[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-google.html
From: |
Therese Godefroy |
Subject: |
www/proprietary malware-google.html |
Date: |
Thu, 4 Oct 2018 11:32:51 -0400 (EDT) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 18/10/04 11:32:51
Modified files:
proprietary : malware-google.html
Log message:
Add missing items & remove one that doesn't belong here; regenerate
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-google.html?cvsroot=www&r1=1.34&r2=1.35
Patches:
Index: malware-google.html
===================================================================
RCS file: /webcvs/www/www/proprietary/malware-google.html,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -b -r1.34 -r1.35
--- malware-google.html 22 Aug 2018 08:37:19 -0000 1.34
+++ malware-google.html 4 Oct 2018 15:32:50 -0000 1.35
@@ -1,4 +1,9 @@
<!--#include virtual="/server/header.html" -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Generated from propr-blurbs.rec. Please do not edit this file manually !
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-->
<!-- Parent-Version: 1.84 -->
<title>Google's Software Is Malware
- GNU Project - Free Software Foundation</title>
@@ -14,7 +19,7 @@
<p>
<em>Malware</em> means software designed to function in ways that
mistreat or harm the user. (This does not include accidental errors.)
-This page explains how Google software is malware.
+This page explains how Google's software is malware.
</p>
<p>Malware and nonfree software are two different issues. The
@@ -36,88 +41,156 @@
</div>
<div class="summary" style="margin-top: 2em">
- <h3><strong>Type of malware</strong></h3>
- <ul>
+<h3><strong>Type of malware</strong></h3>
+<ul>
<li><a href="#back-doors">Back doors</a></li>
<li><a href="#censorship">Censorship</a></li>
- <li><a href="#insecurity">Insecurity</a></li>
- <!--<li><a href="#pressuring">Pressuring</a></li>-->
- <li><a href="#sabotage">Sabotage</a></li>
- <li><a href="#surveillance">Surveillance</a></li>
+<!--<li><a href="#deception">Deception</a></li>-->
<li><a href="#drm">Digital restrictions
- management</a> or “DRM” means functionalities designed
+ management</a> or “DRM”—functionalities designed
to restrict what users can do with the data in their computers.</li>
- <!--<li><a href="#jails">Jails</a>—systems
+ <li><a href="#insecurity">Insecurity</a></li>
+<!--<li><a href="#jails">Jails</a>—systems
that impose censorship on application programs.</li>-->
+ <li><a href="#sabotage">Sabotage</a></li>
+ <li><a href="#surveillance">Surveillance</a></li>
<li><a href="#tyrants">Tyrants</a>—systems
that reject any operating system not “authorized” by the
manufacturer.</li>
- <!--<li><a href="#deception">Deception</a></li>-->
- </ul>
+</ul>
</div>
<h3 id="back-doors">Google Back Doors</h3>
-<ul>
- <li>
- <p>ChromeOS has a universal back door. At least, Google says
- it does—in <a
+<ul class="blurbs">
+<!-- INSERT backdoor -->
+ <li id="M201809140">
+ <p>Android has a <a
+
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
+ back door for remotely changing “user” settings</a>.</p>
+
+ <p>The article suggests it might be a universal back door, but this
+ isn't clear.</p>
+ </li>
+
+ <li id="M201202280">
+ <p>ChromeOS has a universal back
+ door. At least, Google says it does—in <a
href="https://www.google.com/intl/en/chromebook/termsofservice.html">
section 4 of the EULA</a>.</p>
</li>
- <li>
+ <li id="M201103070">
<p>In Android, <a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
- Google has a back door to remotely delete apps.</a> (It is in a
- program called GTalkService).</p>
+ Google has a back door to remotely delete apps</a>. (It was in a
+ program called GTalkService, which seems since then to have been
+ merged into Google Play.)</p>
+
<p>Google can also <a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
- forcibly and remotely install apps</a> through GTalkService (which
- seems, since that article, to have been merged into Google Play).
- This is not equivalent to a universal back door, but permits various
- dirty tricks.</p>
+ forcibly and remotely install apps</a> through GTalkService. This is
+ not equivalent to a universal back door, but permits various dirty
+ tricks.</p>
+
<p>Although Google's <em>exercise</em> of this power has not been
malicious so far, the point is that nobody should have such power,
- which could also be used maliciously. You might well decide to let a
- security service remotely <em>deactivate</em> programs that it
- considers malicious. But there is no excuse for allowing it
- to <em>delete</em> the programs, and you should have the right to
- decide who (if anyone) to trust in this way.</p></li>
+ which could also be used maliciously. You might well decide to
+ let a security service remotely <em>deactivate</em> programs that
+ it considers malicious. But there is no excuse for allowing it to
+ <em>delete</em> the programs, and you should have the right to decide
+ who (if anyone) to trust in this way.</p>
+ </li>
</ul>
+
<h3 id="censorship">Google Censorship</h3>
-<ul>
- <li>
+<ul class="blurbs">
+<!-- INSERT censorship -->
+ <li id="M201703160">
+ <p>Google <a
+
href="http://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts">
+ offers censorship software</a>, ostensibly for parents to put into
+ their children's computers.</p>
+ </li>
+
+ <li id="M201701180">
<p>On Windows and MacOS, Chrome <a
href="https://sites.google.com/a/chromium.org/dev/developers/extensions-deployment-faq">
disables extensions</a> that are not hosted in the Chrome Web
Store.</p>
+
<p>For example, an extension was <a
href="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">
- banned from the Chrome Web Store, and permanently disabled</a>
- on more than 40,000 computers.</p></li>
+ banned from the Chrome Web Store, and permanently disabled</a> on
+ more than 40,000 computers.</p>
+ </li>
- <li>
- <p><a
href="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">
- Google censored installation of Samsung's ad-blocker</a> on Android
phones,
- saying that blocking ads is “interference” with the sites
- that advertise (and surveil users through ads).</p>
- <p>The ad-blocker is proprietary software, just like the program (Google
- Play) that Google used to deny access to install it. Using a nonfree
program
- gives the owner power over you, and Google has exercised that power.</p>
- <p>Google's censorship, unlike that of Apple, is not total:
- Android allows users to install apps in other ways. You can install
- free programs from f-droid.org.</p></li>
+ <li id="M201602030">
+ <p><a
+
href="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">
+ Google censored installation of Samsung's ad-blocker</a> on Android
+ phones, saying that blocking ads is “interference” with
+ the sites that advertise (and surveil users through ads).</p>
+
+ <p>The ad-blocker is proprietary software, just like the program
+ (Google Play) that Google used to deny access to install it. Using
+ a nonfree program gives the owner power over you, and Google has
+ exercised that power.</p>
+
+ <p>Google's censorship, unlike that of Apple, is not total: Android
+ allows users to install apps in other ways. You can install free
+ programs from f-droid.org.</p>
+ </li>
+</ul>
- <li>
- <p>Google <a
-
href="http://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts">
- offers censorship software</a>, ostensibly for parents to put into
- their children's computers.</p></li>
+
+<h3 id="drm">Google DRM</h3>
+
+<ul class="blurbs">
+<!-- INSERT DRM -->
+ <li id="M201705150">
+ <p>Google now allows Android
+ apps to detect whether a device has been rooted, <a
+
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
+ refuse to install if so</a>. The Netflix app uses this ability to
+ enforce DRM by refusing to install on rooted Android devices.</p>
+
+ <p>Update: Google <i>intentionally</i> changed Android so that apps <a
+
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can
+ detect rooted devices and refuse to run on them</a>. The Netflix app
+ is proprietary malware, and one shouldn't use it. However, that does
+ not make what Google has done any less wrong.</p>
+ </li>
+
+ <li id="M201701300">
+ <p>Chrome <a
+
href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements
+ DRM</a>. So does Chromium, through nonfree software that is effectively
+ part of it.</p>
+
+ <p><a
+ href="https://bugs.chromium.org/p/chromium/issues/detail?id=686430">More
+ information</a>.</p>
+ </li>
+
+ <li id="M201501030">
+ <p id="netflix-app-geolocation-drm">The Netflix Android app <a
+
href="http://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/">
+ forces the use of Google DNS</a>. This is one of the methods that
+ Netflix uses to enforce the geolocation restrictions dictated by the
+ movie studios.</p>
+ </li>
+
+ <li id="M201102250">
+ <p>Android <a
+
href="https://developer.android.com/reference/android/drm/package-summary.html">
+ contains facilities specifically to support DRM</a>.</p>
+ </li>
</ul>
+
<h3 id="insecurity">Google Insecurity</h3>
<p>These bugs are/were not intentional, so unlike the rest of the file
@@ -125,157 +198,198 @@
supposition that prestigious proprietary software doesn't have grave
bugs.</p>
-<ul>
- <li><p><a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
- The NSA can tap data in smart phones, including iPhones, Android, and
- BlackBerry</a>. While there is not much detail here, it seems that
- this does not operate via the universal back door that we know nearly
- all portable phones have. It may involve exploiting various bugs.
- There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
- lots of bugs in the phones' radio software</a>.</p></li>
+<ul class="blurbs">
+<!-- INSERT google-insec -->
+ <li id="M201311120">
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There are <a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p>
+ </li>
</ul>
+
<h3 id="sabotage">Google Sabotage</h3>
<p>The wrongs in this section are not precisely malware, since they do
not involve making the program that runs in a way that hurts the user.
But they are a lot like malware, since they are technical Google
-actions that harm to the users of specific Google software.</p>
+actions that harm the users of specific Google software.</p>
-<ul>
- <li>
+<ul class="blurbs">
+<!-- INSERT sabotage -->
+ <li id="M201605150">
<p>Revolv is an IoT device which managed “smart home”
operations: switching the lights, operate motion sensors, regulating
- temperature, etc. On May 15th, 2016, Google said it would shut down the
- service linked to the device, making it unusable.</p>
- <p>Although you may own the device, its functioning depended on the server
- that never belonged to you. So you never really had control of it. This
- unjust design is called
- <a href="/philosophy/network-services-arent-free-or-nonfree.html">
+ temperature, etc. On May 15th, 2016, Google said it would shut down
+ the service linked to the device, making it unusable.</p>
+
+ <p>Although you may own the device, its functioning depended
+ on the server that never belonged to you. So you never
+ really had control of it. This unjust design is called <a
+ href="/philosophy/network-services-arent-free-or-nonfree.html">
Service as a Software Substitute (SaaSS)</a>. That is what gave the
- company the power to convert it into a $300 out-of-warranty brick, for
- your “dumb home”.</p>
+ company the power to convert it into a $300 out-of-warranty brick,
+ for your “dumb home”.</p>
+ </li>
+
+ <li id="M201604050">
+ <p>Google/Alphabet <a
+
href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">
+ intentionally broke Revolv home automatic control products that
+ depended on a server</a> to function, by shutting down the server.
+ The lesson is, reject all such products. Insist on self-contained
+ computers that run free software!</p>
</li>
- <li><p>Google has long had <a
+
+ <li id="M201511244">
+ <p>Google has long had <a
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
- back door to remotely unlock an Android device</a>, unless its
- disk is encrypted (possible since Android 5.0 Lollipop, but
- still not quite the default).</p></li>
+ back door to remotely unlock an Android device</a>, unless its disk
+ is encrypted (possible since Android 5.0 Lollipop, but still not
+ quite the default).</p>
+ </li>
</ul>
+
<h3 id="surveillance">Google Surveillance</h3>
-<ul>
- <li>
+<ul class="blurbs">
+<!-- INSERT google-surv -->
+ <li id="M201808030">
<p>Some Google apps on Android <a
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
record the user's location even when users disable “location
tracking”</a>.</p>
- <p>There are other ways to turn off the other kinds of location tracking,
- but most users will be tricked by the misleading control.</p>
+
+ <p>There are other ways to turn off the other kinds of location
+ tracking, but most users will be tricked by the misleading control.</p>
+ </li>
+
+ <li id="M201711210">
+ <p>Android tracks location for Google <a
+
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ even when “location services” are turned off, even when
+ the phone has no SIM card</a>.</p>
</li>
- <li><p>Tracking software in popular Android apps is pervasive and
- sometimes very clever. Some trackers can <a
-href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
- follow a user's movements around a physical store by noticing WiFi
- networks</a>.</p>
+ <li id="M201609210">
+ <p>Google's new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p>
</li>
- <li><p>Android tracks location for Google <a
-href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
- even when “location services” are turned off, even
- when the phone has no SIM card</a>.</p></li>
+ <li id="M201609140">
+ <p>Google Play (a component of Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking. This is
+ yet another example of nonfree software pretending to obey the user,
+ when it's actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p>
+ </li>
- <li><p>Google Chrome contains a key logger that
- <a href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
- sends Google every URL typed in</a>, one key at a time.</p>
+ <li id="M201507280">
+ <p>Google Chrome makes it easy for an extension to do <a
+
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do so.</p>
</li>
- <li><p>Google Chrome includes a module that
- <a
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ <li id="M201506180">
+ <p>Google Chrome includes a module that <a
+
href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
activates microphones and transmits audio to its servers</a>.</p>
</li>
- <li><p>Spyware is present in some Android devices when they are sold.
- Some Motorola phones modify Android to
- <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send personal data to Motorola</a>.</p>
- </li>
-
- <li><p>Spyware in Android phones (and Windows? laptops): The Wall
- Street Journal (in an article blocked from us by a paywall)
- reports that
- <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
- the FBI can remotely activate the GPS and microphone in Android
- phones and laptops</a>.
- (I suspect this means Windows laptops.) Here is
- <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
+ <li id="M201407170">
+ <p id="nest-thermometers">Nest thermometers send <a
+ href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
+ data about the user</a>.</p>
</li>
- <li><p>Google's new voice messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
- all conversations</a>.</p>
+ <li id="M201308040">
+ <p>Google Chrome <a
+ href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
+ spies on browser history, affiliations</a>, and other installed
+ software.</p>
</li>
- <li id="nest-thermometers">
- <p>Nest thermometers
- send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
- lot of data about the user</a>.</p>
+
+ <li id="M201308010">
+ <p>Spyware in Android phones (and Windows? laptops): The Wall Street
+ Journal (in an article blocked from us by a paywall) reports that <a
+
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android phones
+ and laptops</a>. (I suspect this means Windows laptops.) Here is <a
+ href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
</li>
- <li><p>Many web sites report all their visitors to Google by using
- the Google Analytics service, which
- <a
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
- tells Google the IP address and the page that was visited.</a></p>
+ <li id="M201307280">
+ <p>Spyware is present in some Android devices when they are
+ sold. Some Motorola phones, made when this company was owned
+ by Google, use a modified version of Android that <a
+ href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ sends personal data to Motorola</a>.</p>
</li>
- <li><p>Google Chrome makes it easy for an extension to do <a
-
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
- snooping on the user's browsing</a>, and many of them do so.</p>
+ <li id="M201307250">
+ <p>A Motorola phone <a
+
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
</li>
-</ul>
-<h3 id="drm">Google DRM</h3>
-<ul>
-<li id="netflix-app-geolocation-drm"><p>The Netflix Android app <a
-href="http://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/">
-forces the use of Google DNS</a>. This is one of the methods that Netflix
-uses to enforce the geolocation restrictions dictated by the movie
-studios.</p>
-</li>
-
-<li>
-<p>Google now allows Android apps to detect whether a device has been
-rooted, <a
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
refuse to install
-if so</a>.</p>
-
-<p>Update: Google <i>intentionally</i> changed Android so that apps
-<a
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can
detect rooted devices and refuse to
-run on them</a>.</p>
-</li>
-
-<li>
- <p>Chrome <a
href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements
- DRM</a>. So does Chromium, through nonfree software that is
- effectively part of it.</p>
-
- <p><a
href="https://bugs.chromium.org/p/chromium/issues/detail?id=686430">More
information</a>.</p>
-</li>
-
-<li><p>Android <a
href="https://developer.android.com/reference/android/drm/package-summary.html">contains
-facilities specifically to support DRM.</a></p>
-</li>
+ <li id="M201302150">
+ <p>Google Play intentionally sends app developers <a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
+
+ <p>Merely asking the “consent” of users is not enough to
+ legitimize actions like this. At this point, most users have stopped
+ reading the “Terms and Conditions” that spell out what
+ they are “consenting” to. Google should clearly and
+ honestly identify the information it collects on users, instead of
+ hiding it in an obscurely worded EULA.</p>
+
+ <p>However, to truly protect people's privacy, we must prevent Google
+ and other companies from getting this personal information in the
+ first place!</p>
+ </li>
+
+ <li id="M201208210">
+ <p>Many web sites report all their visitors
+ to Google by using the Google Analytics service, which <a
+
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was visited</a>.</p>
+ </li>
+
+ <li id="M200809060">
+ <p>Google Chrome contains a key logger that <a
+ href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
+ sends Google every URL typed in</a>, one key at a time.</p>
+ </li>
</ul>
+
<h3 id="tyrants">Google Tyrants</h3>
-<ul>
- <li>
-<p><a
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
-Some Android phones made by Google are tyrants</a> (though someone found a way
to
-crack the restriction). Fortunately, most Android devices are not tyrants.
-</p>
-</li>
+
+<ul class="blurbs">
+<!-- INSERT tyrants -->
+ <li id="M201304080">
+ <p>Motorola, then owned by Google, made <a
+
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
+ Android phones that are tyrants</a> (though someone found a way to
+ crack the restriction). Fortunately, most Android devices are not
+ tyrants.</p>
+ </li>
</ul>
+
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
@@ -333,7 +447,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2018/08/22 08:37:19 $
+$Date: 2018/10/04 15:32:50 $
<!-- timestamp end -->
</p>
</div>
- www/proprietary malware-google.html,
Therese Godefroy <=