p>
+ payment systems, but</strong></del></span> <span
class="inserted"><ins><em>404 error
+ really means nothing;</em></ins></span> the <span
class="removed"><del><strong>invasion isn't done by malware.
The</strong></del></span> <span class="inserted"><ins><em>server could save
that data anyway.)</p>
- <p>Even worse,</em></ins></span> it <span
class="removed"><del><strong>over,</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>Even worse, it <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
- snoops on other devices on</em></ins></span> the <span
class="removed"><del><strong>state can store it.</p>
- </li>
-</ul>
-
-
-<!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>user's local network</a>.</p>
-
- <p>LG later said it had installed a patch</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
+ snoops on</em></ins></span> other
+ <span class="removed"><del><strong>cases mentioned are done by
proprietary malware in the car.</p></li>
-<div class="big-section">
- <h3 id="SpywareAtHome">Spyware at Home</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
-</div>
-<div style="clear: left;"></div>
+ <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>devices on</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>user's local network</a>.</p>
-<ul>
- <li><p>Nest thermometers
- send</strong></del></span> <span class="inserted"><ins><em>stop this, but any
- product could spy this way.</p>
+ <p>LG later said it had installed a patch</em></ins></span> to <span
class="removed"><del><strong>extract data remotely and
+ determine the car's location at</strong></del></span> <span
class="inserted"><ins><em>stop this, but</em></ins></span> any <span
class="removed"><del><strong>time. (See
+ <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b and c.</a>). The company says it doesn't
+ store</strong></del></span>
+ <span class="inserted"><ins><em>product could spy</em></ins></span> this
<span class="removed"><del><strong>information, but if the state orders
it</strong></del></span> <span class="inserted"><ins><em>way.</p>
- <p>Meanwhile, LG TVs</em></ins></span> <a <span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
- lot</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
- do lots</em></ins></span> of <span class="removed"><del><strong>data about
the user</a>.</p></strong></del></span> <span
class="inserted"><ins><em>spying anyway</a>.</p></em></ins></span>
+ <p>Meanwhile, LG TVs <a
+
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
+ do lots of spying anyway</a>.</p>
</li>
- <span class="removed"><del><strong><li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201212170">
+ <li id="M201212170">
<p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
- Crackers found a way to break security on a “smart”
TV</a>
- and use its camera</em></ins></span> to <span
class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>watch the people who are watching
TV.</p></em></ins></span>
+ Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>get the data</strong></del></span> <span
class="inserted"><ins><em>break security on a “smart”
TV</a></em></ins></span>
+ and <span class="removed"><del><strong>hand it over,</strong></del></span>
<span class="inserted"><ins><em>use its camera to watch</em></ins></span> the
<span class="removed"><del><strong>state can store
it.</p></strong></del></span> <span class="inserted"><ins><em>people who
are watching TV.</p></em></ins></span>
</li>
</ul>
-<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInCameras">Cameras</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
+<span class="removed"><del><strong><!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
--></strong></del></span>
+
+
+<div <span class="removed"><del><strong>class="big-section">
+ <h3 id="SpywareAtHome">Spyware at
Home</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
+ <h4 id="SpywareInCameras">Cameras</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtHome">#SpywareAtHome</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
</div>
+<span class="removed"><del><strong><div style="clear: left;"></div>
-<span class="removed"><del><strong><p>Emo Phillips made a joke: The
other day</strong></del></span>
+<ul>
+ <li><p>Nest thermometers
+ send</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT cameras -->
<li id="M201710040">
<p>Every “home security” camera, if its
- manufacturer can communicate with it, is</em></ins></span> a <span
class="removed"><del><strong>woman came up to me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out the other way.” Evidently that was
-before Amazon “smart” TVs.</p>
-
-<ul>
- <li>
- <p>Vizio
- “smart”</strong></del></span> <span
class="inserted"><ins><em>surveillance device.</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that</strong></del></span>
+ manufacturer can communicate with it, is a surveillance
device.</em></ins></span> <a <span
class="removed"><del><strong>href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
+ lot of data</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
- Canary camera</em></ins></span> is <span
class="removed"><del><strong>viewed</strong></del></span> <span
class="inserted"><ins><em>an example</a>.</p>
+ Canary camera is an example</a>.</p>
- <p>The article describes wrongdoing by the manufacturer,
based</em></ins></span> on <span class="removed"><del><strong>them, and not
just broadcasts
- and cable</a>. Even if</strong></del></span>
- the <span class="removed"><del><strong>image</strong></del></span> <span
class="inserted"><ins><em>fact that the device</em></ins></span> is <span
class="removed"><del><strong>coming from</strong></del></span> <span
class="inserted"><ins><em>tethered to a server.</p>
+ <p>The article describes wrongdoing by the manufacturer, based on
+ the fact that the device is tethered to a server.</p>
- <p><a href="/proprietary/proprietary-tethers.html">More about
- proprietary tethering</a>.</p>
+ <p><a
href="/proprietary/proprietary-tethers.html">More</em></ins></span> about
+ <span class="inserted"><ins><em>proprietary tethering</a>.</p>
- <p>But it also demonstrates that</em></ins></span> the <span
class="removed"><del><strong>user's own
- computer,</strong></del></span> <span class="inserted"><ins><em>device
gives</em></ins></span> the <span class="removed"><del><strong>TV reports what
it is. The existence</strong></del></span> <span
class="inserted"><ins><em>company
- surveillance capability.</p>
+ <p>But it also demonstrates that</em></ins></span> the <span
class="removed"><del><strong>user</a>.</p></strong></del></span>
<span class="inserted"><ins><em>device gives the company
+ surveillance capability.</p></em></ins></span>
</li>
- <li id="M201603220">
- <p>Over 70 brands</em></ins></span> of <span
class="removed"><del><strong>a way</strong></del></span> <span
class="inserted"><ins><em>network-connected surveillance cameras have <a
+ <span class="removed"><del><strong><li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201603220">
+ <p>Over 70 brands of network-connected surveillance cameras have
<a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone</em></ins></span> to
- <span class="removed"><del><strong>disable the
surveillance,</strong></del></span> <span class="inserted"><ins><em>watch
through them</a>.</p>
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>watch through them</a>.</p>
</li>
<li id="M201511250">
<p>The Nest Cam “smart” camera is <a
- href="http://www.bbc.com/news/technology-34922712">always
watching</a>,</em></ins></span>
- even <span class="removed"><del><strong>if</strong></del></span> <span
class="inserted"><ins><em>when the “owner”
switches</em></ins></span> it <span class="removed"><del><strong>were not
hidden</strong></del></span> <span
class="inserted"><ins><em>“off.”</p>
+ href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
+ even when the “owner” switches it “off.”</p>
<p>A “smart” device means the manufacturer is using it
- to outsmart you.</p>
+ to outsmart you.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><p>Emo Phillips
made</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT toys -->
<li id="M201711244">
- <p>The Furby Connect has a <a
+ <p>The Furby Connect has</em></ins></span> a <span
class="removed"><del><strong>joke: The other day</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
- universal back door</a>. If the product as shipped doesn't
act</em></ins></span> as <span class="inserted"><ins><em>a
- listening device, remote changes to the code could surely
convert</em></ins></span> it
- <span class="inserted"><ins><em>into one.</p>
+ universal back door</a>. If the product as shipped doesn't act
as</em></ins></span> a <span class="removed"><del><strong>woman came
up</strong></del></span>
+ <span class="inserted"><ins><em>listening device, remote
changes</em></ins></span> to <span class="removed"><del><strong>me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out</strong></del></span> the <span
class="removed"><del><strong>other way.” Evidently
that</strong></del></span> <span class="inserted"><ins><em>code could surely
convert it
+ into one.</p>
</li>
<li id="M201711100">
- <p>A remote-control sex toy</em></ins></span> was <span
class="removed"><del><strong>in
- these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>found to make <a
-
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>conversation between two
users</a>.</p></em></ins></span>
- </li>
+ <p>A remote-control sex toy</em></ins></span> was
+<span class="removed"><del><strong>before Amazon “smart”
TVs.</p>
- <span class="removed"><del><strong><li><p>More or less all
“smart” TVs</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201703140">
- <p>A computerized vibrator</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping</em></ins></span> on <span class="inserted"><ins><em>its
users through the proprietary control app</a>.</p>
+<ul>
+ <li>
+ <p>Vizio
+ “smart”</strong></del></span> <span
class="inserted"><ins><em>found to make</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts
+ and cable</a>. Even if</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of</em></ins></span> the <span
class="removed"><del><strong>image is coming from</strong></del></span> <span
class="inserted"><ins><em>conversation between two users</a>.</p>
+ </li>
- <p>The app was reporting the temperature of the vibrator minute by
- minute (thus, indirectly, whether it was surrounded by a person's
- body), as well as the vibration frequency.</p>
+ <li id="M201703140">
+ <p>A computerized vibrator <a
+
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping on its users through</em></ins></span> the <span
class="removed"><del><strong>user's own
+ computer,</strong></del></span> <span
class="inserted"><ins><em>proprietary control app</a>.</p>
+
+ <p>The app was reporting</em></ins></span> the <span
class="removed"><del><strong>TV reports what it is. The
existence</strong></del></span> <span
class="inserted"><ins><em>temperature</em></ins></span> of <span
class="removed"><del><strong>a way to
+ disable</strong></del></span> the <span
class="removed"><del><strong>surveillance, even if it were not hidden
as</strong></del></span> <span class="inserted"><ins><em>vibrator minute by
+ minute (thus, indirectly, whether</em></ins></span> it was <span
class="removed"><del><strong>in
+ these TVs, does not legitimize</strong></del></span> <span
class="inserted"><ins><em>surrounded by a person's
+ body), as well as</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p>
+ </li>
+
+ <li><p>More or less all “smart” TVs <a
+href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on</strong></del></span> <span class="inserted"><ins><em>vibration
frequency.</p>
<p>Note the totally inadequate proposed response: a labeling
standard with which manufacturers would make statements
about</em></ins></span> their <span
class="removed"><del><strong>users</a>.</p></strong></del></span>
@@ -2107,66 +2095,57 @@
<p>Proper laws</strong></del></span> <span
class="inserted"><ins><em>data broker</em></ins></span> would <span
class="removed"><del><strong>say that TVs are not allowed</strong></del></span>
<span class="inserted"><ins><em>have been able</em></ins></span> to <span
class="removed"><del><strong>report what</strong></del></span> <span
class="inserted"><ins><em>figure out who</em></ins></span> the
user <span class="removed"><del><strong>watches — no
exceptions!</p>
</li>
- <li><p>Vizio goes a step further than other TV manufacturers in
spying on
- their users: their <a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers can track you
- across devices.</p>
-
- <p>It is possible to turn</strong></del></span> <span
class="inserted"><ins><em>was.</p>
-
- <p>Following</em></ins></span> this <span
class="removed"><del><strong>off, but having it enabled by default
- is an injustice already.</p>
- </li>
+ <li><p>Vizio goes</strong></del></span> <span
class="inserted"><ins><em>was.</p>
- <li><p>Tivo's alliance with Viacom adds 2.3 million households to
- the 600 millions social media profiles</strong></del></span> <span
class="inserted"><ins><em>lawsuit, <a
-
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></em></ins></span>
- the company <span class="removed"><del><strong>already
- monitors. Tivo customers are unaware they're being watched by
- advertisers. By combining TV viewing information with online
- social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement</strong></del></span> <span class="inserted"><ins><em>has
been ordered to pay a total of C$4m</a> to its
+ <p>Following this lawsuit, <a
+
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered to pay</em></ins></span> a <span
class="removed"><del><strong>step further than other TV manufacturers in spying
on
+ their users: their</strong></del></span> <span
class="inserted"><ins><em>total of C$4m</a> to its
customers.</p>
</li>
<li id="M201702280">
- <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>online purchases</a>, exposing all
users</strong></del></span> <span class="inserted"><ins><em>microphones <a
-
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations</em></ins></span> to
- <span class="removed"><del><strong>new combined
surveillance</strong></del></span> <span class="inserted"><ins><em>the
manufacturer</a>. Guess what? <a
+ <p>“CloudPets” toys with microphones</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in
detail</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
+ leak childrens' conversations to the manufacturer</a>. Guess what?
<a
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way to access the data</a>
collected</em></ins></span> by <span
class="removed"><del><strong>default.</p></li>
- <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>the
+ Crackers found a way to access the data</a> collected by the
manufacturer's snooping.</p>
- <p>That the manufacturer</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>the FBI could
listen</em></ins></span> to <span class="removed"><del><strong>be
- picked up</strong></del></span> <span class="inserted"><ins><em>these
- conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>proprietary malware running on other devices in
- range so as</strong></del></span> <span
class="inserted"><ins><em>itself.</p>
+ <p>That the manufacturer</em></ins></span> and
+ <span class="removed"><del><strong>link them your IP address</a>
so that advertisers can track you
+ across devices.</p>
+
+ <p>It is possible</strong></del></span> <span
class="inserted"><ins><em>the FBI could listen</em></ins></span> to <span
class="removed"><del><strong>turn this off, but having it
enabled</strong></del></span> <span class="inserted"><ins><em>these
+ conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>default
+ is an injustice already.</p></strong></del></span> <span
class="inserted"><ins><em>itself.</p></em></ins></span>
</li>
- <li id="M201612060">
+ <span class="removed"><del><strong><li><p>Tivo's
alliance</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201612060">
<p>The “smart” toys My Friend Cayla and i-Que transmit
<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
- conversations</em></ins></span> to <span
class="removed"><del><strong>determine that they are nearby. Once your
- Internet devices are paired with your TV,
advertisers</strong></del></span> <span class="inserted"><ins><em>Nuance
Communications</a>, a speech recognition
+ conversations to Nuance Communications</a>, a speech recognition
company based in the U.S.</p>
- <p>Those toys also contain major security vulnerabilities;
crackers</em></ins></span>
- can
- <span class="removed"><del><strong>correlate ads</strong></del></span>
<span class="inserted"><ins><em>remotely control the toys</em></ins></span>
with <span class="removed"><del><strong>Web activity,</strong></del></span>
<span class="inserted"><ins><em>a mobile phone. This would enable
- crackers to listen in on a child's speech,</em></ins></span> and
- <span class="removed"><del><strong>other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span> <span
class="inserted"><ins><em>even speak into the
- toys themselves.</p></em></ins></span>
- </li>
- <span class="removed"><del><strong><li><p>Vizio
“smart” TVs recognize and</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201502180">
- <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,
- even if it isn't</strong></del></span>
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control the toys</em></ins></span> with <span
class="removed"><del><strong>Viacom adds 2.3 million
households</strong></del></span> <span class="inserted"><ins><em>a mobile
phone. This would enable
+ crackers</em></ins></span> to <span class="inserted"><ins><em>listen in on
a child's speech, and even speak into</em></ins></span> the <span
class="removed"><del><strong>600 millions social media profiles the company
already
+ monitors. Tivo customers are unaware they're being watched by
+ advertisers. By combining TV viewing information with online
+ social media participation, Tivo can now</strong></del></span>
+ <span class="inserted"><ins><em>toys themselves.</p>
+ </li>
+
+ <li id="M201502180">
+ <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all
users</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going to spy on children and adults</a>.</p>
+ going</em></ins></span> to
+ <span class="removed"><del><strong>new combined surveillance by
default.</p></li>
+ <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>spy on children</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span
class="inserted"><ins><em>adults</a>.</p>
</li>
</ul>
@@ -2177,13 +2156,19 @@
</div>
<ul class="blurbs">
+<!-- INSERT drones -->
<li id="M201708040">
- <p>While you're using</em></ins></span> a <span
class="removed"><del><strong>TV channel.</p></strong></del></span> <span
class="inserted"><ins><em>DJI drone
- to snoop on other people, DJI is in many cases <a
-
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
+ <p>While you're using a DJI drone</em></ins></span>
+ to <span class="removed"><del><strong>be
+ picked up by proprietary malware running</strong></del></span> <span
class="inserted"><ins><em>snoop</em></ins></span> on other <span
class="removed"><del><strong>devices</strong></del></span> <span
class="inserted"><ins><em>people, DJI is</em></ins></span> in
+ <span class="removed"><del><strong>range so as to determine that they
are nearby. Once your
+ Internet devices are paired with your TV, advertisers can
+ correlate ads with Web activity, and
+ other</strong></del></span> <span class="inserted"><ins><em>many
cases</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p>The Amazon
“Smart” TV</strong></del></span>
+ <span
class="removed"><del><strong><li><p>Vizio</strong></del></span>
<span class="inserted"><ins><em></ul>
@@ -2192,8 +2177,13 @@
</div>
<ul class="blurbs">
+<!-- INSERT home -->
<li id="M201809260">
- <p>Honeywell's “smart” thermostats communicate
+ <p>Honeywell's</em></ins></span> “smart” <span
class="removed"><del><strong>TVs recognize and
+ <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what
people are watching</a>,
+ even if it isn't a TV channel.</p>
+ </li>
+ <li><p>The Amazon “Smart” TV</strong></del></span>
<span class="inserted"><ins><em>thermostats communicate
only through the company's server. They have
all the nasty characteristics of such devices:</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
watching</strong></del></span>
@@ -2253,7 +2243,7 @@
a device</em></ins></span> that <span class="removed"><del><strong>data
anyway.)</p>
<p>Even worse,</strong></del></span> <span
class="inserted"><ins><em>can obey your voice commands without potentially
spying
- on you. Even if</em></ins></span> it <span class="inserted"><ins><em>is
air-gapped, it could be saving up records
+ on you. Even if it is air-gapped,</em></ins></span> it <span
class="inserted"><ins><em>could be saving up records
about you for later examination.</p>
</li>
@@ -2278,6 +2268,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT wearables -->
<li id="M201807260">
<p>Tommy Hilfiger clothing <a
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
@@ -2294,6 +2285,7 @@
<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
<ul class="blurbs">
+<!-- INSERT watches -->
<li id="M201603020">
<p>A very cheap “smart watch” comes with an Android app
<a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
@@ -2330,6 +2322,7 @@
<li><p>Users</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT cars -->
<li id="M201711230">
<p>AI-powered driving apps can <a
href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
@@ -2360,25 +2353,25 @@
If</strong></del></span> <span class="inserted"><ins><em>do
because</em></ins></span> the <span class="removed"><del><strong>fine print
of</strong></del></span> <span class="inserted"><ins><em>system has no
authentication
when accessed through</em></ins></span> the <span
class="removed"><del><strong>app said that users gave consent for this,
would that make</strong></del></span> <span class="inserted"><ins><em>modem.
However, even if</em></ins></span> it <span
class="removed"><del><strong>acceptable? No way! It
should</strong></del></span> <span class="inserted"><ins><em>asked
- for authentication, you couldn't</em></ins></span> be <span
class="removed"><del><strong>flat out</strong></del></span> <span
class="inserted"><ins><em>confident that Nissan
- has no access. The software in the car is proprietary,</em></ins></span>
<a <span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html">
-illegal</strong></del></span>
- <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
means
- it demands blind faith from its users</a>.</p>
-
- <p>Even if no one connects</em></ins></span> to <span
class="removed"><del><strong>design</strong></del></span> the <span
class="removed"><del><strong>app to snoop at all</a>.
+ for authentication, you couldn't</em></ins></span> be <span
class="removed"><del><strong>flat out
+<a href="/philosophy/surveillance-vs-democracy.html">
+illegal to design</strong></del></span> <span
class="inserted"><ins><em>confident that Nissan
+ has no access. The software in</em></ins></span> the <span
class="removed"><del><strong>app to snoop at all</a>.
</p>
</li>
- <li><p>Many
- <a
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
- video game consoles snoop on their users and
report</strong></del></span> <span class="inserted"><ins><em>car remotely, the
cell phone modem
- enables the phone company</em></ins></span> to <span
class="inserted"><ins><em>track the car's movements all</em></ins></span> the
+ <li><p>Many</strong></del></span> <span
class="inserted"><ins><em>car is proprietary,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users and report</strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
means
+ it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects</em></ins></span> to the
<span class="removed"><del><strong>internet</a>— even what
their users weigh.</p>
- <p>A game console</strong></del></span> <span
class="inserted"><ins><em>time;
- it</em></ins></span> is <span class="removed"><del><strong>a computer, and
you can't trust a computer with
- a nonfree operating system.</p></strong></del></span> <span
class="inserted"><ins><em>possible to physically remove the cell phone modem,
though.</p></em></ins></span>
+ <p>A game console is a computer, and you can't trust a computer
with
+ a nonfree operating system.</p></strong></del></span> <span
class="inserted"><ins><em>car remotely, the cell phone modem
+ enables the phone company to track the car's movements all the time;
+ it is possible to physically remove the cell phone modem,
though.</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>Modern gratis game
cr…apps
@@ -2425,6 +2418,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT virtual -->
<li id="M201612230">
<p>VR equipment, measuring every slight motion,
creates the potential</em></ins></span> for <span
class="removed"><del><strong>specific players.</p>
@@ -2462,6 +2456,7 @@
<li><p>When</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT websites -->
<li id="M201805170">
<p>The Storyful program <a
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
@@ -2550,125 +2545,136 @@
</div>
<span class="removed"><del><strong><ul>
- <li><p>Google Chrome contains a key logger that
- <a
href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
- sends Google every URL typed in</a>, one key at a time.</p>
- </li>
-
- <li><p>Google Chrome includes a module that</strong></del></span>
+ <li><p>Google Chrome contains a key logger
that</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT javascript -->
<li id="M201807190">
- <p>British Airways used</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
- activates microphones and transmits audio</strong></del></span>
+ <p>British Airways used</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
+ sends Google every URL</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
- JavaScript on its web site</em></ins></span> to <span
class="inserted"><ins><em>give other companies personal data
on</em></ins></span>
- its <span
class="removed"><del><strong>servers</a>.</p></strong></del></span>
<span class="inserted"><ins><em>customers</a>.</p></em></ins></span>
+ JavaScript on its web site to give other companies personal data on
+ its customers</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Google Chrome makes it
easy for an extension to do</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201712300">
- <p>Some JavaScript malware</em></ins></span> <a
- <span
class="removed"><del><strong>href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
- snooping</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
+ <li id="M201712300">
+ <p>Some JavaScript malware <a
+
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
swipes usernames from browser-based password managers</a>.</p>
</li>
<li id="M201712210">
<p>Many web sites use JavaScript code <a
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
- to snoop</em></ins></span> on <span class="inserted"><ins><em>information
that users have typed into a
- form but not sent</a>, in order to learn their identity. Some are
<a
+ to snoop on information that users have</em></ins></span> typed <span
class="removed"><del><strong>in</a>, one key at</strong></del></span>
<span class="inserted"><ins><em>into</em></ins></span> a <span
class="removed"><del><strong>time.</p></strong></del></span>
+ <span class="inserted"><ins><em>form but not sent</a>, in order to
learn their identity. Some are <a
href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
- getting sued</a> for this.</p>
+ getting sued</a> for this.</p></em></ins></span>
</li>
- <li id="M201711150">
+ <span class="removed"><del><strong><li><p>Google Chrome includes
a module that</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201711150">
<p>Some websites send
- JavaScript code to collect all</em></ins></span> the user's <span
class="removed"><del><strong>browsing</a>, and many of them do
so.</p></strong></del></span> <span class="inserted"><ins><em>input, <a
-
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
+ JavaScript code to collect all the user's input,</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ activates microphones</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
can then be used to reproduce the whole session</a>.</p>
<p>If you use LibreJS, it will block that malicious JavaScript
- code.</p></em></ins></span>
+ code.</p>
</li>
</ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInFlash">Spyware in
Flash</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInFlash">Flash</h4></em></ins></span>
+ <h4 id="SpywareInFlash">Flash</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>
-<span class="removed"><del><strong><ul>
- <li><p>Flash</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
+<ul class="blurbs">
+<!-- INSERT flash -->
<li id="M201310110">
- <p>Flash and JavaScript are used for <a
+ <p>Flash</em></ins></span> and <span
class="removed"><del><strong>transmits audio</strong></del></span> <span
class="inserted"><ins><em>JavaScript are used for <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
- “fingerprinting” devices</a> to identify users.</p>
+ “fingerprinting” devices</a></em></ins></span> to <span
class="removed"><del><strong>its
servers</a>.</p></strong></del></span> <span
class="inserted"><ins><em>identify users.</p>
</li>
<li id="M201003010">
- <p>Flash</em></ins></span> Player's <a
+ <p>Flash Player's <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
- cookie feature helps web sites track visitors</a>.</p>
+ cookie feature helps web sites track
visitors</a>.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p>Flash is also used for
- <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
- “fingerprinting” devices </a> to identify
users.</p>
- </li></strong></del></span>
-</ul>
+ <span
class="removed"><del><strong><li><p>Google</strong></del></span>
+<span class="inserted"><ins><em></ul>
-<span class="removed"><del><strong><p><a
href="/philosophy/javascript-trap.html">Javascript code</a>
-is another method of “fingerprinting” devices.</p>
+<div class="big-subsection">
+ <h4 id="SpywareInChrome">Chrome</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInChrome">#SpywareInChrome</a>)</span>
+</div>
-<!-- #SpywareEverywhere --></strong></del></span>
+<ul class="blurbs">
+<!-- INSERT chrome -->
+ <li id="M201507280">
+ <p>Google</em></ins></span> Chrome makes it easy for an extension to
do <a
+
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do
so.</p>
+ </li>
+<span class="removed"><del><strong></ul>
-<div <span class="removed"><del><strong>class="big-section">
- <h3 id="SpywareEverywhere">Spyware
Everywhere</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
- <h4 id="SpywareInChrome">Chrome</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareEverywhere">#SpywareEverywhere</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInChrome">#SpywareInChrome</a>)</span></em></ins></span>
+<div class="big-subsection">
+ <h4 id="SpywareInFlash">Spyware in Flash</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>
-<span class="removed"><del><strong><div style="clear: left;"></div>
<ul>
- <li><p>The natural</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
- <li id="M201507280">
- <p>Google Chrome makes it easy for an</em></ins></span> extension
<span class="removed"><del><strong>of monitoring people through
- “their” phones is <a
-
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
- proprietary software</strong></del></span> to <span
class="removed"><del><strong>make sure they can't
“fool”</strong></del></span> <span class="inserted"><ins><em>do
<a
-
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
- snooping on</em></ins></span> the
- <span
class="removed"><del><strong>monitoring</a>.</p></strong></del></span>
<span class="inserted"><ins><em>user's browsing</a>, and many of them do
so.</p></em></ins></span>
+ <li><p>Flash Player's
+ <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
+ cookie feature helps web sites track visitors</a>.</p>
</li>
- <span class="removed"><del><strong><li><p><a
href="http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
- Intel devices will be able</strong></del></span>
+ <li><p>Flash is also used for</strong></del></span>
<span class="inserted"><ins><em><li id="M201506180">
- <p>Google Chrome includes a module that <a
-
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
- activates microphones and transmits audio</em></ins></span> to <span
class="removed"><del><strong>listen for speech all the time, even when
“off.”</a></p></strong></del></span> <span
class="inserted"><ins><em>its servers</a>.</p>
+ <p>Google Chrome includes a module that</em></ins></span> <a
<span
class="removed"><del><strong>href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices </a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ activates microphones and transmits audio</em></ins></span> to <span
class="removed"><del><strong>identify users.</p></strong></del></span>
<span class="inserted"><ins><em>its
servers</a>.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+<p><a href="/philosophy/javascript-trap.html">Javascript
code</a>
+is another method of “fingerprinting” devices.</p>
+
+
+<!-- #SpywareEverywhere -->
+<div class="big-section">
+ <h3 id="SpywareEverywhere">Spyware Everywhere</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareEverywhere">#SpywareEverywhere</a>)</span>
+</div>
+<div style="clear: left;"></div>
- <li id="M201308040">
- <p>Google Chrome <a
- href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
+<ul>
+ <li><p>The natural extension of monitoring people through
+ “their” phones is</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201308040">
+ <p>Google Chrome</em></ins></span> <a
+ <span
class="removed"><del><strong>href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ proprietary software to make sure they can't “fool” the
+ monitoring</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
spies on browser history, affiliations</a>, and other installed
- software.</p>
+ software.</p></em></ins></span>
</li>
- <li id="M200809060">
+ <span class="removed"><del><strong><li><p><a
href="http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
+ Intel devices will be able to listen for speech all the time, even when
“off.”</a></p></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M200809060">
<p>Google Chrome contains a key logger that <a
href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
sends Google every URL typed in</a>, one key at a
time.</p></em></ins></span>
@@ -2692,6 +2698,7 @@
real</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT networks -->
<li id="M201606030">
<p>Investigation Shows</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
software as malicious as many other programs listed in this
@@ -2775,7 +2782,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/10/01 09:59:22 $
+$Date: 2018/10/01 19:58:10 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/proprietary-surveillance.it.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.it.po,v
retrieving revision 1.244
retrieving revision 1.245
diff -u -b -r1.244 -r1.245
--- proprietary/po/proprietary-surveillance.it.po 1 Oct 2018 09:59:22
-0000 1.244
+++ proprietary/po/proprietary-surveillance.it.po 1 Oct 2018 19:58:10
-0000 1.245
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2017-12-31 13:19+0100\n"
"Last-Translator: Andrea Pescetti <address@hidden>\n"
"Language-Team: Italian <address@hidden>\n"
@@ -1986,8 +1986,8 @@
#. type: Content of: <ul><li><p>
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
#. type: Content of: <ul><li><dl><dt>
@@ -2072,7 +2072,7 @@
# | Injects JavaScript code into HTML pages, and also uses roughly [-5-]
# | {+five+} tracking libraries. Developers of this app have confirmed that
# | the non-premium version of the app does JavaScript injection for tracking
-# | and display ads.
+# | {+the user+} and [-display-] {+displaying+} ads.
#, fuzzy
#| msgid ""
#| "Injects JavaScript code into HTML pages, and also uses roughly 5 tracking "
@@ -2081,7 +2081,8 @@
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
"Inserisce codice JavaScript nelle pagine HTML inviate agli utenti; usa circa "
"5 librerie di tracciamento. Gli sviluppatori hanno confermato che la "
Index: proprietary/po/proprietary-surveillance.ja-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ja-diff.html,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -b -r1.82 -r1.83
--- proprietary/po/proprietary-surveillance.ja-diff.html 1 Oct 2018
09:59:22 -0000 1.82
+++ proprietary/po/proprietary-surveillance.ja-diff.html 1 Oct 2018
19:58:10 -0000 1.83
@@ -206,6 +206,7 @@
<li><p>By</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT windows -->
<li id="M201712110">
<p>HP's proprietary operating system <a
href="http://www.bbc.com/news/technology-42309371">includes a
@@ -303,24 +304,16 @@
<span class="inserted"><ins><em><li id="M201508180">
<p><a
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
- Intel devices will be able</em></ins></span> to <span
class="removed"><del><strong>snoop on</strong></del></span> <span
class="inserted"><ins><em>listen for speech all</em></ins></span> the <span
class="removed"><del><strong>users' files, text input, voice input,
- location info, contacts, calendar records and web browsing
- history, as well as automatically connecting the machines to open
- hotspots and showing targeted ads.</p></li>
-
- <li><p>
- <a</strong></del></span> <span class="inserted"><ins><em>time, even
+ Intel devices will be able</em></ins></span> to <span
class="removed"><del><strong>snoop on</strong></del></span> <span
class="inserted"><ins><em>listen for speech all</em></ins></span> the <span
class="removed"><del><strong>users' files, text</strong></del></span> <span
class="inserted"><ins><em>time, even
when “off.”</a></p>
</li>
<li id="M201508130">
- <p><a</em></ins></span>
+ <p><a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
Windows 10 sends identifiable information to Microsoft</a>, even if
a user turns off its Bing search and Cortana features, and activates
- the privacy-protection <span
class="removed"><del><strong>settings.</p></li>
-
- <li><p></strong></del></span> <span
class="inserted"><ins><em>settings.</p>
+ the privacy-protection settings.</p>
</li>
<li id="M201507300">
@@ -328,9 +321,17 @@
href="https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
ships with default settings that show no regard for the privacy of
its users</a>, giving Microsoft the “right” to snoop on
- the users' files, text input, voice input, location info, contacts,
+ the users' files, text</em></ins></span> input, voice input, location
info, contacts,
calendar records and web browsing history, as well as automatically
- connecting the machines to open hotspots and showing targeted
ads.</p>
+ connecting the machines to open hotspots and showing targeted <span
class="removed"><del><strong>ads.</p></li>
+
+ <li><p>
+ <a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
+ Windows 10 sends identifiable information to Microsoft</a>, even if a
user
+ turns off its Bing search and Cortana features, and activates the
+ privacy-protection settings.</p></li>
+
+ <li><p></strong></del></span> <span
class="inserted"><ins><em>ads.</p>
<p>We can suppose</em></ins></span> Microsoft <span
class="inserted"><ins><em>look at users' files for the US government
on demand, though the “privacy policy” does not explicitly
@@ -410,6 +411,7 @@
edited</a>. The</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT macos -->
<li id="M201809070">
<p>Adware Doctor, an ad blocker for MacOS,</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
@@ -489,6 +491,7 @@
behavioral</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT bios -->
<li id="M201509220">
<p><a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
@@ -557,6 +560,7 @@
lots</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT phones -->
<li id="M201601110">
<p>The natural extension</em></ins></span> of <span
class="removed"><del><strong>personal data</strong></del></span> <span
class="inserted"><ins><em>monitoring
people through “their” phones is <a
@@ -573,8 +577,7 @@
them <span class="removed"><del><strong>from there.</p>
</li>
- <li><p>The iMessage app</strong></del></span> <span
class="inserted"><ins><em>to turn the phones</em></ins></span> on <span
class="removed"><del><strong>iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone</strong></del></span> <span
class="inserted"><ins><em>and off, listen to the microphone,
+ <li><p>The iMessage app</strong></del></span> <span
class="inserted"><ins><em>to turn the phones on and off, listen to the
microphone,
retrieve geo-location data from the GPS, take photographs, read
text messages, read call, location and web browsing history, and
read the contact list. This malware is designed to disguise itself
@@ -609,6 +612,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT ithings -->
<li id="M201711250">
<p>The DMCA and the EU Copyright Directive make it <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
@@ -641,9 +645,9 @@
</li>
<li id="M201609280">
- <p>The iMessage app on iThings <a
+ <p>The iMessage app</em></ins></span> on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone</em></ins></span> number that the user types into
it</a>; the
+ a server every phone number that the user types into it</a>; the
server records these numbers for at least 30 days.</p>
</li>
@@ -684,7 +688,9 @@
security to get at them, but NSA can access any of them through <a
<span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
</p></li>
- <li><p>Spyware in iThings:</strong></del></span>
+ <li><p>Spyware in iThings:
+ the <a
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a></strong></del></span>
<span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
@@ -704,15 +710,15 @@
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
Several “features” of iOS seem to exist
- for no possible purpose other than surveillance</a>. Here
is</em></ins></span> the <a
- <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ for no possible purpose other than surveillance</a>. Here is the
<a
+
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
Technical presentation</a>.</p>
</li>
<li id="M201401100">
- <p>The <a class="not-a-duplicate"</em></ins></span>
+ <p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly where the iThing is, and
+ iBeacon</a></em></ins></span> lets stores determine exactly where
the iThing is, and
get other info too.</p>
</li>
@@ -781,6 +787,7 @@
<li><p>According to Edward Snowden,</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT android -->
<li id="M201711210">
<p>Android tracks location for Google</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
by</strong></del></span>
@@ -902,6 +909,7 @@
movements before</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT e-readers -->
<li id="M201603080">
<p>E-books can contain JavaScript code,</em></ins></span> and <span
class="removed"><del><strong>after the ride</a>.</p>
@@ -955,6 +963,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT apps -->
<li id="M201808030">
<p>Some Google apps</em></ins></span> on <span
class="removed"><del><strong>various sites
such as Facebook, Google+ and Twitter.</p></strong></del></span>
<span class="inserted"><ins><em>Android <a
@@ -1001,70 +1010,114 @@
</li>
<li><p>Like most “music screaming” disservices,
Spotify
- is based</strong></del></span> <span
class="inserted"><ins><em>insecurely snitch</em></ins></span> on <span
class="removed"><del><strong>proprietary malware (DRM and snooping). In August
+ is based</strong></del></span> <span
class="inserted"><ins><em>insecurely snitch</em></ins></span> on <span
class="inserted"><ins><em>its users. Furthermore, they could
+ detect only some methods of snooping, in these</em></ins></span>
proprietary <span class="removed"><del><strong>malware
(DRM</strong></del></span> <span class="inserted"><ins><em>apps whose
+ source code they cannot look at. The other apps might be snooping
+ in other ways.</p>
+
+ <p>This is evidence that proprietary apps generally work against
+ their users. To protect their privacy</em></ins></span> and <span
class="removed"><del><strong>snooping). In August
2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit to increased snooping</a>, and some
+ demanded</strong></del></span> <span class="inserted"><ins><em>freedom,
Android</em></ins></span> users <span
class="removed"><del><strong>submit</strong></del></span>
+ <span class="inserted"><ins><em>need</em></ins></span> to <span
class="removed"><del><strong>increased snooping</a>, and some
are starting to realize that it is nasty.</p>
- <p>This article shows the <a
-href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
- twisted ways that they present snooping as a way
- to “serve” users better</a>—never mind
- whether</strong></del></span> <span class="inserted"><ins><em>its users.
Furthermore,</em></ins></span> they <span class="removed"><del><strong>want
that. This is a typical example of
- the attitude</strong></del></span> <span class="inserted"><ins><em>could
- detect only some methods</em></ins></span> of <span
class="removed"><del><strong>the proprietary software industry towards
+ <p>This article shows</strong></del></span> <span
class="inserted"><ins><em>get rid of</em></ins></span> the <span
class="inserted"><ins><em>proprietary software—both proprietary
+ Android by</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as a way</strong></del></span>
<span
class="inserted"><ins><em>href="https://replicant.us">switching</em></ins></span>
to <span class="removed"><del><strong>“serve” users
better</a>—never mind
+ whether they want that. This is a typical example of
+ the attitude of</strong></del></span> <span
class="inserted"><ins><em>Replicant</a>,
+ and</em></ins></span> the proprietary <span
class="removed"><del><strong>software industry towards
those they have subjugated.</p>
<p>Out, out, damned Spotify!</p>
</li>
- <li><p>Many</strong></del></span> <span
class="inserted"><ins><em>snooping, in these</em></ins></span> proprietary apps
<span class="removed"><del><strong>for mobile devices report
which</strong></del></span> <span class="inserted"><ins><em>whose
- source code they cannot look at. The</em></ins></span> other apps <span
class="removed"><del><strong>the user has
- installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this</strong></del></span> <span class="inserted"><ins><em>might
be snooping</em></ins></span>
- in <span class="removed"><del><strong>a way that at
least</strong></del></span> <span class="inserted"><ins><em>other
ways.</p>
-
- <p>This</em></ins></span> is <span
class="removed"><del><strong>visible and
+ <li><p>Many proprietary</strong></del></span> apps <span
class="removed"><del><strong>for mobile devices report which
other</strong></del></span> <span class="inserted"><ins><em>by
getting</em></ins></span> apps <span
class="inserted"><ins><em>from</em></ins></span> the <span
class="removed"><del><strong>user has
+ installed.</strong></del></span> <span class="inserted"><ins><em>free
software
+ only</em></ins></span> <a <span
class="removed"><del><strong>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way</strong></del></span> <span
class="inserted"><ins><em>href="https://f-droid.org/">F-Droid
store</a></em></ins></span> that <span class="removed"><del><strong>at
least is visible and
optional</a>. Not as bad as what the others do.</p>
</li>
- <li><p>FTC says most mobile apps for children don't respect
privacy:
- <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
-
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+ <li><p>FTC says most mobile apps for children don't respect
privacy:</strong></del></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://f-droid.org/wiki/page/Antifeatures">
prominently warns
+ the user if an app contains
anti-features</a>.</p></em></ins></span>
</li>
- <li><p>Widely used <a
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
- QR-code scanner</strong></del></span> <span
class="inserted"><ins><em>evidence that proprietary</em></ins></span> apps
<span class="removed"><del><strong>snoop on the user</a>. This is in
addition</strong></del></span> <span class="inserted"><ins><em>generally work
against
- their users. To protect their privacy and freedom, Android users
- need</em></ins></span> to <span class="inserted"><ins><em>get rid
of</em></ins></span> the <span class="removed"><del><strong>snooping
done</strong></del></span> <span class="inserted"><ins><em>proprietary
software—both proprietary
- Android</em></ins></span> by <span class="removed"><del><strong>the phone
company,</strong></del></span> <span class="inserted"><ins><em><a
href="https://replicant.us">switching to
Replicant</a>,</em></ins></span>
- and <span class="removed"><del><strong>perhaps by the OS
in</strong></del></span> the
- <span class="removed"><del><strong>phone.</p>
-
- <p>Don't be distracted</strong></del></span> <span
class="inserted"><ins><em>proprietary apps</em></ins></span> by <span
class="inserted"><ins><em>getting apps from</em></ins></span> the <span
class="removed"><del><strong>question of whether</strong></del></span> <span
class="inserted"><ins><em>free software
- only <a href="https://f-droid.org/">F-Droid store</a> that
<a
- href="https://f-droid.org/wiki/page/Antifeatures"> prominently
warns</em></ins></span>
- the <span class="inserted"><ins><em>user if an</em></ins></span> app <span
class="removed"><del><strong>developers get
- users to say “I agree”. That is no excuse for
malware.</p></strong></del></span> <span
class="inserted"><ins><em>contains
anti-features</a>.</p></em></ins></span>
- </li>
-
- <span class="removed"><del><strong><li><p>The Brightest
Flashlight app</strong></del></span>
+ <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
<span class="inserted"><ins><em><li id="M201804020">
- <p>Grindr collects information about</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
- sends user data, including geolocation, for use by
companies.</a></p>
-
- <p>The FTC criticized this app because it
asked</strong></del></span>
+ <p>Grindr collects information about</em></ins></span> <a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
- which users are HIV-positive, then provides</em></ins></span> the <span
class="removed"><del><strong>user to
- approve sending personal data</strong></del></span> <span
class="inserted"><ins><em>information</em></ins></span> to <span
class="removed"><del><strong>the app developer but did</strong></del></span>
+ which users are HIV-positive, then provides</em></ins></span> the <span
class="removed"><del><strong>user</a>. This is in
addition</strong></del></span> <span
class="inserted"><ins><em>information</em></ins></span> to
+ <span class="removed"><del><strong>the snooping done by the phone
company, and perhaps by the OS in the
+ phone.</p>
+
+ <p>Don't</strong></del></span>
<span class="inserted"><ins><em>companies</a>.</p>
- <p>Grindr should</em></ins></span> not
- <span class="removed"><del><strong>ask</strong></del></span> <span
class="inserted"><ins><em>have so much information</em></ins></span> about
<span class="removed"><del><strong>sending it to other companies. This shows
the
- weakness of the reject-it-if-you-dislike-snooping
- “solution” to surveillance: why should a flashlight
- app send any information to anyone? A free software flashlight
+ <p>Grindr should not have so much information about its users.
+ It could</em></ins></span> be <span
class="removed"><del><strong>distracted by the question of whether the app
developers get</strong></del></span> <span class="inserted"><ins><em>designed
so that</em></ins></span> users <span class="inserted"><ins><em>communicate
such info</em></ins></span> to <span class="removed"><del><strong>say “I
agree”. That is no excuse for malware.</p></strong></del></span>
<span class="inserted"><ins><em>each
+ other but not to the server's database.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>The Brightest
Flashlight</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201803050">
+ <p>The moviepass</em></ins></span> app <span
class="inserted"><ins><em>and dis-service
+ spy on users even more than users expected. It</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel before and after going to a movie</a>.</p>
+
+ <p>Don't be tracked—pay cash!</p>
+ </li>
+
+ <li id="M201711240">
+ <p>Tracking software in popular Android apps
+ is pervasive and sometimes very clever. Some trackers can <a
+
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
+ follow a user's movements around a physical store</em></ins></span> by
<span
class="removed"><del><strong>companies.</a></p></strong></del></span>
<span class="inserted"><ins><em>noticing WiFi
+ networks</a>.</p>
+ </li>
+
+ <li id="M201708270"></em></ins></span>
+ <p>The <span class="removed"><del><strong>FTC criticized
this</strong></del></span> <span
class="inserted"><ins><em>Sarahah</em></ins></span> app <span
class="removed"><del><strong>because it asked</strong></del></span> <span
class="inserted"><ins><em><a
+
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers and email addresses</a> in user's address
+ book to developer's server. Note that this article
misuses</em></ins></span> the <span
class="removed"><del><strong>user</strong></del></span> <span
class="inserted"><ins><em>words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring</em></ins></span> to
+ <span class="removed"><del><strong>approve sending personal
data</strong></del></span> <span class="inserted"><ins><em>zero price.</p>
+ </li>
+
+ <li id="M201707270">
+ <p>20 dishonest Android apps recorded <a
+
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
+ calls and sent them and text messages and emails</em></ins></span> to
<span class="removed"><del><strong>the app developer but</strong></del></span>
<span class="inserted"><ins><em>snoopers</a>.</p>
+
+ <p>Google</em></ins></span> did not
+ <span class="removed"><del><strong>ask about
sending</strong></del></span> <span class="inserted"><ins><em>intend to make
these apps spy; on the contrary,</em></ins></span> it
+ <span class="inserted"><ins><em>worked in various ways</em></ins></span>
to <span class="removed"><del><strong>other companies. This
shows</strong></del></span> <span class="inserted"><ins><em>prevent that, and
deleted these apps after
+ discovering what they did. So we cannot blame Google specifically
+ for</em></ins></span> the
+ <span class="removed"><del><strong>weakness</strong></del></span> <span
class="inserted"><ins><em>snooping</em></ins></span> of <span
class="inserted"><ins><em>these apps.</p>
+
+ <p>On</em></ins></span> the <span
class="removed"><del><strong>reject-it-if-you-dislike-snooping
+ “solution” to surveillance: why should</strong></del></span>
<span class="inserted"><ins><em>other hand, Google redistributes nonfree
Android apps, and
+ therefore shares in the responsibility for the injustice of their being
+ nonfree. It also distributes its own nonfree apps, such as Google Play,
+ <a href="/philosophy/free-software-even-more-important.html">which
+ are malicious</a>.</p>
+
+ <p>Could Google have done</em></ins></span> a <span
class="removed"><del><strong>flashlight
+ app send any information</strong></del></span> <span
class="inserted"><ins><em>better job of preventing apps from
+ cheating? There is no systematic way for Google, or Android
users,</em></ins></span>
+ to <span class="removed"><del><strong>anyone? A free software flashlight
app would not.</p>
</li>
</ul>
@@ -1076,102 +1129,108 @@
</div>
<ul>
- <li><p>nVidia's proprietary GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes</strong></del></span>
<span class="inserted"><ins><em>its users.
- It could be designed so that</em></ins></span> users <span
class="removed"><del><strong>identify themselves and then sends personal data
about them</strong></del></span> <span class="inserted"><ins><em>communicate
such info</em></ins></span> to
- <span class="removed"><del><strong>nVidia
servers</a>.</p></strong></del></span> <span
class="inserted"><ins><em>each
- other but not to the server's database.</p></em></ins></span>
+ <li><p>nVidia's</strong></del></span> <span
class="inserted"><ins><em>inspect executable</em></ins></span> proprietary
<span class="removed"><del><strong>GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
+ users identify themselves and then sends personal data about
them</strong></del></span> <span
class="inserted"><ins><em>apps</em></ins></span> to
+ <span class="removed"><del><strong>nVidia servers</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Angry Birds
+ <li><p>Angry Birds
<a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies,</strong></del></span>
+ spies</strong></del></span> <span class="inserted"><ins><em>see what
they do.</p>
- <span class="inserted"><ins><em><li id="M201803050">
- <p>The moviepass app</em></ins></span> and <span
class="removed"><del><strong>the NSA takes advantage to</strong></del></span>
<span class="inserted"><ins><em>dis-service</em></ins></span>
- spy <span class="removed"><del><strong>through it too</a>.
- Here's information</strong></del></span> on
- <span class="removed"><del><strong><a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html"></strong></del></span>
<span class="inserted"><ins><em>users even</em></ins></span> more <span
class="removed"><del><strong>spyware apps</a>.</p>
+ <p>Google could demand the source code</em></ins></span> for <span
class="removed"><del><strong>companies,</strong></del></span> <span
class="inserted"><ins><em>these apps,</em></ins></span> and <span
class="inserted"><ins><em>study</em></ins></span>
+ the <span class="removed"><del><strong>NSA takes
advantage</strong></del></span> <span class="inserted"><ins><em>source code
somehow</em></ins></span> to <span class="removed"><del><strong>spy
through</strong></del></span> <span class="inserted"><ins><em>determine whether
they mistreat users in
+ various ways. If</em></ins></span> it <span
class="removed"><del><strong>too</a>.
+ Here's information on
+ <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html"></strong></del></span>
<span class="inserted"><ins><em>did a good job of this, it
could</em></ins></span> more <span class="removed"><del><strong>spyware
apps</a>.</p>
<p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
- More about NSA app spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>than users expected. It <a
-
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
- where they travel before and after going to a movie</a>.</p>
-
- <p>Don't be tracked—pay cash!</p></em></ins></span>
+ More about NSA</strong></del></span> <span class="inserted"><ins><em>or
less
+ prevent such snooping, except when the</em></ins></span> app <span
class="removed"><del><strong>spying</a>.</p>
</li>
-<span class="removed"><del><strong></ul>
+</ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Spyware</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201711240">
- <p>Tracking software</em></ins></span> in <span
class="removed"><del><strong>Toys</h4>
+ <h4 id="SpywareInToys">Spyware in Toys</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
<ul>
- <li><p>A company that makes internet-controlled
vibrators</strong></del></span> <span class="inserted"><ins><em>popular Android
apps
- is pervasive and sometimes very clever. Some trackers
can</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
- being sued for collecting lots of personal information about how
- people use it</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
- follow a user's movements around a physical store by noticing WiFi
- networks</a>.</p>
+ <li><p>A company</strong></del></span> <span
class="inserted"><ins><em>developers are clever
+ enough to outsmart the checking.</p>
+
+ <p>But since Google itself develops malicious apps, we cannot trust
+ Google to protect us. We must demand release of source code to the
+ public, so we can depend on each other.</p>
</li>
- <li id="M201708270"></em></ins></span>
- <p>The <span class="removed"><del><strong>company's
statement</strong></del></span> <span class="inserted"><ins><em>Sarahah app
<a
-
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
- uploads all phone numbers and email addresses</a> in user's address
- book to developer's server. Note</em></ins></span> that <span
class="removed"><del><strong>it anonymizes the data may be
- true, but it doesn't really matter. If it sells</strong></del></span>
<span class="inserted"><ins><em>this article misuses</em></ins></span> the
<span class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>words
- “<a href="/philosophy/free-sw.html">free
software</a>”
- referring</em></ins></span> to <span class="removed"><del><strong>a
- data broker, the data broker can figure out who the user
is.</p></strong></del></span> <span class="inserted"><ins><em>zero
price.</p></em></ins></span>
+ <li id="M201705230">
+ <p>Apps for BART <a
+
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
+ on users</a>.</p>
+
+ <p>With free software apps, users could <em>make
sure</em></em></ins></span> that <span class="removed"><del><strong>makes
internet-controlled vibrators</strong></del></span> <span
class="inserted"><ins><em>they
+ don't snoop.</p>
+
+ <p>With proprietary apps, one can only hope that they
don't.</p>
</li>
- <span class="removed"><del><strong><li><p>A computerized
- vibrator</strong></del></span>
+ <li id="M201705040">
+ <p>A study found 234 Android apps that track users
by</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
+ being sued for collecting</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or played by TV
+ programs</a>.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M201707270">
- <p>20 dishonest Android apps recorded</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">snoops</strong></del></span>
- <span
class="inserted"><ins><em>href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
- calls and sent them and text messages and emails to
snoopers</a>.</p>
+ <li id="M201704260">
+ <p>Faceapp appears to do</em></ins></span> lots of <span
class="removed"><del><strong>personal information about</strong></del></span>
<span class="inserted"><ins><em>surveillance, judging by <a
+
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"></em></ins></span>
+ how
+ <span class="removed"><del><strong>people use it</a>.</p>
+
+ <p>The company's statement that it anonymizes the data may be
+ true, but it doesn't really matter. If</strong></del></span> <span
class="inserted"><ins><em>much access</em></ins></span> it <span
class="removed"><del><strong>sells the data</strong></del></span> <span
class="inserted"><ins><em>demands</em></ins></span> to <span
class="removed"><del><strong>a
+ data broker, the</strong></del></span> <span
class="inserted"><ins><em>personal</em></ins></span> data <span
class="removed"><del><strong>broker can figure out who</strong></del></span>
<span class="inserted"><ins><em>in</em></ins></span> the <span
class="removed"><del><strong>user is.</p></strong></del></span> <span
class="inserted"><ins><em>device</a>.</p></em></ins></span>
+ </li>
- <p>Google did not intend to make these apps spy;</em></ins></span>
on <span class="removed"><del><strong>its users through</strong></del></span>
the <span class="removed"><del><strong>proprietary control
app</a>.</p>
+ <span class="removed"><del><strong><li><p>A computerized
+ vibrator</strong></del></span>
- <p>The app reports</strong></del></span> <span
class="inserted"><ins><em>contrary, it
- worked in various ways to prevent that, and deleted these apps after
- discovering what they did. So we cannot blame Google specifically
- for</em></ins></span> the <span
class="removed"><del><strong>temperature</strong></del></span> <span
class="inserted"><ins><em>snooping</em></ins></span> of <span
class="inserted"><ins><em>these apps.</p>
+ <span class="inserted"><ins><em><li id="M201704190">
+ <p>Users are suing Bose for</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">snoops
+ on</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing a spyware app for</em></ins></span> its <span
class="removed"><del><strong>users through</strong></del></span> <span
class="inserted"><ins><em>headphones</a>. Specifically,</em></ins></span>
+ the <span class="removed"><del><strong>proprietary control
app</a>.</p>
- <p>On</em></ins></span> the <span
class="removed"><del><strong>vibrator minute by
+ <p>The</strong></del></span> app <span
class="removed"><del><strong>reports</strong></del></span> <span
class="inserted"><ins><em>would record</em></ins></span> the <span
class="removed"><del><strong>temperature</strong></del></span> <span
class="inserted"><ins><em>names</em></ins></span> of the <span
class="removed"><del><strong>vibrator minute by
minute (thus, indirectly, whether it is surrounded by a person's
- body),</strong></del></span> <span class="inserted"><ins><em>other hand,
Google redistributes nonfree Android apps,</em></ins></span> and
- <span class="inserted"><ins><em>therefore shares in</em></ins></span> the
<span class="removed"><del><strong>vibration frequency.</p>
+ body), and</strong></del></span> <span class="inserted"><ins><em>audio
files users listen to
+ along with</em></ins></span> the <span
class="removed"><del><strong>vibration frequency.</p>
+
+ <p>Note</strong></del></span> <span
class="inserted"><ins><em>headphone's unique serial number.</p>
- <p>Note</strong></del></span> <span
class="inserted"><ins><em>responsibility for</em></ins></span> the <span
class="removed"><del><strong>totally inadequate proposed response: a labeling
- standard with which manufacturers would make statements
about</strong></del></span> <span class="inserted"><ins><em>injustice
of</em></ins></span> their <span class="removed"><del><strong>products, rather
than free software which users can check
+ <p>The suit accuses that this was done without</em></ins></span> the
<span class="removed"><del><strong>totally inadequate proposed response: a
labeling
+ standard with which manufacturers</strong></del></span> <span
class="inserted"><ins><em>users' consent.
+ If the fine print of the app said that users gave consent for
this,</em></ins></span>
+ would <span class="inserted"><ins><em>that</em></ins></span> make <span
class="removed"><del><strong>statements about
+ their products, rather than free software which users can check
and change.</p>
</li>
- <li><p>Barbie</strong></del></span> <span
class="inserted"><ins><em>being
- nonfree. It also distributes its own nonfree apps, such as Google
Play,</em></ins></span>
- <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span> <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
- are malicious</a>.</p>
-
- <p>Could Google have done a better job of preventing apps from
- cheating? There is no systematic way for Google, or Android
users,</em></ins></span>
- to <span class="removed"><del><strong>spy on children and
adults.</a>.</p>
+ <li><p>Barbie</strong></del></span> <span
class="inserted"><ins><em>it acceptable? No way! It should be flat
out</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html">
illegal</em></ins></span> to <span class="removed"><del><strong>spy on children
and adults.</a>.</p>
</li>
</ul>
<!-- #SpywareAtLowLevel -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>inspect executable proprietary apps</em></ins></span>
to <span class="removed"><del><strong>place new items on top under each
subsection -->
+<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>design
+ the app</em></ins></span> to <span class="removed"><del><strong>place new
items on top under each subsection -->
<div class="big-section">
- <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
+ <h3 id="SpywareAtLowLevel">Spyware</strong></del></span> <span
class="inserted"><ins><em>snoop</em></ins></span> at <span
class="removed"><del><strong>Low Level</h3>
<span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -1183,28 +1242,37 @@
</div>
<ul>
-<li><p>
-<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware</strong></del></span> <span
class="inserted"><ins><em>see what they do.</p>
-
- <p>Google could demand the source code for these
apps,</em></ins></span> and <span class="removed"><del><strong>spyware via
BIOS</a> on Windows installs.
-Note that</strong></del></span> <span
class="inserted"><ins><em>study</em></ins></span>
- the <span class="removed"><del><strong>specific sabotage method Lenovo
used</strong></del></span> <span class="inserted"><ins><em>source code somehow
to determine whether they mistreat users in
- various ways. If it</em></ins></span> did <span
class="removed"><del><strong>not affect
-GNU/Linux; also,</strong></del></span> a <span
class="removed"><del><strong>“clean” Windows install is not really
-clean</strong></del></span> <span class="inserted"><ins><em>good job of this,
it could more or less
- prevent such snooping, except when the app developers are clever
- enough to outsmart the checking.</p>
+<li><p></strong></del></span> <span
class="inserted"><ins><em>all</a>.</p>
+ </li>
- <p>But</em></ins></span> since <span
class="removed"><del><strong><a
href="/proprietary/malware-microsoft.html">Microsoft
+ <li id="M201704074">
+ <p>Pairs of Android apps can collude
+ to transmit users' personal data to servers.</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via
BIOS</a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
+ study found tens of thousands of pairs that collude</a>.</p>
+ </li>
+
+ <li id="M201703300">
+ <p>Verizon <a
+
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
+ announced an opt-in proprietary search app that it will</a>
pre-install</em></ins></span>
+ on <span class="removed"><del><strong>Windows installs.
+Note</strong></del></span> <span class="inserted"><ins><em>some of its phones.
The app will give Verizon the same information
+ about the users' searches</em></ins></span> that <span
class="inserted"><ins><em>Google normally gets when they use
+ its search engine.</p>
+
+ <p>Currently,</em></ins></span> the <span
class="removed"><del><strong>specific sabotage method Lenovo used did not affect
+GNU/Linux; also, a “clean” Windows install</strong></del></span>
<span class="inserted"><ins><em>app</em></ins></span> is <span
class="removed"><del><strong>not really
+clean since</strong></del></span> <a <span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
puts in its own malware</a>.
</p></li>
</ul>
<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>Google itself develops malicious apps, we cannot trust
- Google</em></ins></span> to <span class="removed"><del><strong>place new
items</strong></del></span> <span class="inserted"><ins><em>protect us. We must
demand release of source code to the
- public, so we can depend</em></ins></span> on <span
class="removed"><del><strong>top under</strong></del></span> each <span
class="removed"><del><strong>subsection -->
+<!-- WEBMASTERS: make sure to place new items</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
+ being pre-installed</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
<div class="big-section">
<h3 id="SpywareAtWork">Spyware at Work</h3>
@@ -1214,27 +1282,19 @@
<ul>
<li><p>Investigation
- Shows</strong></del></span> <span
class="inserted"><ins><em>other.</p>
- </li>
-
- <li id="M201705230">
- <p>Apps for BART</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
- <p>Specifically, it</strong></del></span>
- <span
class="inserted"><ins><em>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
- on users</a>.</p>
-
- <p>With free software apps, users could <em>make
sure</em> that they
- don't snoop.</p>
-
- <p>With proprietary apps, one</em></ins></span> can <span
class="removed"><del><strong>collect the emails of members of Parliament
- this way, because</strong></del></span> <span class="inserted"><ins><em>only
hope that</em></ins></span> they <span class="removed"><del><strong>pass it
through Microsoft.</p></li>
+ <p>Specifically, it can collect</strong></del></span> <span
class="inserted"><ins><em>only one phone</a>, and</em></ins></span> the
<span class="removed"><del><strong>emails of members</strong></del></span>
<span class="inserted"><ins><em>user must
+ explicitly opt-in before the app takes effect. However, the app
+ remains spyware—an “optional” piece</em></ins></span> of
<span class="removed"><del><strong>Parliament
+ this way, because they pass it through Microsoft.</p></li>
<li><p>Spyware in Cisco TNP IP phones:
<a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>don't.</p></em></ins></span>
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>spyware is
+ still spyware.</p></em></ins></span>
</li>
<span class="removed"><del><strong></ul>
@@ -1250,8 +1310,8 @@
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype</strong></del></span>
- <span class="inserted"><ins><em><li id="M201705040">
- <p>A study found 234 Android apps that track users
by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ <span class="inserted"><ins><em><li id="M201701210">
+ <p>The Meitu photo-editing app</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
specifically for spying</a>.</p>
</li>
</ul>
@@ -1260,8 +1320,8 @@
<!-- #SpywareOnTheRoad -->
<!-- WEBMASTERS: make sure</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening</em></ins></span>
- to <span class="removed"><del><strong>place new items on top under each
subsection -->
+ <span
class="inserted"><ins><em>href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+ user data</em></ins></span> to <span class="removed"><del><strong>place
new items on top under each subsection -->
<div class="big-section">
<h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
@@ -1270,65 +1330,57 @@
<div style="clear: left;"></div>
<div class="big-subsection">
- <h4 id="SpywareInCameras">Spyware</strong></del></span> <span
class="inserted"><ins><em>ultrasound from beacons placed</em></ins></span> in
<span class="removed"><del><strong>Cameras</h4>
+ <h4 id="SpywareInCameras">Spyware in Cameras</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
<ul>
- <li>
- <p>The Nest Cam “smart” camera is</strong></del></span>
<span class="inserted"><ins><em>stores or played by TV
- programs</a>.</p>
+ <li></strong></del></span> <span class="inserted"><ins><em>a Chinese
company</a>.</p>
</li>
- <li id="M201704260">
- <p>Faceapp appears to do lots of surveillance, judging
by</em></ins></span> <a
+ <li id="M201611280"></em></ins></span>
+ <p>The <span class="removed"><del><strong>Nest Cam
“smart” camera is</strong></del></span> <span
class="inserted"><ins><em>Uber app tracks</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always
- watching</a>, even when the “owner” switches it
“off.”</p>
- <p>A “smart” device means the manufacturer is
using</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access</em></ins></span> it <span
class="inserted"><ins><em>demands</em></ins></span> to <span
class="removed"><del><strong>outsmart
- you.</p>
+ watching</a>, even when</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after</em></ins></span> the <span
class="removed"><del><strong>“owner” switches it
“off.”</p>
+ <p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>ride</a>.</p>
+
+ <p>This example illustrates how “getting</em></ins></span> the
<span class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>user's
+ consent” for surveillance</em></ins></span> is <span
class="removed"><del><strong>using it to outsmart
+ you.</p></strong></del></span> <span
class="inserted"><ins><em>inadequate as a protection against
+ massive surveillance.</p></em></ins></span>
</li>
-</ul>
+<span class="removed"><del><strong></ul>
<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">Spyware</strong></del></span>
<span class="inserted"><ins><em>personal data</em></ins></span> in <span
class="removed"><del><strong>e-Readers</h4>
+ <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>
<ul>
<li><p>E-books can contain Javascript code,
- and</strong></del></span> <span class="inserted"><ins><em>the
device</a>.</p>
+ and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code snoops on readers</a>.</p>
</li>
- <li id="M201704190">
- <p>Users are suing Bose for</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
- distributing a spyware app for its headphones</a>. Specifically,
- the app would record the names of the audio files users listen to
- along with the headphone's unique serial number.</p>
-
- <p>The suit accuses that</em></ins></span> this <span
class="removed"><del><strong>code snoops on readers</a>.</p>
- </li>
+ <li><p>Spyware in many e-readers—not only the
+ Kindle:</strong></del></span>
- <li><p>Spyware in many e-readers—not
only</strong></del></span> <span class="inserted"><ins><em>was done
without</em></ins></span> the
- <span class="removed"><del><strong>Kindle:</strong></del></span> <span
class="inserted"><ins><em>users' consent.
- If the fine print of the app said that users gave consent for this,
- would that make it acceptable? No way! It should be flat
out</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.eff.org/pages/reader-privacy-chart-2012">
+ <span class="inserted"><ins><em><li id="M201611160">
+ <p>A</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.eff.org/pages/reader-privacy-chart-2012">
they report even which page</strong></del></span>
- <span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html">
illegal to design</em></ins></span>
- the <span class="removed"><del><strong>user reads</strong></del></span>
<span class="inserted"><ins><em>app to snoop</em></ins></span> at <span
class="removed"><del><strong>what
time</a>.</p></strong></del></span> <span
class="inserted"><ins><em>all</a>.</p></em></ins></span>
+ <span
class="inserted"><ins><em>href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated</em></ins></span> the <span
class="removed"><del><strong>user reads at what time</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Adobe made
“Digital Editions,” the e-reader used
- by most US libraries,
+ <li><p>Adobe made “Digital
Editions,”</strong></del></span> <span class="inserted"><ins><em>privacy
and security of
+ 283 Android VPN apps concluded that “in spite of</em></ins></span>
the <span class="removed"><del><strong>e-reader used</strong></del></span>
<span class="inserted"><ins><em>promises
+ for privacy, security, and anonymity given</em></ins></span> by <span
class="removed"><del><strong>most US libraries,
<a
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
- send lots</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201704074">
- <p>Pairs</em></ins></span> of <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>Android apps can collude</em></ins></span>
- to <span class="removed"><del><strong>Adobe</a>. Adobe's
“excuse”: it's
- needed</strong></del></span> <span class="inserted"><ins><em>transmit
users' personal data</em></ins></span> to <span
class="removed"><del><strong>check DRM!</p>
+ send lots</strong></del></span> <span class="inserted"><ins><em>the
majority</em></ins></span> of <span class="removed"><del><strong>data to
Adobe</a>. Adobe's “excuse”: it's
+ needed</strong></del></span> <span class="inserted"><ins><em>VPN
+ apps—millions of users may be unawarely subject</em></ins></span> to
<span class="removed"><del><strong>check DRM!</p>
</li>
</ul>
@@ -1338,114 +1390,74 @@
</div>
<ul>
-<li><p>Computerized cars with nonfree software
are</strong></del></span> <span
class="inserted"><ins><em>servers.</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
- snooping devices</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
- study found tens of thousands of pairs that
collude</a>.</p></em></ins></span>
+<li><p>Computerized cars with nonfree software are
+ <a
href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
+ snooping devices</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>The Nissan Leaf has a
built-in cell phone modem which allows
- effectively
- anyone</strong></del></span>
+ <li><p>The Nissan Leaf has</strong></del></span> <span
class="inserted"><ins><em>poor security
+ guarantees and abusive practices inflicted by VPN apps.”</p>
- <span class="inserted"><ins><em><li id="M201703300">
- <p>Verizon</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
- access</strong></del></span>
- <span
class="inserted"><ins><em>href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
- announced an opt-in proprietary search app that it will</a>
pre-install
- on some of</em></ins></span> its <span
class="removed"><del><strong>computers remotely and make changes in various
+ <p>Following is</em></ins></span> a <span
class="removed"><del><strong>built-in cell phone modem which allows
+ effectively
+ anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely</strong></del></span> <span
class="inserted"><ins><em>non-exhaustive list, taken from the research paper,
+ of some proprietary VPN apps that track users</em></ins></span> and <span
class="removed"><del><strong>make changes in various
settings</a>.</p>
- <p>That's easy to do because</strong></del></span> <span
class="inserted"><ins><em>phones. The app will give Verizon</em></ins></span>
the <span class="removed"><del><strong>system has no authentication when
- accessed through</strong></del></span> <span
class="inserted"><ins><em>same information
- about</em></ins></span> the <span class="removed"><del><strong>modem.
However, even if it asked for
- authentication, you couldn't be confident</strong></del></span> <span
class="inserted"><ins><em>users' searches</em></ins></span> that <span
class="removed"><del><strong>Nissan has no
- access. The software in</strong></del></span> <span
class="inserted"><ins><em>Google normally gets when they use
- its search engine.</p>
-
- <p>Currently,</em></ins></span> the <span
class="removed"><del><strong>car</strong></del></span> <span
class="inserted"><ins><em>app</em></ins></span> is
- <span class="removed"><del><strong>proprietary,</strong></del></span>
<a <span
class="removed"><del><strong>href="/philosophy/free-software-even-more-important.html">which
- means it demands blind faith from its users</a>.</p>
-
- <p>Even if no</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
- being pre-installed on only</em></ins></span> one <span
class="removed"><del><strong>connects to the car remotely, the cell phone
- modem enables</strong></del></span> <span
class="inserted"><ins><em>phone</a>, and</em></ins></span> the <span
class="removed"><del><strong>phone company to track</strong></del></span> <span
class="inserted"><ins><em>user must
- explicitly opt-in before</em></ins></span> the <span
class="removed"><del><strong>car's movements all</strong></del></span> <span
class="inserted"><ins><em>app takes effect. However,</em></ins></span> the
<span class="removed"><del><strong>time; it</strong></del></span> <span
class="inserted"><ins><em>app
- remains spyware—an “optional” piece of
spyware</em></ins></span> is <span class="removed"><del><strong>possible to
physically remove the cell phone modem
- though.</p></strong></del></span>
- <span class="inserted"><ins><em>still spyware.</p></em></ins></span>
- </li>
-
- <span class="removed"><del><strong><li><p>Proprietary software
in cars</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201701210">
- <p>The Meitu photo-editing app</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
- which is made available</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user data</em></ins></span> to <span class="removed"><del><strong>car
manufacturers, insurance companies, and
- others.</p></strong></del></span> <span
class="inserted"><ins><em>a Chinese company</a>.</p>
- </li>
-
- <li id="M201611280"></em></ins></span>
- <p>The <span class="removed"><del><strong>case of toll-collection
systems, mentioned in this article,</strong></del></span> <span
class="inserted"><ins><em>Uber app tracks <a
-
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after the ride</a>.</p>
-
- <p>This example illustrates how “getting the user's
- consent” for surveillance</em></ins></span> is <span
class="removed"><del><strong>not
- really</strong></del></span> <span class="inserted"><ins><em>inadequate
as</em></ins></span> a <span
class="removed"><del><strong>matter</strong></del></span> <span
class="inserted"><ins><em>protection against
- massive surveillance.</p>
- </li>
-
- <li id="M201611160">
- <p>A <a
-
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
- research paper</a> that investigated the privacy and
security</em></ins></span> of <span class="removed"><del><strong>proprietary
surveillance. These systems are an
- intolerable invasion</strong></del></span>
- <span class="inserted"><ins><em>283 Android VPN apps concluded that
“in spite</em></ins></span> of <span class="inserted"><ins><em>the
promises
- for</em></ins></span> privacy, <span
class="inserted"><ins><em>security,</em></ins></span> and <span
class="removed"><del><strong>should be replaced with anonymous
- payment systems, but the invasion isn't done by malware. The other
- cases mentioned are done</strong></del></span> <span
class="inserted"><ins><em>anonymity given</em></ins></span> by <span
class="removed"><del><strong>proprietary malware in</strong></del></span> the
<span class="removed"><del><strong>car.</p></li>
-
- <li><p>Tesla cars allow the company</strong></del></span> <span
class="inserted"><ins><em>majority of VPN
- apps—millions of users may be unawarely subject</em></ins></span> to
<span class="removed"><del><strong>extract data remotely</strong></del></span>
<span class="inserted"><ins><em>poor security
- guarantees</em></ins></span> and
- <span class="removed"><del><strong>determine</strong></del></span> <span
class="inserted"><ins><em>abusive practices inflicted by VPN
apps.”</p>
-
- <p>Following is a non-exhaustive list of proprietary VPN apps
from</em></ins></span>
- the <span class="removed"><del><strong>car's</strong></del></span> <span
class="inserted"><ins><em>research paper that tracks and infringes the privacy
of users:</p>
+ <p>That's easy</strong></del></span> <span
class="inserted"><ins><em>infringe their
+ privacy:</p>
<dl>
<dt>SurfEasy</dt>
<dd>Includes tracking libraries such as NativeX and Appflood,
- meant to track users and show them targeted ads.</dd>
+ meant</em></ins></span> to <span class="removed"><del><strong>do because
the system has no authentication when
+ accessed through the modem. However, even if</strong></del></span> <span
class="inserted"><ins><em>track users and show them targeted ads.</dd>
<dt>sFly Network Booster</dt>
<dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
- permissions upon installation, meaning it has full access to users'
+ permissions upon installation, meaning</em></ins></span> it <span
class="removed"><del><strong>asked for
+ authentication, you couldn't be confident that
Nissan</strong></del></span> has <span class="removed"><del><strong>no
+ access. The software in</strong></del></span> <span
class="inserted"><ins><em>full access to users'
text messages.</dd>
<dt>DroidVPN and TigerVPN</dt>
- <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ <dd>Requests</em></ins></span> the <span
class="removed"><del><strong>car is
+ proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+ means</strong></del></span> <span
class="inserted"><ins><em><code>READ_LOGS</code> permission to read
logs
for other apps and also core system logs. TigerVPN developers have
confirmed this.</dd>
<dt>HideMyAss</dt>
- <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
- may turn them over to the UK government if requested.</dd>
+ <dd>Sends traffic to LinkedIn. Also,</em></ins></span> it <span
class="removed"><del><strong>demands blind faith from its
users</a>.</p>
+
+ <p>Even if no one connects</strong></del></span> <span
class="inserted"><ins><em>stores detailed logs and
+ may turn them over</em></ins></span> to the <span
class="removed"><del><strong>car remotely, the cell phone
+ modem enables</strong></del></span> <span class="inserted"><ins><em>UK
government if requested.</dd>
<dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into the HTML pages returned to the
- users. The stated purpose of the JS injection is to display ads. Uses
- roughly five tracking libraries. Also, it redirects the user's
+ <dd>Injects JavaScript code into</em></ins></span> the <span
class="removed"><del><strong>phone company</strong></del></span> <span
class="inserted"><ins><em>HTML pages returned</em></ins></span> to <span
class="removed"><del><strong>track</strong></del></span> the <span
class="removed"><del><strong>car's movements all</strong></del></span>
+ <span class="inserted"><ins><em>users. The stated purpose
of</em></ins></span> the <span class="removed"><del><strong>time;
it</strong></del></span> <span class="inserted"><ins><em>JS
injection</em></ins></span> is <span
class="removed"><del><strong>possible</strong></del></span> to <span
class="removed"><del><strong>physically remove</strong></del></span> <span
class="inserted"><ins><em>display ads. Uses
+ roughly five tracking libraries. Also, it redirects</em></ins></span>
the <span class="removed"><del><strong>cell phone modem
+ though.</p>
+ </li>
+
+ <li><p>Proprietary software in cars
+ <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
+ which is made available to car manufacturers, insurance
companies,</strong></del></span> <span class="inserted"><ins><em>user's
traffic through valueclick.com (an advertising website).</dd>
<dt>WiFi Protector VPN</dt>
- <dd>Injects JavaScript code into HTML pages, and also uses roughly
- five tracking libraries. Developers of this app have confirmed that
- the non-premium version of the app does JavaScript injection for
- tracking and display ads.</dd>
+ <dd>Injects JavaScript code into HTML pages,</em></ins></span> and
+ <span class="removed"><del><strong>others.</p>
+
+ <p>The case</strong></del></span> <span
class="inserted"><ins><em>also uses roughly
+ five tracking libraries. Developers</em></ins></span> of <span
class="removed"><del><strong>toll-collection systems, mentioned
in</strong></del></span> this <span class="removed"><del><strong>article, is not
+ really a matter of proprietary surveillance. These systems are an
+ intolerable invasion</strong></del></span> <span
class="inserted"><ins><em>app have confirmed that
+ the non-premium version</em></ins></span> of <span
class="removed"><del><strong>privacy,</strong></del></span> <span
class="inserted"><ins><em>the app does JavaScript injection for
+ tracking the user</em></ins></span> and <span
class="removed"><del><strong>should be replaced with anonymous
+ payment systems, but</strong></del></span> <span
class="inserted"><ins><em>displaying ads.</dd>
</dl>
</li>
@@ -1459,16 +1471,23 @@
<p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
- and suggests you to share the picture you take according to who is
- in the frame.</p>
+ and suggests you to share</em></ins></span> the <span
class="removed"><del><strong>invasion isn't done by malware. The other
+ cases mentioned are done by proprietary malware</strong></del></span>
<span class="inserted"><ins><em>picture you take according to who
is</em></ins></span>
+ in the <span class="removed"><del><strong>car.</p></li>
+
+ <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>frame.</p>
<p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures are likely to be
- sent across the wire to Facebook's servers and face-recognition
+ known-faces database, which means</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>pictures are likely</em></ins></span> to <span
class="removed"><del><strong>extract data remotely and
+ determine</strong></del></span> <span class="inserted"><ins><em>be
+ sent across</em></ins></span> the <span class="removed"><del><strong>car's
location at any time. (See
+ <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b</strong></del></span> <span
class="inserted"><ins><em>wire to Facebook's servers</em></ins></span> and
<span class="removed"><del><strong>c.</a>). The company says it doesn't
+ store this information, but</strong></del></span> <span
class="inserted"><ins><em>face-recognition
algorithms.</p>
<p>If so, none of Facebook users' pictures are private anymore,
- even if the user didn't “upload” them to the service.</p>
+ even</em></ins></span> if the <span class="removed"><del><strong>state
orders it</strong></del></span> <span class="inserted"><ins><em>user didn't
“upload” them</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> the <span
class="inserted"><ins><em>service.</p>
</li>
<li id="M201605310">
@@ -1482,38 +1501,82 @@
<li id="M201604250">
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
- spy on many sorts of data in the phone, and in server accounts,
- it can alter them too</a>.</p>
+ spy on many sorts of</em></ins></span> data <span
class="inserted"><ins><em>in the phone,</em></ins></span> and <span
class="removed"><del><strong>hand</strong></del></span> <span
class="inserted"><ins><em>in server accounts,</em></ins></span>
+ it <span class="removed"><del><strong>over, the
state</strong></del></span> can <span class="removed"><del><strong>store
it.</p></strong></del></span> <span class="inserted"><ins><em>alter them
too</a>.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+<!-- #SpywareAtHome -->
+<!-- WEBMASTERS: make sure to place new items</strong></del></span>
- <li id="M201601130">
+ <span class="inserted"><ins><em><li id="M201601130">
<p>Apps that include <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
- Symphony surveillance software snoop on what radio and TV programs
- are playing nearby</a>. Also on what users post on various sites
- such as Facebook, Google+ and Twitter.</p>
+ Symphony surveillance software snoop</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareAtHome">Spyware at Home</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed to spy</strong></del></span> <span
class="inserted"><ins><em>what radio and TV programs
+ are playing nearby</a>. Also</em></ins></span> on <span
class="removed"><del><strong>their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>what users post on various sites
+ such as Facebook, Google+ and Twitter.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTVSets">Spyware in TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+</div>
- <li id="M201511190">
+<p>Emo Phillips made a joke: The other day a woman came
up</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511190">
<p>“Cryptic communication,”
- unrelated to the app's functionality, was <a
-
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found in the 500 most popular gratis Android apps</a>.</p>
+ unrelated</em></ins></span> to <span class="removed"><del><strong>me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out</strong></del></span> the <span
class="removed"><del><strong>other way.” Evidently
that</strong></del></span> <span class="inserted"><ins><em>app's
functionality,</em></ins></span> was
+<span class="removed"><del><strong>before Amazon “smart”
TVs.</p>
- <p>The article should not have described these apps as
- “free”—they are not free software. The clear way
- to say “zero price” is “gratis.”</p>
+<ul>
+ <li><p>More or less all “smart”
TVs</strong></del></span> <a <span class="removed"><del><strong>href="
+
http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their users</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android
apps</a>.</p></em></ins></span>
- <p>The article takes for granted that the usual analytics tools are
- legitimate, but is that valid? Software developers have no right to
- analyze what users are doing or how. “Analytics” tools
- that snoop are just as wrong as any other snooping.</p>
- </li>
+ <p>The <span class="removed"><del><strong>report
was</strong></del></span> <span class="inserted"><ins><em>article should not
have described these apps</em></ins></span> as <span
class="removed"><del><strong>of 2014, but we don't expect this has got
better.</p>
- <li id="M201510300">
- <p>More than 73% and 47% of mobile applications, from Android and iOS
+ <p>This shows that laws requiring products to get users' formal
+ consent before collecting personal data</strong></del></span>
+ <span
class="inserted"><ins><em>“free”—they</em></ins></span> are
<span class="removed"><del><strong>totally inadequate.
+ And what happens if a user declines consent? Probably the TV
+ will say, “Without your consent to tracking, the TV
will</strong></del></span> not <span
class="removed"><del><strong>work.”</p>
+
+ <p>Proper laws would</strong></del></span> <span
class="inserted"><ins><em>free software. The clear way
+ to</em></ins></span> say <span class="inserted"><ins><em>“zero
price” is “gratis.”</p>
+
+ <p>The article takes for granted</em></ins></span> that <span
class="removed"><del><strong>TVs</strong></del></span> <span
class="inserted"><ins><em>the usual analytics tools</em></ins></span> are <span
class="removed"><del><strong>not allowed</strong></del></span>
+ <span class="inserted"><ins><em>legitimate, but is that valid? Software
developers have no right</em></ins></span> to <span
class="removed"><del><strong>report</strong></del></span>
+ <span class="inserted"><ins><em>analyze</em></ins></span> what
+ <span class="removed"><del><strong>the user watches — no
exceptions!</p></strong></del></span> <span
class="inserted"><ins><em>users are doing or how. “Analytics” tools
+ that snoop are just as wrong as any other
snooping.</p></em></ins></span>
+ </li>
+ <span class="removed"><del><strong><li><p>Vizio goes a step
further</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510300">
+ <p>More</em></ins></span> than <span
class="removed"><del><strong>other TV manufacturers in spying on
+ their users: their <a
href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in
detail</strong></del></span> <span
class="inserted"><ins><em>73%</em></ins></span> and
+ <span class="removed"><del><strong>link them your IP address</a>
so that advertisers</strong></del></span> <span class="inserted"><ins><em>47%
of mobile applications, from Android and iOS
respectively <a href="https://techscience.org/a/2015103001/">share
- personal, behavioral and</em></ins></span> location <span
class="inserted"><ins><em>information</a> of their users with
+ personal, behavioral and location information</a> of their users with
third parties.</p>
</li>
@@ -1571,7 +1634,7 @@
<p>Many proprietary apps for mobile devices
report which other apps the user has installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that</em></ins></span> at <span
class="inserted"><ins><em>least is visible and optional</a>. Not
+ is doing this in a way that at least is visible and optional</a>. Not
as bad as what the others do.</p>
</li>
@@ -1616,6 +1679,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT skype -->
<li id="M201307110">
<p>Skype contains <a
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
@@ -1632,6 +1696,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT games -->
<li id="M201806240">
<p>Red Shell is a spyware that
is found in many proprietary games. It <a
@@ -1720,6 +1785,7 @@
<div style="clear: left;"></div>
<ul class="blurbs">
+<!-- INSERT stings -->
<li id="M201708280">
<p>The bad security in many Internet of Stings devices allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
@@ -1744,6 +1810,7 @@
before Amazon “smart” TVs.</p>
<ul class="blurbs">
+<!-- INSERT tvsets -->
<li id="M201804010">
<p>Some “Smart” TVs automatically <a
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
@@ -1793,7 +1860,10 @@
to the 600 millions social media profiles the company
already monitors. Tivo customers are unaware they're
being watched by advertisers. By combining TV viewing
- information with online social media participation, Tivo can now <a
+ information with online social media participation, Tivo</em></ins></span>
can <span class="removed"><del><strong>track you
+ across devices.</p>
+
+ <p>It</strong></del></span> <span class="inserted"><ins><em>now
<a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
correlate TV advertisement with online purchases</a>, exposing all
users to new combined surveillance by default.</p>
@@ -1826,7 +1896,7 @@
Nuance can save it and would then have to give it to the US or some
other government.</p>
- <p>Speech recognition is not to be trusted unless it is done by free
+ <p>Speech recognition</em></ins></span> is <span
class="removed"><del><strong>possible</strong></del></span> <span
class="inserted"><ins><em>not to be trusted unless it is done by free
software in your own computer.</p>
<p>In its privacy policy, Samsung explicitly confirms that <a
@@ -1862,7 +1932,7 @@
<li id="M201405200">
<p>Spyware in LG “smart” TVs <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what the user watches, and the switch to turn this off has
+ reports what the user watches, and the switch</em></ins></span> to turn
this <span class="removed"><del><strong>off,</strong></del></span> <span
class="inserted"><ins><em>off has
no effect</a>. (The fact that the transmission reports a 404 error
really means nothing; the server could save that data anyway.)</p>
@@ -1870,8 +1940,8 @@
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
snoops on other devices on the user's local network</a>.</p>
- <p>LG later said it had installed a patch to stop this,
but</em></ins></span> any <span class="removed"><del><strong>time.
(See</strong></del></span>
- <span class="inserted"><ins><em>product could spy this way.</p>
+ <p>LG later said it had installed a patch to stop
this,</em></ins></span> but <span
class="removed"><del><strong>having</strong></del></span> <span
class="inserted"><ins><em>any
+ product could spy this way.</p>
<p>Meanwhile, LG TVs <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
@@ -1893,6 +1963,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT cameras -->
<li id="M201710040">
<p>Every “home security” camera, if its
manufacturer can communicate with it, is a surveillance device. <a
@@ -1916,148 +1987,109 @@
</li>
<li id="M201511250">
- <p>The Nest Cam “smart” camera is</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b and c.</a>). The company says it doesn't
- store this information, but if</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
- even when</em></ins></span> the <span class="removed"><del><strong>state
orders</strong></del></span> <span
class="inserted"><ins><em>“owner” switches</em></ins></span> it
<span class="removed"><del><strong>to get</strong></del></span> <span
class="inserted"><ins><em>“off.”</p>
+ <p>The Nest Cam “smart” camera is <a
+ href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
+ even when the “owner” switches it “off.”</p>
- <p>A “smart” device means</em></ins></span> the <span
class="removed"><del><strong>data
- and hand</strong></del></span> <span
class="inserted"><ins><em>manufacturer is using</em></ins></span> it <span
class="removed"><del><strong>over, the state can store it.</p>
- </li>
-</ul>
-
-
-<!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
-
-<div class="big-section">
- <h3 id="SpywareAtHome">Spyware at Home</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<ul>
- <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed</strong></del></span>
- to <span class="removed"><del><strong>spy on their
renters</a>.</p></strong></del></span> <span
class="inserted"><ins><em>outsmart you.</p></em></ins></span>
+ <p>A “smart” device means the manufacturer is using it
+ to outsmart you.</p>
</li>
</ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInTVSets">Spyware in
TV Sets</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
+ <h4 id="SpywareInToys">Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
-<span class="removed"><del><strong><p>Emo Phillips
made</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
+<ul class="blurbs">
+<!-- INSERT toys -->
<li id="M201711244">
- <p>The Furby Connect has</em></ins></span> a <span
class="removed"><del><strong>joke: The other day</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
- universal back door</a>. If the product as shipped doesn't act
as</em></ins></span> a <span class="removed"><del><strong>woman came
up</strong></del></span>
- <span class="inserted"><ins><em>listening device, remote
changes</em></ins></span> to <span class="removed"><del><strong>me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out</strong></del></span> the <span
class="removed"><del><strong>other way.” Evidently
that</strong></del></span> <span class="inserted"><ins><em>code could surely
convert it
+ universal back door</a>. If the product as shipped doesn't act as a
+ listening device, remote changes to the code could surely convert it
into one.</p>
</li>
<li id="M201711100">
- <p>A remote-control sex toy</em></ins></span> was
-<span class="removed"><del><strong>before Amazon “smart”
TVs.</p>
-
-<ul>
- <li><p>More or less all “smart”
TVs</strong></del></span> <span class="inserted"><ins><em>found to
make</em></ins></span> <a <span class="removed"><del><strong>href="
-
http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of the conversation between two</em></ins></span>
users</a>.</p>
- <span class="inserted"><ins><em></li>
+ <p>A remote-control sex toy was found to make <a
+
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of the conversation between two users</a>.</p>
+ </li>
<li id="M201703140">
<p>A computerized vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the proprietary control
app</a>.</p></em></ins></span>
+ was snooping on its users through the proprietary control
app</a>.</p>
- <p>The <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>app</em></ins></span> was <span
class="removed"><del><strong>as</strong></del></span> <span
class="inserted"><ins><em>reporting the temperature</em></ins></span> of <span
class="removed"><del><strong>2014, but we don't expect this has got
better.</p>
+ <p>The app was reporting the temperature of the vibrator minute by
+ minute (thus, indirectly, whether</em></ins></span> it <span
class="removed"><del><strong>enabled</strong></del></span> <span
class="inserted"><ins><em>was surrounded</em></ins></span> by <span
class="removed"><del><strong>default
+ is an injustice already.</p>
+ </li>
- <p>This shows</strong></del></span> <span
class="inserted"><ins><em>the vibrator minute by
- minute (thus, indirectly, whether it was surrounded by a person's
+ <li><p>Tivo's alliance</strong></del></span> <span
class="inserted"><ins><em>a person's
body), as well as the vibration frequency.</p>
<p>Note the totally inadequate proposed response: a labeling
- standard with which manufacturers would make statements about their
+ standard</em></ins></span> with <span class="removed"><del><strong>Viacom
adds 2.3 million households</strong></del></span> <span
class="inserted"><ins><em>which manufacturers would make statements about their
products, rather than free software which users could have checked
and changed.</p>
- <p>The company</em></ins></span> that <span
class="removed"><del><strong>laws requiring products to get users' formal
- consent before</strong></del></span> <span
class="inserted"><ins><em>made the vibrator <a
+ <p>The company that made the vibrator <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for</em></ins></span> collecting <span
class="inserted"><ins><em>lots of</em></ins></span> personal <span
class="inserted"><ins><em>information about how people
+ was sued for collecting lots of personal information about how people
used it</a>.</p>
- <p>The company's statement that it was anonymizing
the</em></ins></span> data <span class="removed"><del><strong>are totally
inadequate.
- And what happens if a user declines consent?
Probably</strong></del></span> <span class="inserted"><ins><em>may be
- true, but it doesn't really matter. If it had sold</em></ins></span> the
<span class="removed"><del><strong>TV
- will say, “Without your consent</strong></del></span> <span
class="inserted"><ins><em>data</em></ins></span> to <span
class="removed"><del><strong>tracking,</strong></del></span> <span
class="inserted"><ins><em>a data
- broker,</em></ins></span> the <span class="removed"><del><strong>TV will
- not work.”</p>
-
- <p>Proper laws</strong></del></span> <span
class="inserted"><ins><em>data broker</em></ins></span> would <span
class="removed"><del><strong>say that TVs are not allowed</strong></del></span>
<span class="inserted"><ins><em>have been able</em></ins></span> to <span
class="removed"><del><strong>report what</strong></del></span> <span
class="inserted"><ins><em>figure out who</em></ins></span> the
- user <span class="removed"><del><strong>watches — no
exceptions!</p>
- </li>
- <li><p>Vizio goes</strong></del></span> <span
class="inserted"><ins><em>was.</p>
+ <p>The company's statement that it was anonymizing the data may be
+ true, but it doesn't really matter. If it had sold the
data</em></ins></span> to <span class="inserted"><ins><em>a data
+ broker,</em></ins></span> the <span class="removed"><del><strong>600
millions social media profiles</strong></del></span> <span
class="inserted"><ins><em>data broker would have been able to figure out who the
+ user was.</p>
<p>Following this lawsuit, <a
-
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay</em></ins></span> a <span
class="removed"><del><strong>step further than other TV manufacturers in spying
on
- their users: their</strong></del></span> <span
class="inserted"><ins><em>total of C$4m</a> to its
+
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></em></ins></span>
+ the company <span class="removed"><del><strong>already
+ monitors. Tivo customers are unaware they're being watched by
+ advertisers. By combining TV viewing information</strong></del></span>
<span class="inserted"><ins><em>has been ordered to pay a total of
C$4m</a> to its
customers.</p>
</li>
<li id="M201702280">
- <p>“CloudPets” toys with microphones</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in
detail</strong></del></span>
+ <p>“CloudPets” toys</em></ins></span> with <span
class="removed"><del><strong>online
+ social media participation, Tivo can now</strong></del></span> <span
class="inserted"><ins><em>microphones</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all
users</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations to the manufacturer</a>. Guess what?
<a
+ leak childrens' conversations</em></ins></span> to
+ <span class="removed"><del><strong>new combined
surveillance</strong></del></span> <span class="inserted"><ins><em>the
manufacturer</a>. Guess what? <a
href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way to access the data</a> collected by the
+ Crackers found a way to access the data</a>
collected</em></ins></span> by <span
class="removed"><del><strong>default.</p></li>
+ <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>the
manufacturer's snooping.</p>
- <p>That the manufacturer</em></ins></span> and
- <span class="removed"><del><strong>link them your IP address</a>
so that advertisers can track you
- across devices.</p>
-
- <p>It is possible</strong></del></span> <span
class="inserted"><ins><em>the FBI could listen</em></ins></span> to <span
class="removed"><del><strong>turn this off, but having it
enabled</strong></del></span> <span class="inserted"><ins><em>these
- conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>default
- is an injustice already.</p></strong></del></span> <span
class="inserted"><ins><em>itself.</p></em></ins></span>
+ <p>That the manufacturer</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>the FBI could
listen</em></ins></span> to <span class="removed"><del><strong>be
+ picked up</strong></del></span> <span class="inserted"><ins><em>these
+ conversations was unacceptable</em></ins></span> by <span
class="removed"><del><strong>proprietary malware running on other devices in
+ range so as</strong></del></span> <span
class="inserted"><ins><em>itself.</p>
</li>
- <span class="removed"><del><strong><li><p>Tivo's alliance with
Viacom adds 2.3 million households</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201612060">
+ <li id="M201612060">
<p>The “smart” toys My Friend Cayla and i-Que transmit
<a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
- conversations</em></ins></span> to <span class="inserted"><ins><em>Nuance
Communications</a>, a speech recognition
- company based in</em></ins></span> the <span
class="removed"><del><strong>600 millions social media
profiles</strong></del></span> <span class="inserted"><ins><em>U.S.</p>
-
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control</em></ins></span> the <span
class="removed"><del><strong>company already
- monitors. Tivo customers are unaware they're being watched by
- advertisers. By combining TV viewing information</strong></del></span>
<span class="inserted"><ins><em>toys</em></ins></span> with <span
class="removed"><del><strong>online
- social media participation, Tivo can now</strong></del></span> <span
class="inserted"><ins><em>a mobile phone. This would enable
+ conversations</em></ins></span> to <span
class="removed"><del><strong>determine that they are nearby. Once your
+ Internet devices are paired with your TV,
advertisers</strong></del></span> <span class="inserted"><ins><em>Nuance
Communications</a>, a speech recognition
+ company based in the U.S.</p>
+
+ <p>Those toys also contain major security vulnerabilities;
crackers</em></ins></span>
+ can
+ <span class="removed"><del><strong>correlate ads</strong></del></span>
<span class="inserted"><ins><em>remotely control the toys</em></ins></span>
with <span class="removed"><del><strong>Web activity,</strong></del></span>
<span class="inserted"><ins><em>a mobile phone. This would enable
crackers to listen in on a child's speech, and even speak into the
toys themselves.</p>
</li>
<li id="M201502180">
- <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement with online purchases</a>, exposing all
users</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going</em></ins></span> to
- <span class="removed"><del><strong>new combined surveillance by
default.</p></li>
- <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>spy on children</em></ins></span> and <span
class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span
class="inserted"><ins><em>adults</a>.</p>
+ <p>Barbie <a
+
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
+ going to spy on children</em></ins></span> and <span
class="inserted"><ins><em>adults</a>.</p>
</li>
</ul>
@@ -2068,14 +2100,10 @@
</div>
<ul class="blurbs">
+<!-- INSERT drones -->
<li id="M201708040">
- <p>While you're using a DJI drone</em></ins></span>
- to <span class="removed"><del><strong>be
- picked up by proprietary malware running</strong></del></span> <span
class="inserted"><ins><em>snoop</em></ins></span> on other <span
class="removed"><del><strong>devices</strong></del></span> <span
class="inserted"><ins><em>people, DJI is</em></ins></span> in
- <span class="removed"><del><strong>range so as to determine that they
are nearby. Once your
- Internet devices are paired with your TV, advertisers can
- correlate ads with Web activity, and
- other</strong></del></span> <span class="inserted"><ins><em>many
cases</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span>
+ <p>While you're using a DJI drone
+ to snoop on</em></ins></span> other <span
class="inserted"><ins><em>people, DJI is in many cases</em></ins></span> <a
<span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p></em></ins></span>
</li>
@@ -2088,6 +2116,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT home -->
<li id="M201809260">
<p>Honeywell's</em></ins></span> “smart” <span
class="removed"><del><strong>TVs recognize and
<a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what
people are watching</a>,
@@ -2121,39 +2150,39 @@
easier for Amazon. And if some government such as China
or</em></ins></span> the US
<span class="inserted"><ins><em>told Amazon to do this,</em></ins></span>
or <span class="removed"><del><strong>some other government.</p>
<p>Speech recognition is not</strong></del></span> <span
class="inserted"><ins><em>cease</em></ins></span> to <span
class="removed"><del><strong>be trusted unless it is done
- by free software in your own computer.</p>
- </li>
- <li><p>Spyware in
- <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- LG “smart” TVs</a> reports what the user watches,
and</strong></del></span> <span
class="inserted"><ins><em>sell</em></ins></span> the <span
class="removed"><del><strong>switch to turn this off has no effect. (The
fact</strong></del></span> <span class="inserted"><ins><em>product
in</em></ins></span> that <span class="inserted"><ins><em>country,
- do you think Amazon would have</em></ins></span> the
- <span class="removed"><del><strong>transmission reports a 404 error
really means nothing; the server
- could save that data anyway.)</p>
-
- <p>Even worse, it</strong></del></span> <span
class="inserted"><ins><em>moral fiber to say no?</p>
+ by free software</strong></del></span> <span
class="inserted"><ins><em>sell the product</em></ins></span> in <span
class="removed"><del><strong>your own computer.</p></strong></del></span>
<span class="inserted"><ins><em>that country,
+ do you think Amazon would have the moral fiber to say no?</p>
<p>These crackers are probably hackers too, but please <a
href="https://stallman.org/articles/on-hacking.html"> don't use
- “hacking” to mean “breaking
security”</a>.</p>
+ “hacking” to mean “breaking
security”</a>.</p></em></ins></span>
</li>
+ <span class="removed"><del><strong><li><p>Spyware
in</strong></del></span>
- <li id="M201804140">
- <p>A medical insurance company</em></ins></span> <a <span
class="removed"><del><strong>href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/"></strong></del></span>
+ <span class="inserted"><ins><em><li id="M201804140">
+ <p>A medical insurance company</em></ins></span> <a <span
class="removed"><del><strong>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ LG “smart” TVs</a> reports what
the</strong></del></span>
<span
class="inserted"><ins><em>href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
- offers a gratis electronic toothbrush that</em></ins></span> snoops on
<span class="removed"><del><strong>other devices on</strong></del></span> <span
class="inserted"><ins><em>its user by
- sending usage data back over</em></ins></span> the <span
class="removed"><del><strong>user's local network.</a></p>
-
- <p>LG later said it had installed a patch</strong></del></span>
<span class="inserted"><ins><em>Internet</a>.</p>
+ offers a gratis electronic toothbrush that snoops on its</em></ins></span>
user <span class="removed"><del><strong>watches, and</strong></del></span>
<span class="inserted"><ins><em>by
+ sending usage data back over</em></ins></span> the <span
class="removed"><del><strong>switch</strong></del></span> <span
class="inserted"><ins><em>Internet</a>.</p>
</li>
<li id="M201706204">
<p>Lots of “smart” products are designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
- listen</em></ins></span> to <span class="removed"><del><strong>stop this,
but</strong></del></span> <span class="inserted"><ins><em>everyone in the
house, all the time</a>.</p>
+ listen</em></ins></span> to <span class="removed"><del><strong>turn this
off has no effect. (The fact that</strong></del></span> <span
class="inserted"><ins><em>everyone in</em></ins></span> the
+ <span class="removed"><del><strong>transmission reports a 404 error
really means nothing;</strong></del></span> <span
class="inserted"><ins><em>house, all</em></ins></span> the <span
class="removed"><del><strong>server
+ could save</strong></del></span> <span
class="inserted"><ins><em>time</a>.</p>
+
+ <p>Today's technological practice does not include any way of making
+ a device</em></ins></span> that <span class="removed"><del><strong>data
anyway.)</p>
+
+ <p>Even worse, it
+ <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
+ snoops on other devices</strong></del></span> <span
class="inserted"><ins><em>can obey your voice commands without potentially
spying</em></ins></span>
+ on <span class="removed"><del><strong>the user's local
network.</a></p>
- <p>Today's technological practice does not include</em></ins></span>
any <span class="removed"><del><strong>product</strong></del></span> <span
class="inserted"><ins><em>way of making
- a device that can obey your voice commands without potentially spying
- on you. Even if it is air-gapped, it</em></ins></span> could <span
class="removed"><del><strong>spy this way.</p>
+ <p>LG later said</strong></del></span> <span
class="inserted"><ins><em>you. Even if it is air-gapped,</em></ins></span> it
<span class="removed"><del><strong>had installed a patch to stop this, but any
product</strong></del></span> could <span class="removed"><del><strong>spy this
way.</p>
<p>Meanwhile, LG TVs</strong></del></span> <span
class="inserted"><ins><em>be saving up records
about you for later examination.</p>
@@ -2180,42 +2209,43 @@
</div>
<ul class="blurbs">
+<!-- INSERT wearables -->
<li id="M201807260">
<p>Tommy Hilfiger clothing <a
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
monitor how often</em></ins></span> people <span
class="removed"><del><strong>watch, and even</strong></del></span> <span
class="inserted"><ins><em>wear it</a>.</p>
<p>This will teach the sheeple to find it normal that companies
- monitor every aspect of</em></ins></span> what they <span
class="removed"><del><strong>wanted</strong></del></span> <span
class="inserted"><ins><em>do.</p>
+ monitor every aspect of</em></ins></span> what they <span
class="removed"><del><strong>wanted to
record.</a></p></strong></del></span> <span
class="inserted"><ins><em>do.</p></em></ins></span>
</li>
</ul>
-<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
+<span class="inserted"><ins><em><h5
id="SpywareOnSmartWatches">“Smart” Watches</h5>
-<ul class="blurbs">
- <li id="M201603020">
+<ul class="blurbs"></em></ins></span>
+<!-- <span
class="removed"><del><strong>#SpywareAtPlay</strong></del></span> <span
class="inserted"><ins><em>INSERT watches</em></ins></span> -->
+<span class="removed"><del><strong><div class="big-section">
+ <h3 id="SpywareAtPlay">Spyware</strong></del></span>
+ <span class="inserted"><ins><em><li id="M201603020">
<p>A very cheap “smart watch” comes with an Android app
<a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
that connects to an unidentified site in China</a>.</p>
<p>The article says this is a back door, but that could be a
- misunderstanding. However, it is certainly surveillance, at
least.</p>
+ misunderstanding. However, it is certainly
surveillance,</em></ins></span> at <span
class="removed"><del><strong>Play</h3></strong></del></span> <span
class="inserted"><ins><em>least.</p>
</li>
<li id="M201407090">
<p>An LG “smart” watch is designed <a
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
- to report its location</em></ins></span> to <span
class="removed"><del><strong>record.</a></p></strong></del></span>
<span class="inserted"><ins><em>someone else and to transmit conversations
- too</a>.</p></em></ins></span>
+ to report its location to someone else and to transmit conversations
+ too</a>.</p>
</li>
</ul>
-<span class="removed"><del><strong><!-- #SpywareAtPlay
--></strong></del></span>
-
-<div <span class="removed"><del><strong>class="big-section">
- <h3 id="SpywareAtPlay">Spyware at
Play</h3></strong></del></span> <span
class="inserted"><ins><em>class="big-subsection">
+<div class="big-subsection">
<h4 id="SpywareInVehicles">Vehicles</h4></em></ins></span>
<span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareAtPlay">#SpywareAtPlay</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInVehicles">#SpywareInVehicles</a>)</span></em></ins></span>
</div>
@@ -2225,9 +2255,11 @@
<li><p>Many</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT cars -->
<li id="M201711230">
- <p>AI-powered driving apps can <a
-
href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
+ <p>AI-powered driving apps can</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
track your every move</a>.</p>
</li>
@@ -2241,15 +2273,14 @@
<p id="nissan-modem">The Nissan Leaf has a built-in
cell phone modem which allows effectively anyone to <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
- access its computers remotely and make changes in various
+ access its computers remotely</em></ins></span> and <span
class="removed"><del><strong>report</strong></del></span> <span
class="inserted"><ins><em>make changes in various
settings</a>.</p>
<p>That's easy to do because the system has no authentication
when accessed through the modem. However, even if it asked
for authentication, you couldn't be confident that Nissan
- has no access. The software in the car is proprietary,</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
- video game consoles snoop on their users and report</strong></del></span>
- <span
class="inserted"><ins><em>href="/philosophy/free-software-even-more-important.html">which
means
+ has no access. The software in the car is proprietary, <a
+ href="/philosophy/free-software-even-more-important.html">which means
it demands blind faith from its users</a>.</p>
<p>Even if no one connects</em></ins></span> to the
@@ -2305,6 +2336,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT virtual -->
<li id="M201612230">
<p>VR equipment, measuring every slight motion,
creates</em></ins></span> the <span class="removed"><del><strong>game
play</strong></del></span> <span
class="inserted"><ins><em>potential</em></ins></span> for <span
class="removed"><del><strong>specific players.</p>
@@ -2342,6 +2374,7 @@
<li><p>Online</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT websites -->
<li id="M201805170">
<p>The Storyful program <a
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
@@ -2425,6 +2458,7 @@
</div>
<ul class="blurbs">
+<!-- INSERT javascript -->
<li id="M201807190">
<p>British Airways used <a
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
@@ -2451,34 +2485,35 @@
<p>Some websites send
JavaScript code to collect all</em></ins></span> the <span
class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>user's input, <a
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
- can then be used</em></ins></span> to <span
class="removed"><del><strong>directly examine users'
data</a>.</p></strong></del></span> <span
class="inserted"><ins><em>reproduce the whole session</a>.</p>
+ can then be used to reproduce the whole session</a>.</p>
<p>If you use LibreJS, it will block that malicious JavaScript
- code.</p></em></ins></span>
+ code.</p>
</li>
</ul>
-<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
-
-<span class="inserted"><ins><em><div class="big-subsection">
+<div class="big-subsection">
<h4 id="SpywareInFlash">Flash</h4>
<span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>
<ul class="blurbs">
+<!-- INSERT flash -->
<li id="M201310110">
<p>Flash and JavaScript are used for <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
- “fingerprinting” devices</a></em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection
--></strong></del></span> <span class="inserted"><ins><em>identify
users.</p>
+ “fingerprinting” devices</a></em></ins></span> to <span
class="removed"><del><strong>directly examine users'
data</a>.</p></strong></del></span> <span
class="inserted"><ins><em>identify users.</p>
</li>
<li id="M201003010">
<p>Flash Player's <a
href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
- cookie feature helps web sites track visitors</a>.</p>
+ cookie feature helps web sites track
visitors</a>.</p></em></ins></span>
</li>
-</ul></em></ins></span>
+</ul>
+
+<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items on top under each subsection --></strong></del></span>
<div class="big-subsection">
@@ -2490,6 +2525,7 @@
<li><p>Google</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT chrome -->
<li id="M201507280">
<p>Google</em></ins></span> Chrome makes it easy for an extension to
do <a
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
@@ -2571,6 +2607,7 @@
real</strong></del></span>
<span class="inserted"><ins><em><ul class="blurbs">
+<!-- INSERT networks -->
<li id="M201606030">
<p>Investigation Shows</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
software as malicious as many other programs listed in this
@@ -2654,7 +2691,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/10/01 09:59:22 $
+$Date: 2018/10/01 19:58:10 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/proprietary-surveillance.ja.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ja.po,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -b -r1.217 -r1.218
--- proprietary/po/proprietary-surveillance.ja.po 1 Oct 2018 09:59:22
-0000 1.217
+++ proprietary/po/proprietary-surveillance.ja.po 1 Oct 2018 19:58:10
-0000 1.218
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2017-01-24 12:16+0900\n"
"Last-Translator: NIIBE Yutaka <address@hidden>\n"
"Language-Team: Japanese <address@hidden>\n"
@@ -1654,8 +1654,8 @@
#. type: Content of: <ul><li><p>
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
#. type: Content of: <ul><li><dl><dt>
@@ -1718,7 +1718,8 @@
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
#. type: Content of: <ul><li><p>
Index: proprietary/po/proprietary-surveillance.pot
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.pot,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -b -r1.166 -r1.167
--- proprietary/po/proprietary-surveillance.pot 1 Oct 2018 09:59:22 -0000
1.166
+++ proprietary/po/proprietary-surveillance.pot 1 Oct 2018 19:58:10 -0000
1.167
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <address@hidden>\n"
"Language-Team: LANGUAGE <address@hidden>\n"
@@ -1214,8 +1214,8 @@
#. type: Content of: <ul><li><p>
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
#. type: Content of: <ul><li><dl><dt>
@@ -1278,7 +1278,8 @@
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
#. type: Content of: <ul><li><p>
Index: proprietary/po/proprietary-surveillance.ru.po
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ru.po,v
retrieving revision 1.405
retrieving revision 1.406
diff -u -b -r1.405 -r1.406
--- proprietary/po/proprietary-surveillance.ru.po 1 Oct 2018 15:58:21
-0000 1.405
+++ proprietary/po/proprietary-surveillance.ru.po 1 Oct 2018 19:58:10
-0000 1.406
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: proprietary-surveillance.html\n"
-"POT-Creation-Date: 2018-10-01 09:56+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-09-30 16:09+0000\n"
"Last-Translator: Ineiev <address@hidden>\n"
"Language-Team: Russian <address@hidden>\n"
@@ -15,6 +15,7 @@
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Outdated-Since: 2018-10-01 19:55+0000\n"
#. type: Content of: <title>
msgid "Proprietary Surveillance - GNU Project - Free Software Foundation"
@@ -1729,9 +1730,17 @@
"VPN</a>”."
#. type: Content of: <ul><li><p>
+# | Following is a non-exhaustive [-list-] {+list, taken from the research
+# | paper,+} of {+some+} proprietary VPN apps [-from the research paper-] that
+# | [-tracks-] {+track users+} and [-infringes the privacy of users:-]
+# | {+infringe their privacy:+}
+#, fuzzy
+#| msgid ""
+#| "Following is a non-exhaustive list of proprietary VPN apps from the "
+#| "research paper that tracks and infringes the privacy of users:"
msgid ""
-"Following is a non-exhaustive list of proprietary VPN apps from the research "
-"paper that tracks and infringes the privacy of users:"
+"Following is a non-exhaustive list, taken from the research paper, of some "
+"proprietary VPN apps that track users and infringe their privacy:"
msgstr ""
"Ðалее ÑледÑÐµÑ Ð½ÐµÐ¸ÑÑеÑпÑваÑÑий ÑпиÑок
неÑвободнÑÑ
пÑиложений Ð´Ð»Ñ VPN, коÑоÑÑе "
"ÑледÑÑ Ð·Ð° полÑзоваÑелÑми и вÑоÑгаÑÑÑÑ Ð² иÑ
лиÑнÑÑ Ð¶Ð¸Ð·Ð½Ñ:"
@@ -1805,10 +1814,21 @@
msgstr "WiFi Protector VPN"
#. type: Content of: <ul><li><dl><dd>
+# | Injects JavaScript code into HTML pages, and also uses roughly five
+# | tracking libraries. Developers of this app have confirmed that the
+# | non-premium version of the app does JavaScript injection for tracking
+# | {+the user+} and [-display-] {+displaying+} ads.
+#, fuzzy
+#| msgid ""
+#| "Injects JavaScript code into HTML pages, and also uses roughly five "
+#| "tracking libraries. Developers of this app have confirmed that the non-"
+#| "premium version of the app does JavaScript injection for tracking and "
+#| "display ads."
msgid ""
"Injects JavaScript code into HTML pages, and also uses roughly five tracking "
"libraries. Developers of this app have confirmed that the non-premium "
-"version of the app does JavaScript injection for tracking and display ads."
+"version of the app does JavaScript injection for tracking the user and "
+"displaying ads."
msgstr ""
"ÐÑÑавлÑÐµÑ Ð¿ÑогÑÐ°Ð¼Ð¼Ñ Ð½Ð° JavaScript в ÑÑÑаниÑÑ
HTML, а Ñакже иÑполÑзÑÐµÑ Ð¾ÐºÐ¾Ð»Ð¾ "
"пÑÑи библиоÑек Ñлежки. РазÑабоÑÑики
пÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð´ÑвеÑдили, ÑÑо деÑевÑе "
Index: thankgnus/po/2018supporters.de.po
===================================================================
RCS file: /web/www/www/thankgnus/po/2018supporters.de.po,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -b -r1.47 -r1.48
--- thankgnus/po/2018supporters.de.po 27 Sep 2018 10:28:16 -0000 1.47
+++ thankgnus/po/2018supporters.de.po 1 Oct 2018 19:58:11 -0000 1.48
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: 2018supporters.html\n"
"Report-Msgid-Bugs-To: <address@hidden>\n"
-"POT-Creation-Date: 2018-09-27 10:26+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: 2018-03-19 22:00+0100\n"
"Last-Translator: Jоегg Kоhпе <joeko (AT) online [PUNKT] de>\n"
"Language-Team: German <address@hidden>\n"
@@ -360,6 +360,10 @@
msgstr "Kendall Griffith"
#. type: Content of: <ul><li>
+msgid "Kevin Fleming"
+msgstr ""
+
+#. type: Content of: <ul><li>
msgid "Kevin Forsythe"
msgstr "Kevin Forsythe"
Index: thankgnus/po/2018supporters.pot
===================================================================
RCS file: /web/www/www/thankgnus/po/2018supporters.pot,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -b -r1.42 -r1.43
--- thankgnus/po/2018supporters.pot 27 Sep 2018 10:28:16 -0000 1.42
+++ thankgnus/po/2018supporters.pot 1 Oct 2018 19:58:11 -0000 1.43
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: 2018supporters.html\n"
-"POT-Creation-Date: 2018-09-27 10:26+0000\n"
+"POT-Creation-Date: 2018-10-01 19:55+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <address@hidden>\n"
"Language-Team: LANGUAGE <address@hidden>\n"
@@ -324,6 +324,10 @@
msgstr ""
#. type: Content of: <ul><li>
+msgid "Kevin Fleming"
+msgstr ""
+
+#. type: Content of: <ul><li>
msgid "Kevin Forsythe"
msgstr ""
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- www proprietary/po/malware-webpages.de-diff.htm...,
GNUN <=