[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www philosophy/basic-freedoms.it.html philosoph...
From: |
GNUN |
Subject: |
www philosophy/basic-freedoms.it.html philosoph... |
Date: |
Sat, 6 Feb 2021 11:03:05 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 21/02/06 11:03:05
Modified files:
philosophy : basic-freedoms.it.html
philosophy/po : basic-freedoms.it.po
proprietary/po : malware-microsoft.de-diff.html
malware-microsoft.it-diff.html
malware-microsoft.ja-diff.html
proprietary-surveillance.de-diff.html
proprietary-surveillance.it-diff.html
proprietary-surveillance.ja-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/basic-freedoms.it.html?cvsroot=www&r1=1.1&r2=1.2
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/po/basic-freedoms.it.po?cvsroot=www&r1=1.2&r2=1.3
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-microsoft.de-diff.html?cvsroot=www&r1=1.69&r2=1.70
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-microsoft.it-diff.html?cvsroot=www&r1=1.68&r2=1.69
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-microsoft.ja-diff.html?cvsroot=www&r1=1.83&r2=1.84
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.de-diff.html?cvsroot=www&r1=1.166&r2=1.167
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.it-diff.html?cvsroot=www&r1=1.232&r2=1.233
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.ja-diff.html?cvsroot=www&r1=1.250&r2=1.251
Patches:
Index: philosophy/basic-freedoms.it.html
===================================================================
RCS file: /web/www/www/philosophy/basic-freedoms.it.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- philosophy/basic-freedoms.it.html 6 Feb 2021 15:32:02 -0000 1.1
+++ philosophy/basic-freedoms.it.html 6 Feb 2021 16:03:03 -0000 1.2
@@ -21,11 +21,11 @@
href="https://web.archive.org/web/19990424100121/http://www.ciec.org/"><cite>Citizens
Internet Empowerment Coalition</cite></a> (Coalizione per l''emancipazione
dei cittadini su Internet) (archiviato sulla <cite>Wayback Machine</cite> il
-24 Aprile 1999) che si è unita per opporsi al primo tentativo del congresso
+24 Aprile 1999) che si è unita per opporsi al primo tentativo del Congresso
di regolare la pubblicazione di materiale su Internet tramite la
<cite>Communications Decency Act</cite><a href="#TransNote1"
id="TransNote1-rev"><sup>[1]</sup></a>, che fu dichiarata incostituzionale
-dalla Corte Suprema degli Stati Uniti d'America il 26 Giugno 1997. Il loro
+dalla Corte Suprema degli Stati Uniti d'America il 26 giugno 1997. Il loro
sito è stato archiviato per ricordare questo primo caso.</li>
<li>
@@ -34,12 +34,12 @@
href="https://web.archive.org/web/19980709161803/http://vtw.org/"><cite>Voters
Telecommunications Watch</cite></a> (gruppo di cittadini per i diritti
civili su Internet) (archiviato sulla <cite>Wayback Machine</cite> il 9
-Luglio 1998) e la loro eccellente <cite>mailing list</cite> elettronica per
+luglio 1998) e la loro eccellente <cite>mailing list</cite> elettronica per
gli annunci.</li>
<li>
L'articolo “<a href="/philosophy/censoring-emacs.html">La censura del
-mio software</a>” descrive come il <cite>Communications Decency
+mio software</a>” descrive come la <cite>Communications Decency
Act</cite> ha costretto il progetto GNU a censurare Emacs, e come ciò ha
paradossalmente avuto l'effetto opposto a quello voluto dai censori.
</li>
@@ -49,8 +49,7 @@
senza scopo di lucro che fornisce sintesi di documenti pubblicati su
Internet, servizi di notizie, una biblioteca, un centro di dialogo e un
archivio dedicato alla promozione e alla difesa a livello internazionale
-della libertà  di pensiero, della libertà  di parola e del diritto alla
-privacy.
+della libertà  di pensiero, la libertà  di parola e del diritto alla privacy.
</li>
<li>
@@ -134,7 +133,7 @@
<p class="unprintable"><!-- timestamp start -->
-$Date: 2021/02/06 15:32:02 $
+$Date: 2021/02/06 16:03:03 $
<!-- timestamp end -->
</p>
Index: philosophy/po/basic-freedoms.it.po
===================================================================
RCS file: /web/www/www/philosophy/po/basic-freedoms.it.po,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -b -r1.2 -r1.3
--- philosophy/po/basic-freedoms.it.po 6 Feb 2021 15:51:25 -0000 1.2
+++ philosophy/po/basic-freedoms.it.po 6 Feb 2021 16:03:04 -0000 1.3
@@ -93,8 +93,7 @@
"senza scopo di lucro che fornisce sintesi di documenti pubblicati su "
"Internet, servizi di notizie, una biblioteca, un centro di dialogo e un "
"archivio dedicato alla promozione e alla difesa a livello internazionale "
-"della libertà  di pensiero, la libertà  di parola e del diritto alla "
-"privacy."
+"della libertà  di pensiero, la libertà  di parola e del diritto alla
privacy."
#. type: Content of: <ul><li>
msgid ""
Index: proprietary/po/malware-microsoft.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-microsoft.de-diff.html,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -b -r1.69 -r1.70
--- proprietary/po/malware-microsoft.de-diff.html 6 Feb 2021 11:02:33
-0000 1.69
+++ proprietary/po/malware-microsoft.de-diff.html 6 Feb 2021 16:03:04
-0000 1.70
@@ -591,7 +591,12 @@
<p>A person or company has the right to cease to work on a particular
program; the wrong here is Microsoft does this after having made
the</em></ins></span>
users dependent on Microsoft, because they are not free to ask anyone
- else to work on the program for <span
class="removed"><del><strong>them.</p></li></strong></del></span>
<span class="inserted"><ins><em>them.</p>
+ else to work on the <span class="removed"><del><strong>program for
them.</p></li>
+</ul>
+
+<h3 id="interference">Microsoft Interference</h3>
+
+<p>Various proprietary programs often mess up the user's system. They
are like sabotage, but they are not grave enough</strong></del></span> <span
class="inserted"><ins><em>program for them.</p>
</li>
<li id="M201306220">
@@ -600,13 +605,11 @@
<p><a
href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft
informs the NSA of bugs in Windows before fixing them</a>.</p>
- </li></em></ins></span>
+ </li>
</ul>
-<h3 <span class="removed"><del><strong>id="interference">Microsoft
Interference</h3>
-
-<p>Various proprietary programs often mess up the user's system. They
are like sabotage, but they are not grave enough</strong></del></span> <span
class="inserted"><ins><em>id="subscriptions">Subscriptions</h3>
+<h3 id="subscriptions">Subscriptions</h3>
<ul class="blurbs">
<li id="M201507150">
@@ -614,12 +617,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft Office forces users <a
href="https://www.computerworld.com/article/2948755/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to
- subscribe</em></ins></span> to <span class="removed"><del><strong>qualify
-for the word “sabotage”. Nonetheless, they are nasty and wrong.
This section describes examples of Microsoft committing
-interference.</p>
-
-<ul>
- <li><p>Microsoft is planning</strong></del></span> <span
class="inserted"><ins><em>Office 365 to be able</em></ins></span> to <span
class="removed"><del><strong>make Windows</strong></del></span> <span
class="inserted"><ins><em>create/edit documents</a>.</p>
+ subscribe to Office 365 to be able to create/edit
documents</a>.</p>
</li>
</ul>
@@ -630,13 +628,10 @@
<li id="M202011260">
<!--#set var="DATE" value='<small
class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft's Office 365 suite enables employers</em></ins></span>
<a
- <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2018/mar/19/windows-10-microsoft-force-people-edge-browser-windows-mail-chrome-firefox">
- impose use of its browser, Edge, in certain
circumstances</a>.</p>
- <p>The reason Microsoft can force things</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
- snoop</em></ins></span> on <span class="removed"><del><strong>users
is</strong></del></span> <span class="inserted"><ins><em>each
employee</a>. After
- a public outburst, Microsoft stated</em></ins></span> that <span
class="removed"><del><strong>Windows</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>Microsoft's Office 365 suite enables employers <a
+
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
+ snoop on each employee</a>. After
+ a public outburst, Microsoft stated that <a
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
would remove this capability</a>. Let's hope so.</p>
</li>
@@ -644,24 +639,33 @@
<li id="M202010221">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft</em></ins></span> is
- <span class="removed"><del><strong>nonfree.</p></li>
+ <p>Microsoft is imposing its
+ surveillance on the game of Minecraft by <a
+
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
+ every player</em></ins></span> to <span
class="removed"><del><strong>qualify
+for</strong></del></span> <span class="inserted"><ins><em>open an account on
Microsoft's network</a>. Microsoft
+ has bought</em></ins></span> the <span class="removed"><del><strong>word
“sabotage”. Nonetheless, they are nasty</strong></del></span> <span
class="inserted"><ins><em>game</em></ins></span> and <span
class="removed"><del><strong>wrong. This section describes examples of
Microsoft committing
+interference.</p>
- <li><p>Windows displays</strong></del></span> <span
class="inserted"><ins><em>imposing its
- surveillance on the game of Minecraft by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
- intrusive ads for</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
- every player to open an account on Microsoft's
network</a>.</em></ins></span> Microsoft <span
class="removed"><del><strong>products</strong></del></span>
- <span class="inserted"><ins><em>has bought the game</em></ins></span> and
<span class="inserted"><ins><em>will merge all accounts into</em></ins></span>
its
- <span class="removed"><del><strong>partners'
products</a>.</p>
- <p>The article's author starts from the
premise</strong></del></span> <span class="inserted"><ins><em>network,
- which will give them access to people's data.</p>
+<ul>
+ <li><p>Microsoft is planning</strong></del></span> <span
class="inserted"><ins><em>will merge all accounts into its network,
+ which will give them access</em></ins></span> to <span
class="removed"><del><strong>make Windows <a
+
href="https://www.theguardian.com/technology/2018/mar/19/windows-10-microsoft-force-people-edge-browser-windows-mail-chrome-firefox">
+ impose use</strong></del></span> <span
class="inserted"><ins><em>people's data.</p>
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play
Minetest</a>
- instead. The essential advantage of Minetest is</em></ins></span> that
<span class="removed"><del><strong>Microsoft
- has</strong></del></span> <span class="inserted"><ins><em>it is free
- software, meaning it respects the user's computer freedom.
As</em></ins></span> a <span class="removed"><del><strong>right to control what
Windows does to users, as long as</strong></del></span> <span
class="inserted"><ins><em>bonus,</em></ins></span>
+ instead. The essential advantage</em></ins></span> of <span
class="removed"><del><strong>its browser, Edge, in certain
circumstances</a>.</p>
+ <p>The reason Microsoft can force things on
users</strong></del></span> <span
class="inserted"><ins><em>Minetest</em></ins></span> is that <span
class="removed"><del><strong>Windows</strong></del></span> <span
class="inserted"><ins><em>it</em></ins></span> is
+ <span class="removed"><del><strong>nonfree.</p></li>
+
+ <li><p>Windows displays
+ <a
href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
+ intrusive ads for Microsoft products and its
+ partners' products</a>.</p>
+ <p>The article's author starts from</strong></del></span> <span
class="inserted"><ins><em>free
+ software, meaning it respects</em></ins></span> the <span
class="removed"><del><strong>premise that Microsoft
+ has</strong></del></span> <span class="inserted"><ins><em>user's
computer freedom. As</em></ins></span> a <span
class="removed"><del><strong>right to control what Windows does to users, as
long as</strong></del></span> <span
class="inserted"><ins><em>bonus,</em></ins></span>
it
<span class="removed"><del><strong>doesn't go “too far”. We
disagree.</p></li>
@@ -871,10 +875,11 @@
its users</a>, giving Microsoft the “right” to snoop on
the users' files, text input, voice input, location info, contacts,
calendar records and web browsing history, as well as automatically
- connecting the machines to open hotspots and showing targeted <span
class="removed"><del><strong>ads.</p>
+ connecting the machines to open hotspots and showing targeted
ads.</p>
- <p>We can suppose Microsoft look at users' files for the US government
on
- demand, though the “privacy policy” does not explicit say so.
Will it
+ <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
+ on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
+ say <span class="removed"><del><strong>so. Will it
look at users' files for the Chinese government on
demand?</p></li>
<li><p>
@@ -894,11 +899,8 @@
secret NSA key in Windows</a>, whose functions we don't
know.</li>
<li><p>
- <a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/"></strong></del></span>
<span class="inserted"><ins><em>ads.</p>
-
- <p>We can suppose</em></ins></span> Microsoft <span
class="removed"><del><strong>SkyDrive allows</strong></del></span> <span
class="inserted"><ins><em>looks at users' files for</em></ins></span> the <span
class="removed"><del><strong>NSA to directly examine</strong></del></span>
<span class="inserted"><ins><em>US government
- on demand, though the “privacy policy” does not explicitly
- say so. Will it look at</em></ins></span> users' <span
class="removed"><del><strong>data.</a></p>
+ <a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
+ Microsoft SkyDrive allows the NSA to directly examine users'
data.</a></p>
</li>
<li><p>Spyware in Skype:
@@ -906,7 +908,7 @@
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype
<a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically</strong></del></span> <span
class="inserted"><ins><em>files</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>the Chinese government
+ specifically</strong></del></span> <span class="inserted"><ins><em>so.
Will it look at users' files</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>the Chinese government
on demand?</p></em></ins></span>
</li>
@@ -925,10 +927,9 @@
<p>Thus, Windows is overt malware in regard to surveillance, as in
other issues.</p>
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ <span class="removed"><del><strong><p>We can suppose Microsoft look at
users' files for the US government on
+ demand, though the “privacy policy” does not explicit say so.
Will it
+ look at users' files for the Chinese government on
demand?</p></strong></del></span>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
@@ -1152,7 +1153,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 11:02:33 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/malware-microsoft.it-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-microsoft.it-diff.html,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -b -r1.68 -r1.69
--- proprietary/po/malware-microsoft.it-diff.html 6 Feb 2021 11:02:34
-0000 1.68
+++ proprietary/po/malware-microsoft.it-diff.html 6 Feb 2021 16:03:04
-0000 1.69
@@ -598,8 +598,8 @@
<p>A person or company has the right to cease to work on a particular
program; the wrong here is Microsoft does this after having made the
- users dependent on Microsoft, because</em></ins></span> they are not <span
class="removed"><del><strong>grave enough</strong></del></span> <span
class="inserted"><ins><em>free to ask anyone
- else</em></ins></span> to <span
class="removed"><del><strong>qualify</strong></del></span> <span
class="inserted"><ins><em>work on the program</em></ins></span> for <span
class="inserted"><ins><em>them.</p>
+ users dependent on Microsoft, because</em></ins></span> they are not <span
class="removed"><del><strong>grave enough</strong></del></span> <span
class="inserted"><ins><em>free</em></ins></span> to <span
class="removed"><del><strong>qualify</strong></del></span> <span
class="inserted"><ins><em>ask anyone
+ else to work on the program</em></ins></span> for <span
class="inserted"><ins><em>them.</p>
</li>
<li id="M201306220">
@@ -607,11 +607,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft
- informs</em></ins></span> the <span class="removed"><del><strong>word
“sabotage”. Nonetheless, they are nasty and wrong. This section
describes examples</strong></del></span> <span
class="inserted"><ins><em>NSA</em></ins></span> of <span
class="removed"><del><strong>Microsoft committing
-interference.</p>
-
-<ul>
- <li><p>Windows displays</strong></del></span> <span
class="inserted"><ins><em>bugs in Windows before fixing
them</a>.</p>
+ informs the NSA of bugs in Windows before fixing them</a>.</p>
</li>
</ul>
@@ -622,9 +618,8 @@
<li id="M201507150">
<!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft Office forces users</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
- intrusive ads for</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.computerworld.com/article/2948755/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to
+ <p>Microsoft Office forces users <a
+
href="https://www.computerworld.com/article/2948755/office-for-windows-10-will-require-office-365-subscription-on-pcs-larger-tablets.html">to
subscribe to Office 365 to be able to create/edit
documents</a>.</p>
</li>
</ul>
@@ -639,7 +634,7 @@
<p>Microsoft's Office 365 suite enables employers <a
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
snoop on each employee</a>. After
- a public outburst,</em></ins></span> Microsoft <span
class="removed"><del><strong>products and</strong></del></span> <span
class="inserted"><ins><em>stated that <a
+ a public outburst, Microsoft stated that <a
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
would remove this capability</a>. Let's hope so.</p>
</li>
@@ -647,31 +642,37 @@
<li id="M202010221">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft is imposing</em></ins></span> its
- <span class="removed"><del><strong>partners'
products</a>.</p>
- <p>The article's author starts from</strong></del></span>
- <span class="inserted"><ins><em>surveillance on</em></ins></span> the
<span class="removed"><del><strong>premise that</strong></del></span> <span
class="inserted"><ins><em>game of Minecraft by <a
-
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
- every player to open an account on Microsoft's
network</a>.</em></ins></span> Microsoft
- has <span class="removed"><del><strong>a right to control what Windows
does</strong></del></span> <span class="inserted"><ins><em>bought the game and
will merge all accounts into its network,
- which will give them access</em></ins></span> to <span
class="removed"><del><strong>users, as long as it
- doesn't go “too far”. We disagree.</p></li>
+ <p>Microsoft is imposing its
+ surveillance on</em></ins></span> the <span
class="removed"><del><strong>word “sabotage”. Nonetheless, they are
nasty and wrong. This section describes examples</strong></del></span> <span
class="inserted"><ins><em>game</em></ins></span> of <span
class="removed"><del><strong>Microsoft committing
+interference.</p>
- <li><p>Microsoft inserts <a
-href="https://www.theguardian.com/technology/2017/mar/10/windows-10-users-complain-new-microsoft-subscription-onedrive-adverts">
- annoying advertisements inside</strong></del></span> <span
class="inserted"><ins><em>people's data.</p>
+<ul>
+ <li><p>Windows displays</strong></del></span> <span
class="inserted"><ins><em>Minecraft by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2017/3/17/14956540/microsoft-windows-10-ads-taskbar-file-explorer">
+ intrusive ads for</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
+ every player to open an account on Microsoft's
network</a>.</em></ins></span> Microsoft <span
class="removed"><del><strong>products</strong></del></span>
+ <span class="inserted"><ins><em>has bought the game</em></ins></span> and
<span class="inserted"><ins><em>will merge all accounts into</em></ins></span>
its
+ <span class="removed"><del><strong>partners'
products</a>.</p>
+ <p>The article's author starts from the
premise</strong></del></span> <span class="inserted"><ins><em>network,
+ which will give them access to people's data.</p>
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play
Minetest</a>
- instead. The essential advantage</em></ins></span> of <span
class="inserted"><ins><em>Minetest is that it is free
- software, meaning it respects</em></ins></span> the <span
class="removed"><del><strong>File Explorer</a></strong></del></span>
<span class="inserted"><ins><em>user's computer freedom. As a bonus,
- it offers more options.</p>
+ instead. The essential advantage of Minetest is</em></ins></span> that
<span class="removed"><del><strong>Microsoft
+ has</strong></del></span> <span class="inserted"><ins><em>it is free
+ software, meaning it respects the user's computer freedom.
As</em></ins></span> a <span class="removed"><del><strong>right to control what
Windows does to users, as long as</strong></del></span> <span
class="inserted"><ins><em>bonus,</em></ins></span>
+ it
+ <span class="removed"><del><strong>doesn't go “too far”. We
disagree.</p></li>
+
+ <li><p>Microsoft inserts <a
+href="https://www.theguardian.com/technology/2017/mar/10/windows-10-users-complain-new-microsoft-subscription-onedrive-adverts">
+ annoying advertisements inside</strong></del></span> <span
class="inserted"><ins><em>offers more options.</p>
</li>
<li id="M202010210">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>As of 2019-2020, Minecraft players are <a
+ <p>As</em></ins></span> of <span class="removed"><del><strong>the
File Explorer</a></strong></del></span> <span
class="inserted"><ins><em>2019-2020, Minecraft players are <a
href="https://www.minecraft.net/en-us/article/java-edition-moving-house">being
forced</em></ins></span> to <span class="removed"><del><strong>nag
users</strong></del></span> <span
class="inserted"><ins><em>move</em></ins></span> to <span
class="removed"><del><strong>buy subscriptions for</strong></del></span> <span
class="inserted"><ins><em>Microsoft servers</a>, which results in
@@ -729,8 +730,9 @@
<li id="M201908151">
<!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Skype refuses to say whether it can <a
-
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
+ <p>Skype refuses to say whether it can</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
+users</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
on calls</a>.</p>
<p>That almost certainly means it can do so.</p>
@@ -739,9 +741,8 @@
<li id="M201905281">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
-users</strong></del></span>
- <span
class="inserted"><ins><em>href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
+ <p>Microsoft <a
+
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
people</em></ins></span> to <span
class="removed"><del><strong>complain</strong></del></span> <span
class="inserted"><ins><em>give their phone number</a> in
order</em></ins></span> to <span class="removed"><del><strong>the sysadmins
about not “upgrading”</strong></del></span> <span
class="inserted"><ins><em>be able</em></ins></span> to <span
class="removed"><del><strong>Windows
10</a>.</p></li>
</ul>
@@ -876,7 +877,8 @@
<p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the <span
class="removed"><del><strong>Chinese government on demand?</p></li>
+ say so. Will it look at users' files for the Chinese government
+ on <span class="removed"><del><strong>demand?</p></li>
<li><p>
<a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
@@ -904,8 +906,7 @@
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype
<a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically for spying</a>.</p></strong></del></span> <span
class="inserted"><ins><em>Chinese government
- on demand?</p></em></ins></span>
+ specifically for spying</a>.</p></strong></del></span> <span
class="inserted"><ins><em>demand?</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>
@@ -920,13 +921,13 @@
<span
class="inserted"><ins><em>href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/"></em></ins></span>
gives Microsoft a key</a>.</p>
- <p>Thus, Windows is overt malware in regard to surveillance, as in
- other issues.</p>
+ <p>Thus, Windows is overt <span class="removed"><del><strong>malware
in regard to surveillance,
+ as in other issues.</p>
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ <p>We can suppose Microsoft look at users' files for the US government
on
+ demand, though the “privacy policy” does not explicit say so.
Will it
+ look at users' files for the Chinese government on
demand?</p></strong></del></span> <span class="inserted"><ins><em>malware
in regard to surveillance, as in
+ other issues.</p></em></ins></span>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
@@ -1144,7 +1145,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 11:02:34 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/malware-microsoft.ja-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/malware-microsoft.ja-diff.html,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -b -r1.83 -r1.84
--- proprietary/po/malware-microsoft.ja-diff.html 6 Feb 2021 11:02:34
-0000 1.83
+++ proprietary/po/malware-microsoft.ja-diff.html 6 Feb 2021 16:03:04
-0000 1.84
@@ -436,92 +436,130 @@
<p>The wrongs in this section are not precisely malware, since they
do</em></ins></span>
not <span class="removed"><del><strong>upgrade. This
reaffirms</strong></del></span> <span class="inserted"><ins><em>involve
making</em></ins></span> the <span class="removed"><del><strong>presence
of</strong></del></span> <span class="inserted"><ins><em>program that runs
in</em></ins></span> a <span class="removed"><del><strong><a
href="/proprietary/proprietary-back-doors.html">universal
- back door</strong></del></span> <span class="inserted"><ins><em>way that
hurts the user.
-But they are a lot like malware, since they are technical Microsoft
-actions that harm the users of specific Microsoft software.</p>
+ back door in Windows</a> 7 and 8.</p></li>
+
+ <li><p>Windows 10 “upgrades” <a
+
href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/">
+ delete applications</a> without asking
permission.</p></li>
+
+ <li><p>
+ Microsoft is <a
href="http://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1">
+ repeatedly nagging many users to install Windows 10</a>.
+ </p></li>
+
+<li><p>
+Microsoft was for months <a
+href="http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update">
+tricking users into “upgrading” to Windows 10</a>,
if</strong></del></span> <span class="inserted"><ins><em>way that hurts the
user.
+But</em></ins></span> they
+<span class="removed"><del><strong>failed to notice and say no.
+</p></li>
+
+ <li><p><a
+href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm"></strong></del></span>
<span class="inserted"><ins><em>are a lot like malware, since they are
technical</em></ins></span> Microsoft <span
class="removed"><del><strong>informs</strong></del></span>
+<span class="inserted"><ins><em>actions that harm</em></ins></span> the <span
class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>users</em></ins></span> of <span
class="removed"><del><strong>bugs in Windows before fixing
them.</a></p></li>
+
+ <li><p><a
href="http://www.computerworlduk.com/blogs/open-enterprise/windows-xp-end-of-an-era-end-of-an-error-3569489/"></strong></del></span>
<span class="inserted"><ins><em>specific</em></ins></span> Microsoft <span
class="removed"><del><strong>cut off security fixes for Windows XP, except to
some big users
+ that pay exorbitantly.</a></p></strong></del></span> <span
class="inserted"><ins><em>software.</p>
<ul class="blurbs">
<li id="M201904041">
<!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft has been <a
-
href="https://borncity.com/win/2019/01/17/windows-10-update-kb4023057-re-released-1-16-2019/">
+ --><!--#echo encoding="none" var="DATE" --></em></ins></span>
+ <p>Microsoft <span class="removed"><del><strong>is going
to</strong></del></span> <span class="inserted"><ins><em>has
been</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/news/security/3605515/more-than-half-of-all-ie-users-face-patch-axe-in-10-months/">
+ cut off support for some Internet Explorer
versions</a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://borncity.com/win/2019/01/17/windows-10-update-kb4023057-re-released-1-16-2019/">
force-installing a “remediation”
program</a> on computers running certain
- versions of Windows 10. Remediation,</em></ins></span> in <span
class="removed"><del><strong>Windows</a> 7 and 8.</p></li>
+ versions of Windows 10. Remediation,</em></ins></span> in <span
class="removed"><del><strong>the same way.</p>
- <li><p>Windows 10 “upgrades”</strong></del></span>
<span class="inserted"><ins><em>Microsoft's view, means</em></ins></span> <a
- <span
class="removed"><del><strong>href="http://www.ghacks.net/2015/11/24/beware-latest-windows-10-update-may-remove-programs-automatically/">
- delete applications</a> without asking
permission.</p></li>
-
- <li><p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
- tampering with users' settings and files</a>, notably to
- “repair” any components of the updating system that users
+ <p>A person or company has the right to cease</strong></del></span>
<span class="inserted"><ins><em>Microsoft's view, means <a
+
href="https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
+ tampering with users' settings and files</a>,
notably</em></ins></span> to <span class="removed"><del><strong>work on a
+ particular program;</strong></del></span>
+ <span class="inserted"><ins><em>“repair” any components
of</em></ins></span> the <span class="removed"><del><strong>wrong here
is</strong></del></span> <span class="inserted"><ins><em>updating system that
users
may have intentionally disabled, and thus regain full power over
- them.</em></ins></span> Microsoft <span class="removed"><del><strong>is
<a
href="http://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1"></strong></del></span>
repeatedly <span class="removed"><del><strong>nagging many
users</strong></del></span> <span class="inserted"><ins><em>pushed faulty
versions of this program</em></ins></span> to <span
class="removed"><del><strong>install</strong></del></span>
+ them.</em></ins></span> Microsoft <span
class="removed"><del><strong>does</strong></del></span> <span
class="inserted"><ins><em>repeatedly pushed faulty versions
of</em></ins></span> this <span class="removed"><del><strong>after having
+ made the users dependent on Microsoft, because they are not free to ask
+ anyone else</strong></del></span> <span
class="inserted"><ins><em>program</em></ins></span> to <span
class="removed"><del><strong>work on</strong></del></span>
<span class="inserted"><ins><em>users' machines, causing numerous
problems, some of which <a
href="https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/">
critical</a>.</p>
- <p>This exemplifies the arrogant and manipulative attitude
- that proprietary software developers have learned to adopt
- toward the people they are supposedly serving. Migrate to a <a
- href="/distros/free-distros.html">free operating system</a> if you
+ <p>This exemplifies</em></ins></span> the <span
class="removed"><del><strong>program for them.</p></li>
+</ul>
+
+<h3 id="interference">Microsoft Interference</h3>
+
+<p>Various</strong></del></span> <span
class="inserted"><ins><em>arrogant and manipulative attitude
+ that</em></ins></span> proprietary <span
class="removed"><del><strong>programs often mess up the user's system. They are
like sabotage, but they are not grave enough</strong></del></span> <span
class="inserted"><ins><em>software developers have learned</em></ins></span> to
<span class="removed"><del><strong>qualify
+for</strong></del></span> <span class="inserted"><ins><em>adopt
+ toward</em></ins></span> the <span class="removed"><del><strong>word
“sabotage”. Nonetheless,</strong></del></span> <span
class="inserted"><ins><em>people</em></ins></span> they are <span
class="removed"><del><strong>nasty and wrong. This section describes examples
of Microsoft committing
+interference.</p>
+
+<ul>
+
+<li>In order</strong></del></span> <span
class="inserted"><ins><em>supposedly serving. Migrate</em></ins></span> to
<span class="removed"><del><strong>increase Windows 10's install base,
Microsoft</strong></del></span> <span
class="inserted"><ins><em>a</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
+blatantly disregards user choice</strong></del></span>
+ <span class="inserted"><ins><em>href="/distros/free-distros.html">free
operating system</a> if you
can!</p>
<p>If your employer makes you run Windows, tell the financial
- department how this wastes your time dealing with endless connections
- and premature hardware failures.</p>
+ department how this wastes your time dealing with endless
connections</em></ins></span>
+ and <span
class="removed"><del><strong>privacy</a>.</strong></del></span> <span
class="inserted"><ins><em>premature hardware
failures.</p></em></ins></span>
</li>
- <li id="M201704194">
+<span
class="removed"><del><strong><li><p>Microsoft</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201704194">
<!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft has made</em></ins></span> Windows <span
class="removed"><del><strong>10</a>.
- </p></li>
+ <p>Microsoft</em></ins></span> has
+<span class="removed"><del><strong>started <a
href="https://www.theguardian.com/technology/2016/jul/04/microsoft-windows-10-full-screen-upgrade-notification-pop-up-reminder">nagging
+users obnoxiously</strong></del></span> <span class="inserted"><ins><em>made
Windows 7</em></ins></span>
+ and <span class="removed"><del><strong>repeatedly</strong></del></span>
<span class="inserted"><ins><em>8 cease</em></ins></span> to <span
class="removed"><del><strong>install Windows 10</a>.</p></li>
+
+ <li><p>Microsoft
+ <a
href="http://news.softpedia.com/news/windows-10-upgrade-reportedly-starting-automatically-on-windows-7-pcs-501651.shtml">is
+ tricking
+ users</a></strong></del></span> <span
class="inserted"><ins><em>function on certain new computers,</em></ins></span>
<a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160522062607/http://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/">
+into replacing Windows 7 with</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://support.microsoft.com/en-us/help/4012982/the-processor-is-not-supported-together-with-the-windows-version-that">effectively
+ forcing their owners to switch to</em></ins></span> Windows <span
class="removed"><del><strong>10</a>.</p></li>
-<li><p></strong></del></span> <span class="inserted"><ins><em>7
- and 8 cease to function on certain new computers, <a
-
href="https://support.microsoft.com/en-us/help/4012982/the-processor-is-not-supported-together-with-the-windows-version-that">effectively
- forcing their owners to switch to Windows 10</a>.</p>
+ <li><p>Microsoft</strong></del></span> <span
class="inserted"><ins><em>10</a>.</p>
</li>
<li id="M201704134">
<!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
-
href="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/">
- has dropped support for Windows 7 and 8 on recent processors</a>
+
href="https://arstechnica.com/information-technology/2017/04/new-processors-are-now-blocked-from-receiving-updates-on-old-windows/"></em></ins></span>
+ has <span class="removed"><del><strong>made
companies'</strong></del></span> <span class="inserted"><ins><em>dropped
support for</em></ins></span> Windows <span
class="removed"><del><strong>machines managed by</strong></del></span> <span
class="inserted"><ins><em>7 and 8 on recent processors</a>
in a big hurry.</p>
- <p>It makes no difference what legitimate reasons</em></ins></span>
Microsoft <span class="removed"><del><strong>was</strong></del></span> <span
class="inserted"><ins><em>might
- have</em></ins></span> for <span class="removed"><del><strong>months <a
-href="http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update">
-tricking</strong></del></span> <span class="inserted"><ins><em>not doing work
to support them. If it doesn't want to do
- this work, it should let</em></ins></span> users <span
class="removed"><del><strong>into “upgrading”</strong></del></span>
<span class="inserted"><ins><em>do the work.</p>
+ <p>It makes no difference what legitimate reasons Microsoft might
+ have for not doing work to support them. If it doesn't want to do
+ this work, it should let users do the work.</p>
</li>
<li id="M201606270">
<!--#set var="DATE" value='<small
class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p id="windows10-forcing">In its efforts</em></ins></span> to <span
class="inserted"><ins><em>trick users of</em></ins></span> Windows <span
class="removed"><del><strong>10</a>, if they
-failed to notice</strong></del></span>
- <span class="inserted"><ins><em>7</em></ins></span> and <span
class="removed"><del><strong>say no.
-</p></li>
-
- <li><p><a
-href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm"></strong></del></span>
<span class="inserted"><ins><em>8 into installing all-spying Windows 10
against their
- will,</em></ins></span> Microsoft <span
class="removed"><del><strong>informs</strong></del></span> <span
class="inserted"><ins><em>forced their computers to <a
+ <p id="windows10-forcing">In its efforts to trick users of Windows
+ 7 and 8 into installing all-spying Windows 10 against their
+ will, Microsoft forced their computers to <a
href="https://www.theguardian.com/technology/2015/sep/11/microsoft-downloading-windows-1">
- silently download…</em></ins></span> the <span
class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>whole</em></ins></span> of <span
class="removed"><del><strong>bugs</strong></del></span> <span
class="inserted"><ins><em>Windows 10</a>! Apparently,
+ silently download… the whole of Windows 10</a>! Apparently,
this was done through a <a
href="/proprietary/proprietary-back-doors.html#windows-update">
universal back door</a>. Not only did the unwanted downloads <a
href="https://www.theregister.co.uk/2016/06/03/windows_10_upgrade_satellite_link/">
jeopardize important operations in regions of the world with poor
connectivity</a>, but many of the people who let installation proceed
- found out that this “upgrade” was</em></ins></span> in <span
class="inserted"><ins><em>fact a <a
+ found out that this “upgrade” was in fact a <a
href="http://gizmodo.com/woman-wins-10-000-from-microsoft-after-unwanted-window-1782666146">
downgrade</a>.</p>
</li>
@@ -530,9 +568,7 @@
<!--#set var="DATE" value='<small
class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Once Microsoft has tricked a user
- into accepting installation of</em></ins></span> Windows <span
class="removed"><del><strong>before fixing them.</a></p></li>
-
- <li><p><a
href="http://www.computerworlduk.com/blogs/open-enterprise/windows-xp-end-of-an-era-end-of-an-error-3569489/"></strong></del></span>
<span class="inserted"><ins><em>10, <a
+ into accepting installation of Windows 10, <a
href="https://www.theregister.co.uk/2016/06/01/windows_10_nagware_no_way_out/">they
find that they are denied the option to cancel or even postpone the
imposed date of installation</a>.</p>
@@ -549,7 +585,7 @@
for its USB-to-serial chips has been designed to <a
href="http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/">sabotage
alternative compatible chips</a>
- so that they no longer work.</em></ins></span> Microsoft <span
class="inserted"><ins><em>is <a
+ so that they no longer work. Microsoft is <a
href="http://it.slashdot.org/story/16/01/31/1720259/ftdi-driver-breaks-hardware-again">installing
this automatically</a> as an “upgrade”.</p>
</li>
@@ -566,19 +602,19 @@
<!--#set var="DATE" value='<small
class="date-tag">2015-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
-
href="https://web.archive.org/web/20191205010621/https://www.computerworld.com/article/3423768/windows-xp--end-of-an-era--end-of-an-error.html">Microsoft</em></ins></span>
+
href="https://web.archive.org/web/20191205010621/https://www.computerworld.com/article/3423768/windows-xp--end-of-an-era--end-of-an-error.html">Microsoft
cut off security fixes for Windows XP, except to some big users that
- pay <span
class="removed"><del><strong>exorbitantly.</a></p></strong></del></span>
<span
class="inserted"><ins><em>exorbitantly</a>.</p></em></ins></span>
+ pay exorbitantly</a>.</p>
- <p>Microsoft is going to <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/news/security/3605515/more-than-half-of-all-ie-users-face-patch-axe-in-10-months/"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://web.archive.org/web/20181030194725/https://www.computerworlduk.com/applications/more-than-half-of-all-ie-users-face-patch-axe-in-10-months-3605515/"></em></ins></span>
+ <p>Microsoft is going to <a
+
href="https://web.archive.org/web/20181030194725/https://www.computerworlduk.com/applications/more-than-half-of-all-ie-users-face-patch-axe-in-10-months-3605515/">
cut off support for some Internet Explorer versions</a> in the same
way.</p>
<p>A person or company has the right to cease to work on a particular
program; the wrong here is Microsoft does this after having made the
users dependent on Microsoft, because they are not free to ask anyone
- else to work on the program for <span
class="removed"><del><strong>them.</p></li></strong></del></span>
<span class="inserted"><ins><em>them.</p>
+ else to work on the program for them.</p>
</li>
<li id="M201306220">
@@ -587,13 +623,11 @@
<p><a
href="https://web.archive.org/web/20130622044225/http://blogs.computerworlduk.com/open-enterprise/2013/06/how-can-any-company-ever-trust-microsoft-again/index.htm">Microsoft
informs the NSA of bugs in Windows before fixing them</a>.</p>
- </li></em></ins></span>
+ </li>
</ul>
-<h3 <span class="removed"><del><strong>id="interference">Microsoft
Interference</h3>
-
-<p>Various proprietary programs often mess up</strong></del></span>
<span class="inserted"><ins><em>id="subscriptions">Subscriptions</h3>
+<h3 id="subscriptions">Subscriptions</h3>
<ul class="blurbs">
<li id="M201507150">
@@ -624,8 +658,10 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is imposing its
- surveillance on the game of Minecraft by <a
-
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
+ surveillance on</em></ins></span> the
+<span class="removed"><del><strong>company's
+sysadmins</strong></del></span> <span class="inserted"><ins><em>game of
Minecraft by</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
every player to open an account on Microsoft's network</a>. Microsoft
has bought the game and will merge all accounts into its network,
which will give them access to people's data.</p>
@@ -633,25 +669,24 @@
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play
Minetest</a>
instead. The essential advantage of Minetest is that it is free
- software, meaning it respects</em></ins></span> the user's <span
class="removed"><del><strong>system. They</strong></del></span> <span
class="inserted"><ins><em>computer freedom. As a bonus,
+ software, meaning it respects the user's computer freedom. As a bonus,
it offers more options.</p>
</li>
<li id="M202010210">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>As of 2019-2020, Minecraft players</em></ins></span> are <span
class="removed"><del><strong>like sabotage,</strong></del></span> <span
class="inserted"><ins><em><a
+ <p>As of 2019-2020, Minecraft players are <a
href="https://www.minecraft.net/en-us/article/java-edition-moving-house">being
forced to move to Microsoft servers</a>, which results in
- privacy violation. Microsoft publishes a program so users can run
- their own server,</em></ins></span> but <span
class="removed"><del><strong>they are not grave enough</strong></del></span>
<span class="inserted"><ins><em>the program is proprietary and it's another
<a
+ privacy violation. Microsoft publishes a program so</em></ins></span>
users <span class="inserted"><ins><em>can run
+ their own server, but the program is proprietary and it's another <a
href="/philosophy/free-software-even-more-important.html">injustice</em></ins></span>
- to <span class="removed"><del><strong>qualify
-for</strong></del></span> <span
class="inserted"><ins><em>users</a>.</p>
+ to <span class="removed"><del><strong>complain</strong></del></span> <span
class="inserted"><ins><em>users</a>.</p>
<p>People can play <a
href="https://directory.fsf.org/wiki/Minetest">Minetest</a>
- instead. Minetest is free software and respects</em></ins></span> the
<span class="removed"><del><strong>word “sabotage”. Nonetheless,
they are nasty</strong></del></span> <span class="inserted"><ins><em>user's
computer
+ instead. Minetest is free software and respects the user's computer
freedom.</p>
</li>
@@ -660,8 +695,8 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
- users to create an account on their network</a> to be able to
install</em></ins></span>
- and <span class="removed"><del><strong>wrong. This section describes
examples</strong></del></span> <span class="inserted"><ins><em>use the Windows
operating system, which is malware. The account can
+ users to create an account on their network</a></em></ins></span> to
<span class="inserted"><ins><em>be able to install
+ and use</em></ins></span> the <span
class="removed"><del><strong>sysadmins</strong></del></span> <span
class="inserted"><ins><em>Windows operating system, which is malware. The
account can
be used for surveillance and/or violating people's rights in many ways,
such as turning their purchased software to a subscription
product.</p>
</li>
@@ -669,12 +704,7 @@
<li id="M201908210">
<!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft recorded users</em></ins></span> of <span
class="removed"><del><strong>Microsoft committing
-interference.</p>
-
-<ul>
-
-<li>In</strong></del></span> <span class="inserted"><ins><em>Xboxes and
had <a
+ <p>Microsoft recorded users of Xboxes and had <a
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
human workers listen to the recordings</a>.</p>
@@ -697,41 +727,23 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
- people to give their phone number</a> in</em></ins></span> order to
<span class="removed"><del><strong>increase Windows 10's install
base,</strong></del></span> <span class="inserted"><ins><em>be able to create
an account on
+ people to give their phone number</a> in order to be able to create
an account on
the company's network. On top of mistreating their users by providing
- nonfree software,</em></ins></span> Microsoft
-<span class="removed"><del><strong><a
-href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
-blatantly disregards user choice</strong></del></span> <span
class="inserted"><ins><em>is tracking their lives outside the
computer</em></ins></span> and <span
class="removed"><del><strong>privacy</a>.</strong></del></span>
- <span class="inserted"><ins><em>violates their
privacy.</p></em></ins></span>
+ nonfree software, Microsoft is tracking their lives outside the computer
and
+ violates their privacy.</p>
</li>
-<span class="removed"><del><strong><li><p>Microsoft has
-started <a
href="https://www.theguardian.com/technology/2016/jul/04/microsoft-windows-10-full-screen-upgrade-notification-pop-up-reminder">nagging</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201710134">
+ <li id="M201710134">
<!--#set var="DATE" value='<small
class="date-tag">2017-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Windows 10 telemetry program sends information to Microsoft about
- the user's computer and their use of the computer.</p>
+ <p>Windows 10 telemetry program sends information to
Microsoft</em></ins></span> about <span class="removed"><del><strong>not
“upgrading”</strong></del></span>
+ <span class="inserted"><ins><em>the user's computer and their use of the
computer.</p>
- <p>Furthermore, for</em></ins></span> users <span
class="removed"><del><strong>obnoxiously and repeatedly to install Windows
10</a>.</p></li>
-
- <li><p>Microsoft
- <a
href="http://news.softpedia.com/news/windows-10-upgrade-reportedly-starting-automatically-on-windows-7-pcs-501651.shtml">is
- tricking
- users</a> <a
-href="https://web.archive.org/web/20160522062607/http://www.theregister.co.uk/2016/03/17/microsoft_windows_10_upgrade_gwx_vs_humanity/">
-into replacing Windows 7 with</strong></del></span> <span
class="inserted"><ins><em>who installed the
- fourth stable build of</em></ins></span> Windows <span
class="removed"><del><strong>10</a>.</p></li>
-
- <li><p>Microsoft has made companies'</strong></del></span> <span
class="inserted"><ins><em>10, called the
- “Creators Update,”</em></ins></span> Windows <span
class="removed"><del><strong>machines managed by</strong></del></span> <span
class="inserted"><ins><em>maximized</em></ins></span> the
-<span class="removed"><del><strong>company's
-sysadmins</strong></del></span> <span
class="inserted"><ins><em>surveillance</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.infoworld.com/article/3042397/microsoft-windows/admins-beware-domain-attached-pcs-are-sprouting-get-windows-10-ads.html">harangue
-users to complain to</strong></del></span>
- <span
class="inserted"><ins><em>href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
- by force setting</em></ins></span> the <span
class="removed"><del><strong>sysadmins about not
“upgrading”</strong></del></span> <span
class="inserted"><ins><em>telemetry mode</em></ins></span> to <span
class="inserted"><ins><em>“Full”</a>.</p>
+ <p>Furthermore, for users who installed the
+ fourth stable build of Windows 10, called the
+ “Creators Update,” Windows maximized the surveillance <a
+
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
+ by force setting the telemetry mode</em></ins></span> to <span
class="inserted"><ins><em>“Full”</a>.</p>
<p>The <a
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
@@ -841,8 +853,9 @@
connecting the machines to open hotspots and showing targeted
ads.</p>
<p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does <span
class="removed"><del><strong>not explicit say so. Will it
- look at users' files for the Chinese government on
demand?</p></li>
+ on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
+ say so. Will it look at users' files for the Chinese government
+ on <span class="removed"><del><strong>demand?</p></li>
<li><p>
<a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
@@ -862,8 +875,7 @@
<li><p>
<a
href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
- Microsoft SkyDrive allows the NSA to directly examine</strong></del></span>
<span class="inserted"><ins><em>not explicitly
- say so. Will it look at</em></ins></span> users' <span
class="removed"><del><strong>data.</a></p>
+ Microsoft SkyDrive allows the NSA to directly examine users'
data.</a></p>
</li>
<li><p>Spyware in Skype:
@@ -871,8 +883,7 @@
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
Microsoft changed Skype
<a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically</strong></del></span> <span
class="inserted"><ins><em>files</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>the Chinese government
- on demand?</p></em></ins></span>
+ specifically for spying</a>.</p></strong></del></span> <span
class="inserted"><ins><em>demand?</p></em></ins></span>
</li>
<span class="removed"><del><strong><li><p>
@@ -883,17 +894,21 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft</em></ins></span> uses Windows 10's “privacy
policy”
to overtly impose a “right” to look at
- users' files at any time. Windows 10 full disk encryption <a <span
class="removed"><del><strong>href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/"></em></ins></span>
+ users' <span class="removed"><del><strong>files at any time. Windows 10
full disk
+ encryption <a
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
gives Microsoft a key</a>.</p>
- <p>Thus, Windows is overt malware in regard to surveillance, as in
- other issues.</p>
+ <p>Thus, Windows is overt malware in regard to surveillance,
+ as in other issues.</p>
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ <p>We can suppose Microsoft look at users' files for the US government
on
+ demand, though the “privacy policy” does not explicit say so.
Will it
+ look at users' files for the Chinese government on
demand?</p></strong></del></span> <span class="inserted"><ins><em>files
at any time. Windows 10 full disk encryption <a
+
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
+ gives Microsoft a key</a>.</p>
+
+ <p>Thus, Windows is overt malware in regard to surveillance, as in
+ other issues.</p></em></ins></span>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
@@ -1106,7 +1121,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 11:02:34 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/proprietary-surveillance.de-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.de-diff.html,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -b -r1.166 -r1.167
--- proprietary/po/proprietary-surveillance.de-diff.html 6 Feb 2021
14:33:05 -0000 1.166
+++ proprietary/po/proprietary-surveillance.de-diff.html 6 Feb 2021
16:03:04 -0000 1.167
@@ -457,13 +457,15 @@
<p>Thus, Windows is overt malware in regard to surveillance, as in
other issues.</p>
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ <span class="removed"><del><strong><p>We can suppose Microsoft look at
users' files</strong></del></span>
- <p>The unique “advertising ID” for each user enables
- other companies to track the browsing of each specific user.</p>
+ <span class="inserted"><ins><em><p>The unique “advertising
ID”</em></ins></span> for <span class="removed"><del><strong>the US
government on
+ demand, though the “privacy policy” does not explicit say so.
Will it
+ look at users' files for the Chinese government on demand?</p>
+
+ <p>The unique “advertising ID” for each user enables other
companies to
+ track</strong></del></span> <span class="inserted"><ins><em>each user enables
+ other companies to track</em></ins></span> the browsing of each specific
user.</p>
<p>It's as if Microsoft has deliberately chosen to make Windows 10
maximally evil on every dimension; to make a grab for total power
@@ -644,23 +646,11 @@
snoopers</a>.</p>
<p>Google did not intend to make these apps spy;</strong></del></span>
<span class="inserted"><ins><em>spyware via
- BIOS</a></em></ins></span> on <span
class="inserted"><ins><em>Windows installs. Note that</em></ins></span> the
<span class="removed"><del><strong>contrary, it
- worked</strong></del></span> <span class="inserted"><ins><em>specific
+ BIOS</a></em></ins></span> on <span
class="removed"><del><strong>the</strong></del></span> <span
class="inserted"><ins><em>Windows installs. Note that the specific
sabotage method Lenovo used did not affect GNU/Linux; also, a
“clean” Windows install is not really clean since <a
- href="/proprietary/malware-microsoft.html">Microsoft
puts</em></ins></span> in <span class="removed"><del><strong>various ways to
prevent that, and deleted these apps
- after discovering what they did. So we cannot blame Google
- specifically for the snooping of these apps.</p>
-
- <p>On the other hand, Google redistributes nonfree Android apps, and
- therefore shares in the responsibility for the injustice of their
- being nonfree. It also distributes</strong></del></span> its
- own <span class="removed"><del><strong>nonfree apps, such as
- Google
- Play, <a
href="/philosophy/free-software-even-more-important.html">which
- are malicious</a>.</p>
-
- <p>Could Google have done a better job</strong></del></span> <span
class="inserted"><ins><em>malware</a>.</p>
+ href="/proprietary/malware-microsoft.html">Microsoft puts in its
+ own malware</a>.</p>
</li>
</ul>
@@ -681,16 +671,10 @@
<li id="M202101080">
<!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>As</em></ins></span> of <span
class="removed"><del><strong>preventing apps from
- cheating? There</strong></del></span> <span
class="inserted"><ins><em>2021, WhatsApp (one of Facebook's
subsidiaries)</em></ins></span> is <span class="removed"><del><strong>no
systematic way for Google, or Android
- users,</strong></del></span> <span class="inserted"><ins><em><a
+ <p>As of 2021, WhatsApp (one of Facebook's subsidiaries) is <a
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
- its users</em></ins></span> to <span class="removed"><del><strong>inspect
executable proprietary apps</strong></del></span> <span
class="inserted"><ins><em>hand over sensitive personal
data</a></em></ins></span> to <span class="removed"><del><strong>see what
they
- do.</p>
-
- <p>Google could demand the source code for these
apps,</strong></del></span> <span class="inserted"><ins><em>its parent
- company. This increases Facebook's power over users,</em></ins></span> and
<span class="removed"><del><strong>study the
- source code somehow to determine whether they
mistreat</strong></del></span> <span class="inserted"><ins><em>further
+ its users to hand over sensitive personal data</a> to its parent
+ company. This increases Facebook's power over users, and further
jeopardizes people's privacy and security.</p>
<p>Instead of WhatsApp you can use <a
@@ -704,48 +688,35 @@
<p>Most apps are malware, but
Trump's campaign app, like Modi's campaign app, is <a
href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
- especially nasty malware, helping companies snoop on</em></ins></span>
users <span class="removed"><del><strong>in
- various ways. If it did</strong></del></span> <span
class="inserted"><ins><em>as well
+ especially nasty malware, helping companies snoop on users as well
as snooping on them itself</a>.</p>
- <p>The article says that Biden's app has</em></ins></span> a <span
class="removed"><del><strong>good job of this, it could more
or</strong></del></span> less
- <span class="removed"><del><strong>prevent</strong></del></span> <span
class="inserted"><ins><em>manipulative overall
+ <p>The article says that Biden's app has a less manipulative overall
approach, but that does not tell us whether it has functionalities we
- consider malicious,</em></ins></span> such <span
class="removed"><del><strong>snooping, except when the app developers are clever
- enough to outsmart</strong></del></span> <span
class="inserted"><ins><em>as sending data</em></ins></span> the <span
class="removed"><del><strong>checking.</p>
-
- <p>But since Google itself develops malicious apps, we cannot trust
- Google</strong></del></span> <span class="inserted"><ins><em>user has not
explicitly
- asked</em></ins></span> to <span class="removed"><del><strong>protect us.
We must demand release</strong></del></span> <span
class="inserted"><ins><em>send.</p>
+ consider malicious, such as sending data the user has not explicitly
+ asked to send.</p>
</li>
<li id="M201601110">
<!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The natural extension</em></ins></span> of <span
class="removed"><del><strong>source code</strong></del></span> <span
class="inserted"><ins><em>monitoring
+ <p>The natural extension of monitoring
people through “their” phones is <a
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
- proprietary software</em></ins></span> to <span
class="inserted"><ins><em>make sure they can't
“fool”</em></ins></span>
- the
- <span class="removed"><del><strong>public, so we can depend on each
other.</p></strong></del></span> <span
class="inserted"><ins><em>monitoring</a>.</p></em></ins></span>
+ proprietary software to make sure they can't “fool”
+ the monitoring</a>.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>A</strong></del></span>
- <span class="inserted"><ins><em><li id="M201510050">
+ <li id="M201510050">
<!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>According to Edward Snowden,</em></ins></span> <a <span
class="removed"><del><strong>href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
- research paper</a> that investigated</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.bbc.com/news/uk-34444233">agencies
can take over
+ <p>According to Edward Snowden, <a
+ href="http://www.bbc.com/news/uk-34444233">agencies can take over
smartphones</a> by sending hidden text messages which enable
- them to turn</em></ins></span> the <span
class="removed"><del><strong>privacy</strong></del></span> <span
class="inserted"><ins><em>phones on</em></ins></span> and <span
class="removed"><del><strong>security
- of 283 Android VPN apps concluded that “in spite
of</strong></del></span> <span class="inserted"><ins><em>off, listen
to</em></ins></span> the
- <span class="removed"><del><strong>promises for privacy,
security,</strong></del></span> <span class="inserted"><ins><em>microphone,
+ them to turn the phones on and off, listen to the microphone,
retrieve geo-location data from the GPS, take photographs, read
- text messages, read call, location</em></ins></span> and <span
class="removed"><del><strong>anonymity given by</strong></del></span> <span
class="inserted"><ins><em>web browsing history, and
- read</em></ins></span> the
- <span class="removed"><del><strong>majority of VPN apps—millions of
users may be unawarely subject</strong></del></span> <span
class="inserted"><ins><em>contact list. This malware is
designed</em></ins></span> to <span class="removed"><del><strong>poor security
guarantees</strong></del></span> <span class="inserted"><ins><em>disguise itself
+ text messages, read call, location and web browsing history, and
+ read the contact list. This malware is designed to disguise itself
from investigation.</p>
</li>
@@ -755,25 +726,12 @@
<p><a
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones,
- Android,</em></ins></span> and <span class="removed"><del><strong>abusive
practices inflicted by
- VPN apps.”</p>
-
- <p>Following</strong></del></span> <span
class="inserted"><ins><em>BlackBerry</a>. While there</em></ins></span>
is <span class="removed"><del><strong>a non-exhaustive list of proprietary VPN
apps from
- the research paper</strong></del></span> <span
class="inserted"><ins><em>not much
- detail here, it seems</em></ins></span> that <span
class="removed"><del><strong>tracks and infringes</strong></del></span> <span
class="inserted"><ins><em>this does not operate via</em></ins></span>
- the <span class="removed"><del><strong>privacy</strong></del></span> <span
class="inserted"><ins><em>universal back door that we know nearly all portable
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
phones have. It may involve exploiting various bugs. There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
- lots</em></ins></span> of
- <span class="removed"><del><strong>users:</p>
-
- <dl>
- <dt>SurfEasy</dt>
- <dd>Includes tracking libraries such as NativeX and Appflood,
- meant to track users and show them targeted ads.</dd>
-
- <dt>sFly Network Booster</dt>
- <dd>Requests</strong></del></span> <span
class="inserted"><ins><em>bugs in</em></ins></span> the <span
class="removed"><del><strong><code>READ_SMS</code></strong></del></span>
<span class="inserted"><ins><em>phones' radio software</a>.</p>
+ lots of bugs in the phones' radio software</a>.</p>
</li>
<li id="M201307000">
@@ -781,14 +739,9 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Portable phones with GPS <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
- will send their GPS location on remote command,</em></ins></span> and
<span class="removed"><del><strong><code>SEND_SMS</code>
- permissions upon installation, meaning</strong></del></span> <span
class="inserted"><ins><em>users cannot stop
- them</a>. (The US says</em></ins></span> it <span
class="removed"><del><strong>has full access</strong></del></span> <span
class="inserted"><ins><em>will eventually require all new portable
phones</em></ins></span>
- to
- <span class="removed"><del><strong>users' text messages.</dd>
-
- <dt>DroidVPN and TigerVPN</dt>
- <dd>Requests</strong></del></span> <span
class="inserted"><ins><em>have GPS.)</p>
+ will send their GPS location on remote command, and users cannot stop
+ them</a>. (The US says it will eventually require all new portable
phones
+ to have GPS.)</p>
</li>
</ul>
@@ -804,7 +757,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook <a
href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
- on Instagram</a> users by surreptitously turning
on</em></ins></span> the <span
class="removed"><del><strong><code>READ_LOGS</code>
permission</strong></del></span> <span class="inserted"><ins><em>device's
+ on Instagram</a> users by surreptitously turning on the device's
camera.</p>
</li>
@@ -812,31 +765,19 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple whistleblower Thomas Le Bonniec reports that Apple
- made a practice of surreptitiously activating the Siri
software</em></ins></span> to <span class="removed"><del><strong>read logs
- for other apps and also core system logs. TigerVPN developers
- have confirmed this.</dd>
-
- <dt>HideMyAss</dt>
- <dd>Sends traffic to LinkedIn. Also,</strong></del></span> <span
class="inserted"><ins><em><a
+ made a practice of surreptitiously activating the Siri software to <a
href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
record users' conversations when they had not activated Siri</a>.
- This was not just occasional,</em></ins></span> it <span
class="removed"><del><strong>stores detailed logs
- and may turn them over</strong></del></span> <span
class="inserted"><ins><em>was systematic practice.</p>
+ This was not just occasional, it was systematic practice.</p>
- <p>His job was</em></ins></span> to <span
class="inserted"><ins><em>listen to these recordings, in a group that made
+ <p>His job was to listen to these recordings, in a group that made
transcripts of them. He does not believes that Apple has ceased this
practice.</p>
- <p>The only reliable way to prevent this is, for</em></ins></span>
the <span class="removed"><del><strong>UK government if
- requested.</dd>
-
- <dt>VPN Services HotspotShield</dt>
- <dd>Injects JavaScript code into the HTML pages
returned</strong></del></span> <span class="inserted"><ins><em>program that
- controls access</em></ins></span> to the
- <span class="removed"><del><strong>users. The stated purpose
of</strong></del></span> <span class="inserted"><ins><em>microphone to decide
when</em></ins></span> the <span class="removed"><del><strong>JS injection
is</strong></del></span> <span class="inserted"><ins><em>user has
- “activated” any service,</em></ins></span> to <span
class="removed"><del><strong>display
- ads. Uses roughly 5 tracking libraries. Also,</strong></del></span>
<span class="inserted"><ins><em>be free software, and the
- operating system under</em></ins></span> it <span
class="removed"><del><strong>redirects</strong></del></span> <span
class="inserted"><ins><em>free as well. This way, users could make
+ <p>The only reliable way to prevent this is, for the program that
+ controls access to the microphone to decide when the user has
+ “activated” any service, to be free software, and the
+ operating system under it free as well. This way, users could make
sure Apple can't listen to them.</p>
</li>
@@ -845,181 +786,107 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Safari occasionally <a
href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
- sends browsing data from Apple devices in China to</em></ins></span> the
- <span class="removed"><del><strong>user's traffic through valueclick.com
(an advertising
- website).</dd>
-
- <dt>WiFi Protector VPN</dt>
- <dd>Injects JavaScript code into HTML pages, and also uses
- roughly 5 tracking libraries. Developers of this app have
- confirmed</strong></del></span> <span class="inserted"><ins><em>Tencent
Safe
- Browsing service</a>, to check URLs</em></ins></span> that <span
class="inserted"><ins><em>possibly correspond to
+ sends browsing data from Apple devices in China to the Tencent Safe
+ Browsing service</a>, to check URLs that possibly correspond to
“fraudulent” websites. Since Tencent collaborates
- with</em></ins></span> the <span class="removed"><del><strong>non-premium
version</strong></del></span> <span class="inserted"><ins><em>Chinese
government, its Safe Browsing black list most certainly
- contains the websites</em></ins></span> of <span
class="inserted"><ins><em>political opponents. By linking</em></ins></span> the
<span class="removed"><del><strong>app does
- JavaScript injection for tracking</strong></del></span> <span
class="inserted"><ins><em>requests
+ with the Chinese government, its Safe Browsing black list most certainly
+ contains the websites of political opponents. By linking the requests
originating from single IP addresses, the government can identify
- dissenters in China</em></ins></span> and <span
class="removed"><del><strong>display ads.</dd>
- </dl></strong></del></span> <span class="inserted"><ins><em>Hong Kong,
thus endangering their lives.</p></em></ins></span>
+ dissenters in China and Hong Kong, thus endangering their lives.</p>
</li>
-<span class="removed"><del><strong><li>
- <p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90%</strong></del></span>
- <span class="inserted"><ins><em><li id="M201905280">
+ <li id="M201905280">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>In spite</em></ins></span> of <span
class="removed"><del><strong>the top-ranked gratis
- proprietary Android</strong></del></span> <span
class="inserted"><ins><em>Apple's supposed commitment to
- privacy, iPhone</em></ins></span> apps <span
class="removed"><del><strong>contained recognizable tracking libraries. For
- the paid proprietary apps, it was only 60%.</p></strong></del></span>
<span class="inserted"><ins><em>contain trackers that are busy at night <a
+ <p>In spite of Apple's supposed commitment to
+ privacy, iPhone apps contain trackers that are busy at night <a
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
- sending users' personal information to third
parties</a>.</p></em></ins></span>
+ sending users' personal information to third parties</a>.</p>
- <p>The article <span class="removed"><del><strong>confusingly
describes gratis</strong></del></span> <span class="inserted"><ins><em>mentions
specific examples: Microsoft OneDrive,
+ <p>The article mentions specific examples: Microsoft OneDrive,
Intuitâs Mint, Nike, Spotify, The Washington Post, The Weather
Channel (owned by IBM), the crime-alert service Citizen, Yelp
- and DoorDash. But it is likely that most nonfree</em></ins></span> apps
<span class="inserted"><ins><em>contain
- trackers. Some of these send personally identifying data
such</em></ins></span> as <span class="removed"><del><strong>“free”,
- but most</strong></del></span> <span class="inserted"><ins><em>phone
+ and DoorDash. But it is likely that most nonfree apps contain
+ trackers. Some of these send personally identifying data such as phone
fingerprint, exact location, email address, phone number or even
- delivery address (in the case</em></ins></span> of <span
class="removed"><del><strong>them are not in fact
- <a href="/philosophy/free-sw.html">free software</a>.
- It also uses</strong></del></span> <span
class="inserted"><ins><em>DoorDash). Once this information
- is collected by</em></ins></span> the <span
class="removed"><del><strong>ugly word “monetize”. A good
replacement
- for that word</strong></del></span> <span class="inserted"><ins><em>company,
there</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always
that</strong></del></span> <span class="inserted"><ins><em>no telling what
it</em></ins></span> will <span class="removed"><del><strong>fit
- perfectly.</p></strong></del></span> <span class="inserted"><ins><em>be
- used for.</p></em></ins></span>
+ delivery address (in the case of DoorDash). Once this information
+ is collected by the company, there is no telling what it will be
+ used for.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>Apps for BART</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201711250">
+ <li id="M201711250">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The DMCA and the EU Copyright Directive make it</em></ins></span>
<a <span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop</strong></del></span>
- <span
class="inserted"><ins><em>href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
- illegal to study how iOS cr…apps spy</em></ins></span> on <span
class="removed"><del><strong>users</a>.</p>
- <p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
- <p>With proprietary apps, one can only hope that they
don't.</p></strong></del></span> <span
class="inserted"><ins><em>users</a>, because
- this would require circumventing the iOS DRM.</p></em></ins></span>
+ <p>The DMCA and the EU Copyright Directive make it <a
+ href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
+ illegal to study how iOS cr…apps spy on users</a>, because
+ this would require circumventing the iOS DRM.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>A study found 234 Android apps that track users
by</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201709210">
+ <li id="M201709210">
<!--#set var="DATE" value='<small
class="date-tag">2017-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In the latest iThings system,
- “turning off” WiFi and Bluetooth the obvious
way</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
+ “turning off” WiFi and Bluetooth the obvious way <a
+
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
doesn't really turn them off</a>. A more advanced way really does
turn
them off—only until 5am. That's Apple for you—“We
- know you want</em></ins></span> to <span
class="removed"><del><strong>ultrasound from beacons placed in stores or played
by TV programs</a>.
- </p></strong></del></span> <span class="inserted"><ins><em>be
spied on”.</p></em></ins></span>
+ know you want to be spied on”.</p>
</li>
-<span class="removed"><del><strong><li>
- <p>Pairs of Android apps can collude</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201702150">
+ <li id="M201702150">
<!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple proposes <a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
- fingerprint-scanning touch screen</a>—which would mean no
way</em></ins></span>
- to <span class="removed"><del><strong>transmit users' personal
- data</strong></del></span> <span class="inserted"><ins><em>use it
without having your fingerprints taken. Users would have
- no way</em></ins></span> to <span
class="removed"><del><strong>servers.</strong></del></span> <span
class="inserted"><ins><em>tell whether the phone is snooping on them.</p>
+ fingerprint-scanning touch screen</a>—which would mean no way
+ to use it without having your fingerprints taken. Users would have
+ no way to tell whether the phone is snooping on them.</p>
</li>
<li id="M201611170">
<!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iPhones</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
- tens of thousands</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
- lots</em></ins></span> of <span class="removed"><del><strong>pairs that
collude</a>.</p></strong></del></span> <span
class="inserted"><ins><em>personal data to Apple's servers</a>. Big
Brother can get
- them from there.</p></em></ins></span>
+ <p>iPhones <a
+
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
+ lots of personal data to Apple's servers</a>. Big Brother can get
+ them from there.</p>
</li>
-<span class="removed"><del><strong><li>
-<p>Google Play intentionally sends</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201609280">
+ <li id="M201609280">
<!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The iMessage</em></ins></span> app <span
class="removed"><del><strong>developers</strong></del></span> <span
class="inserted"><ins><em>on iThings</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
-the personal details of users</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number</em></ins></span> that <span
class="removed"><del><strong>install</strong></del></span> the <span
class="removed"><del><strong>app</a>.</p>
-
-<p>Merely asking</strong></del></span> <span
class="inserted"><ins><em>user types into it</a>;</em></ins></span> the
<span class="removed"><del><strong>“consent” of users is not
enough</strong></del></span>
- <span class="inserted"><ins><em>server records these numbers for at least
30 days.</p>
+ <p>The iMessage app on iThings <a
+
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that the user types into it</a>; the
+ server records these numbers for at least 30 days.</p>
</li>
<li id="M201509240">
<!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iThings automatically upload</em></ins></span> to <span
class="removed"><del><strong>legitimize actions like this. At this point, most
users have
-stopped reading</strong></del></span> <span class="inserted"><ins><em>Apple's
servers all</em></ins></span> the <span
class="removed"><del><strong>“Terms</strong></del></span> <span
class="inserted"><ins><em>photos</em></ins></span>
- and <span class="removed"><del><strong>Conditions” that spell out
-what</strong></del></span> <span
class="inserted"><ins><em>videos</em></ins></span> they <span
class="removed"><del><strong>are “consenting” to. Google should
clearly
-and honestly identify the information it collects on users, instead
-of hiding it in an obscurely worded EULA.</p>
-
-<p>However, to truly protect people's privacy, we must prevent
Google</strong></del></span> <span class="inserted"><ins><em>make.</p>
-
- <blockquote><p> iCloud Photo Library stores every
photo</em></ins></span> and <span class="removed"><del><strong>other companies
from getting this personal information in the first
-place!</p>
-</li>
-
- <li>
- <p>Google Play (a component of Android) <a
-
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
- tracks the users' movements without their permission</a>.</p>
+ <p>iThings automatically upload to Apple's servers all the photos
+ and videos they make.</p>
- <p>Even if</strong></del></span> <span
class="inserted"><ins><em>video</em></ins></span> you <span
class="removed"><del><strong>disable Google Maps</strong></del></span>
- <span class="inserted"><ins><em>take,</em></ins></span> and <span
class="removed"><del><strong>location tracking, you must
- disable Google Play itself</strong></del></span> <span
class="inserted"><ins><em>keeps them up</em></ins></span> to <span
class="removed"><del><strong>completely stop the tracking.
This</strong></del></span> <span class="inserted"><ins><em>date on all your
devices. Any edits you
+ <blockquote><p> iCloud Photo Library stores every photo and
video you
+ take, and keeps them up to date on all your devices. Any edits you
make are automatically updated everywhere. […]
</p></blockquote>
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a> as accessed on 24 Sep 2015.) The iCloud
feature</em></ins></span> is
- <span class="removed"><del><strong>yet another
example</strong></del></span>
- <span class="inserted"><ins><em><a
href="https://support.apple.com/en-us/HT202033">activated by the
- startup</em></ins></span> of <span class="removed"><del><strong>nonfree
software pretending</strong></del></span> <span
class="inserted"><ins><em>iOS</a>. The term “cloud” means
“please
+ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means “please
don't ask where.”</p>
- <p>There is a way</em></ins></span> to <span
class="removed"><del><strong>obey the user,
- when</strong></del></span>
- <span class="inserted"><ins><em><a
href="https://support.apple.com/en-us/HT201104"> deactivate
- iCloud</a>, but</em></ins></span> it's <span
class="removed"><del><strong>actually doing something else.
Such</strong></del></span> <span class="inserted"><ins><em>active by default so
it still counts as</em></ins></span> a <span class="removed"><del><strong>thing
would be almost
- unthinkable with free software.</p>
-
- </li>
-
- <li><p>More than 73%</strong></del></span>
- <span class="inserted"><ins><em>surveillance functionality.</p>
-
- <p>Unknown people apparently took advantage</em></ins></span> of
<span class="removed"><del><strong>the most popular Android
apps</strong></del></span> <span class="inserted"><ins><em>this
to</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
- behavioral and location information</a></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos</em></ins></span> of <span class="removed"><del><strong>their
users with third parties.</p>
- </li>
-
- <li><p>“Cryptic communication,”
unrelated</strong></del></span> <span class="inserted"><ins><em>many
celebrities</a>. They needed</em></ins></span> to <span
class="removed"><del><strong>the app's functionality,
- was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found in the 500 most popular gratis Android apps</a>.</p>
-
- <p>The article should not have described these apps as
- “free”—they are not free software. The clear
way</strong></del></span> <span class="inserted"><ins><em>break Apple's
- security</em></ins></span> to <span class="removed"><del><strong>say
- “zero price” is “gratis.”</p>
-
- <p>The article takes</strong></del></span> <span
class="inserted"><ins><em>get at them, but NSA can access any of them through
<a
+ <p>There is a way to
+ <a href="https://support.apple.com/en-us/HT201104"> deactivate
+ iCloud</a>, but it's active by default so it still counts as a
+ surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage of this to <a
+
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security to get at them, but NSA can access any of them through <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
@@ -1028,139 +895,72 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones</em></ins></span> for <span
class="removed"><del><strong>granted that</strong></del></span> the <span
class="removed"><del><strong>usual analytics tools are
- legitimate, but is that valid? Software developers</strong></del></span>
<span class="inserted"><ins><em>state</a>.</p>
+ remotely extract some data from iPhones for the state</a>.</p>
- <p>This may</em></ins></span> have <span
class="removed"><del><strong>no right to
- analyze what users are doing or how. “Analytics” tools that
snoop are
- just</strong></del></span> <span class="inserted"><ins><em>improved with
<a
+ <p>This may have improved with <a
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
- not</em></ins></span> as <span
class="removed"><del><strong>wrong</strong></del></span> <span
class="inserted"><ins><em>much</em></ins></span> as <span
class="removed"><del><strong>any other
snooping.</p></strong></del></span> <span class="inserted"><ins><em>Apple
claims</a>.</p></em></ins></span>
+ not as much as Apple claims</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Gratis Android apps
(but not <a href="/philosophy/free-sw.html">free software</a>)
- connect</strong></del></span>
- <span class="inserted"><ins><em><li id="M201407230">
+ <li id="M201407230">
<!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features” of iOS seem</em></ins></span> to <span
class="removed"><del><strong>100
- <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs,
- on the average.</p>
- </li>
- <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>exist
- for no possible purpose other than surveillance</a>.
Here</em></ins></span> is <span class="removed"><del><strong>present in some
Android devices when they are sold.
- Some Motorola phones modify Android to</strong></del></span> <span
class="inserted"><ins><em>the</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send personal data to Motorola</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p></em></ins></span>
+ Several “features” of iOS seem to exist
+ for no possible purpose other than surveillance</a>. Here is the
<a
+
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Some manufacturers add
a</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201401100">
+ <li id="M201401100">
<!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The</em></ins></span> <a <span
class="removed"><del><strong>href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier
IQ.</a></p></strong></del></span> <span
class="inserted"><ins><em>class="not-a-duplicate"
+ <p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
iBeacon</a> lets stores determine exactly where the iThing is, and
- get other info too.</p></em></ins></span>
+ get other info too.</p>
</li>
- <span class="removed"><del><strong><li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access to any
file</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201312300">
+ <li id="M201312300">
<!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA snoop</em></ins></span> on <span
class="inserted"><ins><em>all</em></ins></span> the <span
class="removed"><del><strong>system.</p></strong></del></span> <span
class="inserted"><ins><em>data in an iThing, or it
- is totally incompetent</a>.</p></em></ins></span>
+ Either Apple helps the NSA snoop on all the data in an iThing, or it
+ is totally incompetent</a>.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-
-
-<!-- #SpywareOnMobiles</strong></del></span>
- <span class="inserted"><ins><em><li id="M201308080">
+ <li id="M201308080">
<!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-
-<div class="big-subsection">
- <h4 id="SpywareIniThings">Spyware in iThings</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
-</div>
-
-<ul>
- <li><p>The DMCA and the EU Copyright Directive make it <a
-href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
- illegal to study how iOS cr...apps spy on users</a>, because this
- would require circumventing the iOS DRM.</p>
- </li>
-
- <li><p>In the latest iThings system, “turning off”
WiFi and Bluetooth the
- obvious way</strong></del></span>
- <span class="inserted"><ins><em><p>The iThing also</em></ins></span>
<a
- <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
- doesn't really turn them off</a>.
- A more advanced way really does turn them off—only until 5am.
- That's</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells</em></ins></span> Apple <span class="removed"><del><strong>for
you—“We know you want to</strong></del></span> <span
class="inserted"><ins><em>its geolocation</a> by default, though that
can</em></ins></span> be <span class="removed"><del><strong>spied
on”.</p></strong></del></span>
- <span class="inserted"><ins><em>turned off.</p></em></ins></span>
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The iThing also <a
+
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
</li>
- <span class="removed"><del><strong><li><p>Apple proposes
- <a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
- — which would mean no way to use it without having your
fingerprints
- taken. Users would have no way to tell whether the
phone</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201210170">
+ <li id="M201210170">
<!--#set var="DATE" value='<small
class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>There</em></ins></span> is <span
class="removed"><del><strong>snooping on
- them.</p></li>
-
- <li><p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
- lots of personal data to Apple's servers</a>. Big Brother can
- get them from there.</p>
- </li>
-
- <li><p>The iMessage app on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells</strong></del></span>
<span class="inserted"><ins><em>also</em></ins></span> a <span
class="removed"><del><strong>server every phone number that the user types into
it</a>; the server records these numbers</strong></del></span> <span
class="inserted"><ins><em>feature</em></ins></span> for <span
class="removed"><del><strong>at least 30
- days.</p></strong></del></span> <span
class="inserted"><ins><em>web sites to track users, which is <a
+ <p>There is also a feature for web sites to track users, which is
<a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
enabled by default</a>. (That article talks about iOS 6, but it is
- still true in iOS 7.)</p></em></ins></span>
+ still true in iOS 7.)</p>
</li>
- <span
class="removed"><del><strong><li><p>Users</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201204280">
+ <li id="M201204280">
<!--#set var="DATE" value='<small
class="date-tag">2012-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Users</em></ins></span> cannot make an Apple ID <span
class="removed"><del><strong><a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
<span class="inserted"><ins><em>(<a
-
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary</em></ins></span>
- to install even gratis <span
class="removed"><del><strong>apps)</a></strong></del></span> <span
class="inserted"><ins><em>apps</a>)</em></ins></span> without giving a
valid
- email address and receiving the <span
class="inserted"><ins><em>verification</em></ins></span> code Apple sends
+ <p>Users cannot make an Apple ID (<a
+
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
+ to install even gratis apps</a>) without giving a valid
+ email address and receiving the verification code Apple sends
to it.</p>
</li>
-
- <span class="removed"><del><strong><li><p>Around 47% of the most
popular iOS</strong></del></span>
-<span class="inserted"><ins><em></ul>
+</ul>
<div class="big-subsection">
@@ -1172,76 +972,48 @@
<li id="M202012070">
<!--#set var="DATE" value='<small
class="date-tag">2020-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Baidu</em></ins></span> apps <span
class="inserted"><ins><em>were</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
- href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral and location information</a></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
+ <p>Baidu apps were <a
+
href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
caught collecting sensitive personal data</a> that can be used for
- lifetime tracking</em></ins></span> of <span
class="removed"><del><strong>their users with third parties.</p>
- </li>
-
- <li><p>iThings automatically upload to Apple's servers all the
photos and
- videos they make.</p>
-
- <blockquote><p>
- iCloud Photo Library stores every photo and video you
take,</strong></del></span> <span
class="inserted"><ins><em>users,</em></ins></span> and <span
class="removed"><del><strong>keeps</strong></del></span> <span
class="inserted"><ins><em>putting</em></ins></span> them <span
class="removed"><del><strong>up to date on all your devices.
- Any edits you make</strong></del></span> <span
class="inserted"><ins><em>in danger. More than 1.4
- billion people worldwide</em></ins></span> are <span
class="removed"><del><strong>automatically updated everywhere. [...]
- </p></blockquote>
-
- <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a> as accessed on 24 Sep 2015.) The iCloud
feature</strong></del></span> <span class="inserted"><ins><em>affected by these
proprietary apps, and
- users' privacy</em></ins></span> is
- <span class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT202033">activated</strong></del></span>
<span class="inserted"><ins><em>jeopardized by this surveillance tool. Data
collected</em></ins></span>
- by <span class="inserted"><ins><em>Baidu may be handed over
to</em></ins></span> the
- <span class="removed"><del><strong>startup of iOS</a>. The term
“cloud” means
- “please don't ask where.”</p>
-
- <p>There</strong></del></span> <span
class="inserted"><ins><em>Chinese government, possibly
+ lifetime tracking of users, and putting them in danger. More than 1.4
+ billion people worldwide are affected by these proprietary apps, and
+ users' privacy is jeopardized by this surveillance tool. Data collected
+ by Baidu may be handed over to the Chinese government, possibly
putting Chinese people in danger.</p>
</li>
<li id="M202010120">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Samsung</em></ins></span> is <span class="removed"><del><strong>a
way to</strong></del></span> <span class="inserted"><ins><em>forcing its
smartphone users in Hong Kong (and Macau)</em></ins></span> <a <span
class="removed"><del><strong>href="https://support.apple.com/en-us/HT201104">
- deactivate iCloud</a>, but it's active by default so it still
counts as</strong></del></span>
- <span
class="inserted"><ins><em>href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
- use</em></ins></span> a
- <span class="removed"><del><strong>surveillance functionality.</p>
-
- <p>Unknown people apparently took advantage of this
to</strong></del></span> <span class="inserted"><ins><em>public DNS in Mainland
China</a>, using software update released
+ <p>Samsung is forcing its smartphone users in Hong Kong (and Macau)
<a
+
href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
+ use a public DNS in Mainland China</a>, using software update
released
in September 2020, which causes many unease and privacy concerns.</p>
</li>
<li id="M202004300">
<!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Xiaomi phones</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos of</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report</em></ins></span>
- many <span class="removed"><del><strong>celebrities</a>. They
needed</strong></del></span> <span class="inserted"><ins><em>actions the user
takes</a>: starting an app, looking at a folder,
- visiting a website, listening</em></ins></span> to <span
class="removed"><del><strong>break Apple's
- security</strong></del></span> <span class="inserted"><ins><em>a song.
They send device identifying
+ <p>Xiaomi phones <a
+
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
+ many actions the user takes</a>: starting an app, looking at a
folder,
+ visiting a website, listening to a song. They send device identifying
information too.</p>
<p>Other nonfree programs snoop too. For instance, Spotify and
other streaming dis-services make a dossier about each user, and <a
href="/malware/proprietary-surveillance.html#M201508210"> they make
- users identify themselves</em></ins></span> to <span
class="removed"><del><strong>get at them,</strong></del></span> <span
class="inserted"><ins><em>pay</a>. Out, out, damned Spotify!</p>
+ users identify themselves to pay</a>. Out, out, damned
Spotify!</p>
- <p>Forbes exonerates the same wrongs when the culprits are not
Chinese,</em></ins></span>
- but <span class="removed"><del><strong>NSA can access any of them
through</strong></del></span> <span class="inserted"><ins><em>we condemn this
no matter who does it.</p>
+ <p>Forbes exonerates the same wrongs when the culprits are not
Chinese,
+ but we condemn this no matter who does it.</p>
</li>
<li id="M201812060">
<!--#set var="DATE" value='<small
class="date-tag">2018-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Facebook's app got “consent” to</em></ins></span>
<a <span
class="removed"><del><strong>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
- </p></li>
-
- <li><p>Spyware</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
+ <p>Facebook's app got “consent” to <a
+
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
upload call logs automatically from Android phones</a> while
disguising
what the “consent” was for.</p>
</li>
@@ -1249,102 +1021,40 @@
<li id="M201811230">
<!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>An Android phone was observed to track location even
while</em></ins></span>
- in <span class="removed"><del><strong>iThings:</strong></del></span> <span
class="inserted"><ins><em>airplane mode. It didn't send</em></ins></span> the
<span class="inserted"><ins><em>location data while in
- airplane mode. Instead,</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
-
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly
where</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
- it saved up</em></ins></span> the <span
class="removed"><del><strong>iThing is,</strong></del></span> <span
class="inserted"><ins><em>data,</em></ins></span> and <span
class="removed"><del><strong>get other info too.</p>
- </li>
-
- <li><p>There is also a feature for web sites to track users,
which is
- <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6, but it
- is still true in iOS 7.)</p>
- </li>
-
- <li><p>The iThing also
- <a
-href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple its geolocation</a> by default, though that can be
- turned off.</p>
- </li>
-
- <li><p>Apple can, and regularly does,
- <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones for the
state</a>.</p>
- </li>
-
- <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA snoop on</strong></del></span> <span
class="inserted"><ins><em>sent them</em></ins></span> all <span
class="removed"><del><strong>the data in an iThing,
- or it is totally incompetent.</a></p>
- </li>
-
- <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features” of iOS seem to exist for no
- possible purpose other than surveillance</a>. Here is the
- <a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
-</div>
-
-<ul>
- <li><p>Tracking software in popular Android apps is pervasive and
- sometimes very clever. Some trackers can <a
-href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
- follow a user's movements around a physical store by noticing WiFi
- networks</a>.</p></strong></del></span> <span
class="inserted"><ins><em>later</a>.</p></em></ins></span>
+ <p>An Android phone was observed to track location even while
+ in airplane mode. It didn't send the location data while in
+ airplane mode. Instead, <a
+
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
+ it saved up the data, and sent them all later</a>.</p>
</li>
- <span
class="removed"><del><strong><li><p>Android</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201711210">
+ <li id="M201711210">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Android</em></ins></span> tracks location for Google <a
+ <p>Android tracks location for Google <a
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
even when “location services” are turned off, even when
- the phone has no SIM <span
class="removed"><del><strong>card</a>.</p></li>
-
- <li><p>Some</strong></del></span> <span
class="inserted"><ins><em>card</a>.</p>
+ the phone has no SIM card</a>.</p>
</li>
<li id="M201611150">
<!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some</em></ins></span> portable phones <a
+ <p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
- sold with spyware sending lots of data to <span
class="removed"><del><strong>China</a>.</p></li>
-
- <li><p>According to Edward Snowden,</strong></del></span> <span
class="inserted"><ins><em>China</a>.</p>
+ sold with spyware sending lots of data to China</a>.</p>
</li>
<li id="M201609140">
<!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google Play (a component of Android)</em></ins></span> <a
<span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
- by sending hidden text messages which enable them to
turn</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
- tracks</em></ins></span> the <span class="removed"><del><strong>phones
- on</strong></del></span> <span class="inserted"><ins><em>users'
movements without their permission</a>.</p>
-
- <p>Even if you disable Google Maps</em></ins></span> and <span
class="removed"><del><strong>off, listen to the microphone, retrieve
geo-location data from the
- GPS, take photographs, read text messages, read
call,</strong></del></span> location <span class="removed"><del><strong>and web
- browsing history, and read</strong></del></span> <span
class="inserted"><ins><em>tracking, you must
- disable Google Play itself to completely stop</em></ins></span> the <span
class="removed"><del><strong>contact list.</strong></del></span> <span
class="inserted"><ins><em>tracking.</em></ins></span> This <span
class="removed"><del><strong>malware</strong></del></span> is <span
class="removed"><del><strong>designed</strong></del></span>
- <span class="inserted"><ins><em>yet another example of nonfree software
pretending</em></ins></span> to
- <span class="removed"><del><strong>disguise itself from
investigation.</p>
- </li>
+ <p>Google Play (a component of Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
- <li><p>Samsung phones come with
- <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,</strong></del></span> <span
class="inserted"><ins><em>obey the user,
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking. This is
+ yet another example of nonfree software pretending to obey the user,
when it's actually doing something else. Such a thing would be almost
unthinkable with free software.</p>
</li>
@@ -1354,143 +1064,72 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Samsung phones come with <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
- that users can't delete</a>,</em></ins></span> and they send so much
data that their
+ that users can't delete</a>, and they send so much data that their
transmission is a substantial expense for users. Said transmission,
not wanted or requested by the user, clearly must constitute spying
- of some
- <span class="removed"><del><strong>kind.</p></li>
-
- <li><p>A Motorola phone
- <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all</strong></del></span> <span
class="inserted"><ins><em>kind.</p>
+ of some kind.</p>
</li>
<li id="M201403120">
<!--#set var="DATE" value='<small
class="date-tag">2014-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access to any file
on</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
<span class="inserted"><ins><em>system.</p></em></ins></span>
+ Samsung's back door</a> provides access to any file on the
system.</p>
</li>
- <span
class="removed"><del><strong><li><p>Spyware</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201308010">
+ <li id="M201308010">
<!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Spyware</em></ins></span> in Android phones (and Windows?
laptops): The Wall Street
+ <p>Spyware in Android phones (and Windows? laptops): The Wall Street
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
- and <span class="removed"><del><strong>laptops</a>.
- (I suspect this means</strong></del></span> <span
class="inserted"><ins><em>laptops</a> (presumably</em></ins></span>
Windows <span class="removed"><del><strong>laptops.)</strong></del></span>
<span class="inserted"><ins><em>laptops).</em></ins></span> Here is <a
+ and laptops</a> (presumably Windows laptops). Here is <a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Portable phones with
GPS will send their GPS location on
- remote command and users cannot stop them:
- <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
-
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
- (The US says it will eventually require all new portable phones
- to have GPS.)</p>
- </li>
-
- <li><p>The nonfree Snapchat app's principal
purpose</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201307280">
+ <li id="M201307280">
<!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Spyware</em></ins></span> is <span
class="removed"><del><strong>to restrict
- the</strong></del></span> <span class="inserted"><ins><em>present in
some Android devices when they are
+ <p>Spyware is present in some Android devices when they are
sold. Some Motorola phones, made when this company was owned
- by Google,</em></ins></span> use <span class="inserted"><ins><em>a
modified version</em></ins></span> of <span class="removed"><del><strong>data
on the user's computer, but it does surveillance
- too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries to get the user's list of other people's phone
- numbers.</a></p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
-</div>
-
-<ul>
- <li>
- <p>The moviepass app and dis-service spy on users even more than
users
- expected. It</strong></del></span> <span
class="inserted"><ins><em>Android that</em></ins></span> <a <span
class="removed"><del><strong>href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
- where they travel before and after going</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- sends personal data</em></ins></span> to <span
class="removed"><del><strong>a movie</a>.
- </p>
-
- <p>Don't be tracked — pay
cash!</p></strong></del></span> <span
class="inserted"><ins><em>Motorola</a>.</p></em></ins></span>
+ by Google, use a modified version of Android that <a
+
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ sends personal data to Motorola</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>AI-powered driving
apps can</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201307250">
+ <li id="M201307250">
<!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>A Motorola phone</em></ins></span> <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
- track your every move</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all the time</a>.</p></em></ins></span>
+ <p>A Motorola phone <a
+
href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>The
Sarahah</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201302150">
+ <li id="M201302150">
<!--#set var="DATE" value='<small
class="date-tag">2013-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google Play intentionally sends</em></ins></span> app <span
class="inserted"><ins><em>developers</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
- uploads all phone numbers and email addresses</a> in user's address
- book to developer's server. Note</strong></del></span>
- <span
class="inserted"><ins><em>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
- the personal details of users</em></ins></span> that <span
class="removed"><del><strong>this article misuses</strong></del></span> <span
class="inserted"><ins><em>install</em></ins></span> the <span
class="removed"><del><strong>words
- “<a href="/philosophy/free-sw.html">free
software</a>”
- referring to zero price.</p>
- </li>
+ <p>Google Play intentionally sends app developers <a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
- <li>
- <p>Facebook's app listens all</strong></del></span> <span
class="inserted"><ins><em>app</a>.</p>
-
- <p>Merely asking</em></ins></span> the <span
class="removed"><del><strong>time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop
- on</strong></del></span> <span
class="inserted"><ins><em>“consent” of users is not enough to
+ <p>Merely asking the “consent” of users is not enough to
legitimize actions like this. At this point, most users have stopped
- reading the “Terms and Conditions” that spell
out</em></ins></span> what <span
class="removed"><del><strong>people</strong></del></span>
- <span class="inserted"><ins><em>they</em></ins></span> are <span
class="removed"><del><strong>listening to or watching</a>. In
addition,</strong></del></span> <span
class="inserted"><ins><em>“consenting” to. Google should clearly
and
- honestly identify the information</em></ins></span> it <span
class="removed"><del><strong>may
- be analyzing people's conversations to serve them with targeted
- advertisements.</p>
- </li>
+ reading the “Terms and Conditions” that spell out what
+ they are “consenting” to. Google should clearly and
+ honestly identify the information it collects on users, instead of
+ hiding it in an obscurely worded EULA.</p>
- <li>
- <p>Faceapp appears to do lots</strong></del></span> <span
class="inserted"><ins><em>collects on users, instead</em></ins></span> of <span
class="removed"><del><strong>surveillance, judging by
- <a
href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
- how much access</strong></del></span>
- <span class="inserted"><ins><em>hiding</em></ins></span> it <span
class="removed"><del><strong>demands</strong></del></span> <span
class="inserted"><ins><em>in an obscurely worded EULA.</p>
-
- <p>However,</em></ins></span> to <span
class="inserted"><ins><em>truly protect people's privacy, we must prevent Google
- and other companies from getting this</em></ins></span> personal <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>information</em></ins></span> in the <span
class="removed"><del><strong>device</a>.
- </p></strong></del></span>
- <span class="inserted"><ins><em>first place!</p></em></ins></span>
+ <p>However, to truly protect people's privacy, we must prevent Google
+ and other companies from getting this personal information in the
+ first place!</p>
</li>
- <span class="removed"><del><strong><li>
- <p>Verizon</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201111170">
+ <li id="M201111170">
<!--#set var="DATE" value='<small
class="date-tag">2011-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some manufacturers add a</em></ins></span> <a <span
class="removed"><del><strong>href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
- announced an opt-in proprietary search app that it will</a>
- pre-install on some of its phones. The app will give Verizon the same
- information about the users' searches that Google normally gets when
- they use its search engine.</p>
-
- <p>Currently, the app is</strong></del></span>
- <span
class="inserted"><ins><em>href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ <p>Some manufacturers add a <a
+
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
hidden general surveillance package such as Carrier IQ</a>.</p>
</li>
</ul>
@@ -1505,50 +1144,34 @@
<li id="M201603080">
<!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>E-books can contain JavaScript code, and</em></ins></span> <a
<span
class="removed"><del><strong>href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
- being pre-installed</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
- sometimes this code snoops</em></ins></span> on <span
class="removed"><del><strong>only one phone</a>, and the
- user must explicitly opt-in before the app takes effect. However, the
- app remains spyware—an “optional” piece of spyware is
- still spyware.</p></strong></del></span> <span
class="inserted"><ins><em>readers</a>.</p></em></ins></span>
+ <p>E-books can contain JavaScript code, and <a
+
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
+ sometimes this code snoops on readers</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>The Meitu photo-editing
- app</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201410080">
+ <li id="M201410080">
<!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Adobe made “Digital Editions,”
- the e-reader used by most US libraries,</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user</strong></del></span>
- <span
class="inserted"><ins><em>href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
- send lots of</em></ins></span> data to <span
class="removed"><del><strong>a Chinese company</a>.</p></li>
-
- <li><p>A pregnancy test controller application
not</strong></del></span> <span class="inserted"><ins><em>Adobe</a>.
Adobe's “excuse”: it's
+ the e-reader used by most US libraries, <a
+
href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots of data to Adobe</a>. Adobe's “excuse”: it's
needed to check DRM!</p>
</li>
<li id="M201212030">
<!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Spyware in many e-readers—not</em></ins></span> only
- <span class="removed"><del><strong>can</strong></del></span> <span
class="inserted"><ins><em>the Kindle:</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
- on many sorts of data in</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.eff.org/pages/reader-privacy-chart-2012">
they
- report even which page</em></ins></span> the <span
class="removed"><del><strong>phone, and</strong></del></span> <span
class="inserted"><ins><em>user reads at what time</a>.</p>
+ <p>Spyware in many e-readers—not only the Kindle: <a
+ href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
+ report even which page the user reads at what time</a>.</p>
</li>
</ul>
<div class="big-section">
- <h3 id="SpywareInApplications">Spyware</em></ins></span> in <span
class="removed"><del><strong>server accounts, it can
- alter them too</a>.
- </p></li>
-
- <li><p>The Uber app tracks</strong></del></span> <span
class="inserted"><ins><em>Applications</h3>
+ <h3 id="SpywareInApplications">Spyware in Applications</h3>
<span class="anchor-reference-id">(<a
href="#SpywareInApplications">#SpywareInApplications</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -1562,45 +1185,25 @@
<li id="M202011260">
<!--#set var="DATE" value='<small
class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft's Office 365 suite enables employers</em></ins></span>
<a <span
class="removed"><del><strong>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after the ride</a>.</p>
-
- <p>This example illustrates how “getting the user's
consent”
- for surveillance is inadequate as</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
- snoop on each employee</a>. After</em></ins></span>
- a <span class="removed"><del><strong>protection against massive
- surveillance.</p>
- </li>
-
- <li><p>Google's new voice messaging app</strong></del></span>
<span class="inserted"><ins><em>public outburst, Microsoft stated
that</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
- all conversations</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
- would remove this capability</a>. Let's hope
so.</p></em></ins></span>
+ <p>Microsoft's Office 365 suite enables employers <a
+
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
+ snoop on each employee</a>. After
+ a public outburst, Microsoft stated that <a
+
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
+ would remove this capability</a>. Let's hope so.</p>
</li>
- <span class="removed"><del><strong><li><p>Apps that
include</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201912190">
+ <li id="M201912190">
<!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Avast and AVG extensions
- for Firefox and Chrome were found to</em></ins></span> <a <span
class="removed"><del><strong>href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
- Symphony surveillance software</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome"></em></ins></span>
- snoop on <span class="removed"><del><strong>what
radio</strong></del></span> <span class="inserted"><ins><em>users' detailed
browsing habits</a>. Mozilla</em></ins></span> and <span
class="removed"><del><strong>TV programs</strong></del></span> <span
class="inserted"><ins><em>Google
+ for Firefox and Chrome were found to <a
+
href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
+ snoop on users' detailed browsing habits</a>. Mozilla and Google
removed the problematic extensions from their stores, but this shows
- once more how unsafe nonfree software can be. Tools that</em></ins></span>
are <span class="removed"><del><strong>playing nearby</a>. Also on what
users post on various sites
- such as Facebook, Google+ and Twitter.</p>
- </li>
-
- <li><p>Facebook's new Magic Photo app
- <a
-href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
-scans your mobile phone's photo collections for known faces</a>,
- and suggests you</strong></del></span> <span
class="inserted"><ins><em>supposed</em></ins></span>
- to <span class="removed"><del><strong>share</strong></del></span> <span
class="inserted"><ins><em>protect a proprietary system are, instead, infecting
it with
- additional malware (the system itself being</em></ins></span> the <span
class="removed"><del><strong>picture you take according</strong></del></span>
<span class="inserted"><ins><em>original malware).</p>
+ once more how unsafe nonfree software can be. Tools that are supposed
+ to protect a proprietary system are, instead, infecting it with
+ additional malware (the system itself being the original
malware).</p>
</li>
<li id="M201811020">
@@ -1608,28 +1211,15 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Foundry's graphics software <a
href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
- reports information</em></ins></span> to <span
class="inserted"><ins><em>identify</em></ins></span> who is <span
class="removed"><del><strong>in the frame.</p>
-
- <p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures are likely to be
- sent across the wire to Facebook's servers and face-recognition
- algorithms.</p>
-
- <p>If so, none</strong></del></span> <span
class="inserted"><ins><em>running it</a>. The result is
- often a legal threat demanding a lot</em></ins></span> of <span
class="removed"><del><strong>Facebook users' pictures are private
- anymore,</strong></del></span> <span
class="inserted"><ins><em>money.</p>
+ reports information to identify who is running it</a>. The result is
+ often a legal threat demanding a lot of money.</p>
<p>The fact that this is used for repression of forbidden sharing
- makes it</em></ins></span> even <span
class="removed"><del><strong>if</strong></del></span> <span
class="inserted"><ins><em>more vicious.</p>
+ makes it even more vicious.</p>
<p>This illustrates that making unauthorized copies of nonfree
software
- is not a cure for</em></ins></span> the <span
class="removed"><del><strong>user didn't “upload” them
to</strong></del></span> <span class="inserted"><ins><em>injustice of nonfree
software. It may avoid
- paying for</em></ins></span> the <span
class="removed"><del><strong>service.</p>
- </li>
-
- <li><p>Like most “music screaming” disservices,
Spotify
- is based on proprietary malware (DRM and snooping). In August
- 2015</strong></del></span> <span class="inserted"><ins><em>nasty thing,
but cannot make</em></ins></span> it <span class="inserted"><ins><em>less
nasty.</p>
+ is not a cure for the injustice of nonfree software. It may avoid
+ paying for the nasty thing, but cannot make it less nasty.</p>
</li>
</ul>
@@ -1643,83 +1233,57 @@
<!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many cr…apps, developed by various
- companies for various organizations, do</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
- location tracking unknown</em></ins></span> to <span
class="removed"><del><strong>increased
snooping</a>,</strong></del></span> <span class="inserted"><ins><em>those
companies</em></ins></span> and <span class="inserted"><ins><em>those
- organizations</a>. It's actually</em></ins></span> some
- <span class="removed"><del><strong>are starting to
realize</strong></del></span> <span class="inserted"><ins><em>widely used
libraries</em></ins></span> that <span class="removed"><del><strong>it is
nasty.</p>
-
- <p>This article shows</strong></del></span> <span
class="inserted"><ins><em>do</em></ins></span>
- the <span class="removed"><del><strong><a
-href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
- twisted ways</strong></del></span> <span
class="inserted"><ins><em>tracking.</p>
+ companies for various organizations, do <a
+
href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
+ location tracking unknown to those companies and those
+ organizations</a>. It's actually some widely used libraries that do
+ the tracking.</p>
- <p>What's unusual here is</em></ins></span> that <span
class="removed"><del><strong>they present snooping as a
way</strong></del></span> <span class="inserted"><ins><em>proprietary software
developer A tricks
+ <p>What's unusual here is that proprietary software developer A
tricks
proprietary software developers B1 … B50 into making platforms for
- A</em></ins></span> to <span
class="removed"><del><strong>“serve” users
better</a>—never mind
- whether they want that. This is a typical example
of</strong></del></span> <span
class="inserted"><ins><em>mistreat</em></ins></span> the <span
class="removed"><del><strong>attitude</strong></del></span> <span
class="inserted"><ins><em>end user.</p>
+ A to mistreat the end user.</p>
</li>
<li id="M202003260">
<!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Apple iOS version</em></ins></span> of <span
class="inserted"><ins><em>Zoom <a
+ <p>The Apple iOS version of Zoom <a
href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
- sending users' data to Facebook</a> even if</em></ins></span> the
<span class="removed"><del><strong>proprietary software industry towards
- those they</strong></del></span> <span class="inserted"><ins><em>user
doesn't</em></ins></span> have <span
class="removed"><del><strong>subjugated.</p>
-
- <p>Out, out, damned Spotify!</p></strong></del></span>
- <span class="inserted"><ins><em>a Facebook account. According to the
article, Zoom and Facebook
+ sending users' data to Facebook</a> even if the user doesn't have
+ a Facebook account. According to the article, Zoom and Facebook
don't even mention this surveillance on their privacy policy page,
making this an obvious violation of people's privacy even in their
- own terms.</p></em></ins></span>
+ own terms.</p>
</li>
- <span class="removed"><del><strong><li><p>Many proprietary apps
for mobile devices report which other
- apps</strong></del></span>
- <span class="inserted"><ins><em><li id="M202003010">
+ <li id="M202003010">
<!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Alipay Health Code app
- estimates whether</em></ins></span> the user has
- <span class="removed"><del><strong>installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible</strong></del></span>
<span class="inserted"><ins><em>Covid-19</em></ins></span> and
- <span class="removed"><del><strong>optional</a>. Not as bad as
what</strong></del></span> <span class="inserted"><ins><em><a
+ estimates whether the user has Covid-19 and <a
href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
- tells</em></ins></span> the <span class="removed"><del><strong>others
do.</p></strong></del></span> <span class="inserted"><ins><em>cops
directly</a>.</p></em></ins></span>
+ tells the cops directly</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>FTC says most mobile
apps for children don't respect privacy:</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M202001290">
+ <li id="M202001290">
<!--#set var="DATE" value='<small
class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Amazon Ring app does</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
-
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
- surveillance for other companies as well as for
Amazon</a>.</p></em></ins></span>
+ <p>The Amazon Ring app does <a
+
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
+ surveillance for other companies as well as for Amazon</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201912220">
+ <li id="M201912220">
<!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The ToToc messaging app seems to be a</em></ins></span> <a
<span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
- QR-code scanner apps snoop on</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
- spying tool for</em></ins></span> the <span
class="removed"><del><strong>user</a>. This is in addition to
- the snooping done by</strong></del></span> <span
class="inserted"><ins><em>government of</em></ins></span> the <span
class="removed"><del><strong>phone company,</strong></del></span> <span
class="inserted"><ins><em>United Arab Emirates</a>.
- Any nonfree program could be doing this,</em></ins></span> and <span
class="removed"><del><strong>perhaps by</strong></del></span> <span
class="inserted"><ins><em>that is a good
+ <p>The ToToc messaging app seems to be a <a
+
href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
+ spying tool for the government of the United Arab Emirates</a>.
+ Any nonfree program could be doing this, and that is a good
reason to use free software instead.</p>
- <p><small>Note: this article uses</em></ins></span> the <span
class="removed"><del><strong>OS</strong></del></span> <span
class="inserted"><ins><em>word “free”</em></ins></span> in
- the
- <span class="removed"><del><strong>phone.</p>
-
- <p>Don't be distracted by the question</strong></del></span> <span
class="inserted"><ins><em>sense</em></ins></span> of <span
class="removed"><del><strong>whether</strong></del></span> <span
class="inserted"><ins><em>“gratis.”</small></p>
+ <p><small>Note: this article uses the word “free”
in
+ the sense of “gratis.”</small></p>
</li>
<li id="M201912090">
@@ -1729,456 +1293,206 @@
when used for work, give employers powerful <a
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
snooping and sabotage capabilities</a> if they install their own
- software on</em></ins></span> the <span class="removed"><del><strong>app
developers get
- users</strong></del></span> <span class="inserted"><ins><em>device.
Many employers demand</em></ins></span> to <span
class="removed"><del><strong>say “I agree”.
That</strong></del></span> <span class="inserted"><ins><em>do this. For the
- employee, this</em></ins></span> is <span class="removed"><del><strong>no
excuse for malware.</p></strong></del></span> <span
class="inserted"><ins><em>simply nonfree software, as fundamentally unjust
- and as dangerous as any other nonfree software.</p></em></ins></span>
+ software on the device. Many employers demand to do this. For the
+ employee, this is simply nonfree software, as fundamentally unjust
+ and as dangerous as any other nonfree software.</p>
</li>
- <span class="removed"><del><strong><li><p>The Brightest
Flashlight app
- <a
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
- sends user data, including geolocation, for use by
companies.</a></p></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201910130">
+ <li id="M201910130">
<!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
- --><!--#echo encoding="none" var="DATE" --></em></ins></span>
- <p>The <span class="removed"><del><strong>FTC criticized this app
because it asked the user to
- approve sending personal data to</strong></del></span> <span
class="inserted"><ins><em>Chinese Communist Party's
“Study</em></ins></span>
- the <span class="inserted"><ins><em>Great Nation”</em></ins></span>
app <span class="removed"><del><strong>developer but did not
- ask about sending</strong></del></span> <span
class="inserted"><ins><em>requires users to grant</em></ins></span> it <span
class="inserted"><ins><em><a
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Chinese Communist Party's “Study
+ the Great Nation” app requires users to grant it <a
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
- access</em></ins></span> to <span class="removed"><del><strong>other
companies. This shows</strong></del></span> the
- <span class="removed"><del><strong>weakness of</strong></del></span>
<span class="inserted"><ins><em>phone's microphone, photos, text messages,
contacts, and
- internet history</a>, and</em></ins></span> the <span
class="removed"><del><strong>reject-it-if-you-dislike-snooping
- “solution”</strong></del></span> <span
class="inserted"><ins><em>Android version was found</em></ins></span> to <span
class="removed"><del><strong>surveillance: why should</strong></del></span>
<span class="inserted"><ins><em>contain</em></ins></span> a <span
class="removed"><del><strong>flashlight
- app send any information</strong></del></span>
- <span class="inserted"><ins><em>back-door allowing
developers</em></ins></span> to <span class="removed"><del><strong>anyone? A
free software flashlight
- app would not.</p>
- </li>
-</ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInToys">Spyware</strong></del></span> <span
class="inserted"><ins><em>run any code they wish</em></ins></span> in <span
class="removed"><del><strong>Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
-</div>
-
-<ul>
-
- <li>
- <p>A remote-control sex toy was found to make</strong></del></span>
<span class="inserted"><ins><em>the users'
+ access to the phone's microphone, photos, text messages, contacts, and
+ internet history</a>, and the Android version was found to contain a
+ back-door allowing developers to run any code they wish in the users'
phone, as “superusers.” Downloading and using this
app is mandatory at some workplaces.</p>
- <p>Note: The</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
recordings</strong></del></span>
- <span
class="inserted"><ins><em>href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
- Washington Post version</em></ins></span> of the <span
class="removed"><del><strong>conversation between two
users</a>.</p></strong></del></span> <span
class="inserted"><ins><em>article</a> (partly obfuscated, but
+ <p>Note: The <a
+
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
+ Washington Post version of the article</a> (partly obfuscated, but
readable after copy-pasting in a text editor) includes a clarification
saying that the tests were only performed on the Android version
of the app, and that, according to Apple, “this kind of
‘superuser’ surveillance could not be conducted on
- Apple's operating system.”</p></em></ins></span>
+ Apple's operating system.”</p>
</li>
- <span class="removed"><del><strong><li></strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201909091">
+ <li id="M201909091">
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
- --><!--#echo encoding="none" var="DATE" --></em></ins></span>
- <p>The <span class="removed"><del><strong>“smart” toys
My Friend Cayla and i-Que transmit</strong></del></span> <span
class="inserted"><ins><em>Facebook app</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
- a speech recognition company based in the U.S.</p>
-
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control the toys with a mobile phone. This would
- enable crackers to listen in on a child's speech,
and</strong></del></span>
- <span
class="inserted"><ins><em>href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
- tracks users</em></ins></span> even <span
class="removed"><del><strong>speak</strong></del></span> <span
class="inserted"><ins><em>when it is turned off</a>, after tricking
them</em></ins></span>
- into <span class="inserted"><ins><em>giving</em></ins></span> the <span
class="removed"><del><strong>toys themselves.</p></strong></del></span>
<span class="inserted"><ins><em>app broad permissions in order to use one of its
- functionalities.</p></em></ins></span>
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Facebook app <a
+
href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
+ tracks users even when it is turned off</a>, after tricking them
+ into giving the app broad permissions in order to use one of its
+ functionalities.</p>
</li>
- <span class="removed"><del><strong><li>
- <p>A computerized vibrator</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201909090">
+ <li id="M201909090">
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some nonfree period-tracking apps including MIA Fem and
Maya</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
+ <p>Some nonfree period-tracking apps including MIA Fem and Maya <a
+
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
send intimate details of users' lives to Facebook</a>.</p>
</li>
<li id="M201909060">
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Keeping track of who downloads a</em></ins></span> proprietary
<span class="removed"><del><strong>control app</a>.</p>
-
- <p>The app was reporting the temperature</strong></del></span>
- <span class="inserted"><ins><em>program is a form</em></ins></span> of
<span class="removed"><del><strong>the vibrator minute by
- minute (thus, indirectly, whether it was surrounded
by</strong></del></span> <span class="inserted"><ins><em>surveillance. There
is</em></ins></span> a <span class="removed"><del><strong>person's
- body), as well as the vibration frequency.</p>
+ <p>Keeping track of who downloads a proprietary
+ program is a form of surveillance. There is a
+ proprietary program for adjusting a certain telescopic rifle sight. <a
+
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
+ A US prosecutor has demanded the list of all the 10,000 or more people
+ who have installed it</a>.</p>
- <p>Note the totally inadequate proposed
response:</strong></del></span>
- <span class="inserted"><ins><em>proprietary program for
adjusting</em></ins></span> a <span class="removed"><del><strong>labeling
- standard with which manufacturers would make statements about
- their products, rather than free software which users could have
- checked and changed.</p>
-
- <p>The company that made the vibrator</strong></del></span> <span
class="inserted"><ins><em>certain telescopic rifle sight.</em></ins></span>
<a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for collecting lots</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
- A US prosecutor has demanded the list</em></ins></span> of <span
class="removed"><del><strong>personal information about
how</strong></del></span> <span class="inserted"><ins><em>all the 10,000 or
more</em></ins></span> people <span
class="removed"><del><strong>used</strong></del></span>
- <span class="inserted"><ins><em>who have installed</em></ins></span>
it</a>.</p>
-
- <span class="removed"><del><strong><p>The company's statement that
it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data
to</strong></del></span>
-
- <span class="inserted"><ins><em><p>With</em></ins></span> a
- <span class="removed"><del><strong>data broker, the data
broker</strong></del></span> <span class="inserted"><ins><em>free program
there</em></ins></span> would <span class="removed"><del><strong>have been able
to figure out
- who the user was.</p>
-
- <p>Following this lawsuit,
- <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay</strong></del></span> <span
class="inserted"><ins><em>not be</em></ins></span> a <span
class="removed"><del><strong>total</strong></del></span> <span
class="inserted"><ins><em>list</em></ins></span> of <span
class="removed"><del><strong>C$4m</a>
- to its customers.</p></strong></del></span> <span
class="inserted"><ins><em>who has installed
- it.</p></em></ins></span>
+ <p>With a free program there would not be a list of who has installed
+ it.</p>
</li>
- <span class="removed"><del><strong><li><p>
“CloudPets” toys with microphones</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201907081">
+ <li id="M201907081">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Many unscrupulous mobile-app developers keep finding ways
to</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
+ <p>Many unscrupulous mobile-app developers keep finding ways to <a
+
href="https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
bypass user's settings</a>, regulations, and privacy-enhancing
features
- of the operating system, in order</em></ins></span> to <span
class="inserted"><ins><em>gather as much private data as
+ of the operating system, in order to gather as much private data as
they possibly can.</p>
<p>Thus, we can't trust rules against spying. What we can trust is
- having control over</em></ins></span> the
- <span class="removed"><del><strong>manufacturer</a>. Guess
what?</strong></del></span> <span class="inserted"><ins><em>software we
run.</p>
+ having control over the software we run.</p>
</li>
<li id="M201907080">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many Android apps can track
- users' movements even when the user says</em></ins></span> <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found a way</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
- not</em></ins></span> to <span class="inserted"><ins><em>allow
them</em></ins></span> access <span class="removed"><del><strong>the
data</a>
- collected by the manufacturer's snooping.</p>
-
- <p>That the manufacturer and the FBI could
listen</strong></del></span> to <span class="removed"><del><strong>these
conversations
- was unacceptable</strong></del></span> <span
class="inserted"><ins><em>locations</a>.</p>
+ users' movements even when the user says <a
+
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
+ not to allow them access to locations</a>.</p>
<p>This involves an apparently unintentional weakness in Android,
- exploited intentionally</em></ins></span> by <span
class="removed"><del><strong>itself.</p></li>
-
- <li><p>Barbie
- <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p></strong></del></span>
<span class="inserted"><ins><em>malicious apps.</p></em></ins></span>
+ exploited intentionally by malicious apps.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-<!-- #SpywareOnSmartWatches</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201905300">
+ <li id="M201905300">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items</strong></del></span>
- <span class="inserted"><ins><em><p>The Femm “fertility”
app is secretly a <a
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Femm “fertility” app is secretly a <a
href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
tool for propaganda</a> by natalist Christians. It spreads distrust
for contraception.</p>
- <p>It snoops</em></ins></span> on <span
class="removed"><del><strong>top under each subsection</strong></del></span>
<span class="inserted"><ins><em>users, too, as you must expect from nonfree
+ <p>It snoops on users, too, as you must expect from nonfree
programs.</p>
</li>
<li id="M201905060">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-
-<span class="removed"><del><strong><div class="big-section">
- <h3 id="SpywareOnSmartWatches">Spyware on “Smart”
Watches</h3>
- <span class="anchor-reference-id">
- (<a
href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<ul>
- <li>
- <p>An LG “smart” watch is designed</strong></del></span>
- <span class="inserted"><ins><em><p>BlizzCon 2019 imposed
a</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
- to report its location</strong></del></span>
- <span
class="inserted"><ins><em>href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
- requirement</em></ins></span> to <span
class="removed"><del><strong>someone else and</strong></del></span> <span
class="inserted"><ins><em>run a proprietary phone
app</a></em></ins></span> to <span class="removed"><del><strong>transmit
- conversations too</a>.</p>
- </li>
- <li>
- <p>A very cheap “smart watch” comes with an
Android</strong></del></span> <span class="inserted"><ins><em>be allowed into
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>BlizzCon 2019 imposed a <a
+
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
+ requirement to run a proprietary phone app</a> to be allowed into
the event.</p>
- <p>This</em></ins></span> app
- <span class="removed"><del><strong><a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
- that connects to an unidentified site in China</a>.</p>
- <p>The article says this</strong></del></span> is a <span
class="removed"><del><strong>back door, but</strong></del></span> <span
class="inserted"><ins><em>spyware</em></ins></span> that <span
class="removed"><del><strong>could be</strong></del></span> <span
class="inserted"><ins><em>can snoop on</em></ins></span> a
- <span class="removed"><del><strong>misunderstanding. However, it is
certainly surveillance, at
- least.</p></strong></del></span> <span
class="inserted"><ins><em>lot of
+ <p>This app is a spyware that can snoop on a lot of
sensitive data, including user's location and contact list, and has <a
href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
- near-complete control</a> over the phone.</p></em></ins></span>
+ near-complete control</a> over the phone.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-<!-- #SpywareAtLowLevel</strong></del></span>
- <span class="inserted"><ins><em><li id="M201904131">
+ <li id="M201904131">
<!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
- <span class="inserted"><ins><em><p>Data collected by menstrual and
pregnancy monitoring apps is often <a
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Data collected by menstrual and pregnancy monitoring apps is
often <a
href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
- available</em></ins></span> to <span class="removed"><del><strong>place
new items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
-</div>
-
-<ul>
-<li><p>
-<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware</strong></del></span> <span
class="inserted"><ins><em>employers</em></ins></span> and <span
class="removed"><del><strong>spyware via BIOS</a> on Windows installs.
-Note that</strong></del></span> <span class="inserted"><ins><em>insurance
companies</a>. Even though</em></ins></span> the <span
class="removed"><del><strong>specific sabotage method Lenovo used did not affect
-GNU/Linux; also, a “clean” Windows install</strong></del></span>
- <span class="inserted"><ins><em>data</em></ins></span> is <span
class="removed"><del><strong>not really
-clean since <a href="/proprietary/malware-microsoft.html">Microsoft
-puts in its own malware</a>.
-</p></li>
-</ul>
-
-<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
-
-<div class="big-section">
- <h3 id="SpywareAtWork">Spyware at Work</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<ul>
- <li><p>Investigation
- Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
- Using US Companies, NSA To Route Around Domestic Surveillance
- Restrictions</a>.</p>
-
- <p>Specifically,</strong></del></span> <span
class="inserted"><ins><em>“anonymized and
aggregated,”</em></ins></span> it can <span
class="removed"><del><strong>collect</strong></del></span> <span
class="inserted"><ins><em>easily be
- traced back to</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
- this way, because they pass it through Microsoft.</p></li>
-
- <li><p>Spyware in Cisco TNP IP phones:
- <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInSkype">Spyware in Skype</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
-</div>
-
-<ul>
- <li><p>Spyware in Skype:
- <a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
-
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
- Microsoft changed Skype
- <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically</strong></del></span> <span class="inserted"><ins><em>woman
who uses the app.</p>
-
- <p>This has harmful implications</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p>
- </li>
-</ul>
-
-
-
-<!-- #SpywareOnTheRoad -->
-<!-- WEBMASTERS:</strong></del></span> <span
class="inserted"><ins><em>women's rights to equal employment
- and freedom to</em></ins></span> make <span
class="removed"><del><strong>sure</strong></del></span> <span
class="inserted"><ins><em>their own pregnancy choices. Don't use
- these apps, even if someone offers you a reward</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareOnTheRoad">Spyware</strong></del></span> <span
class="inserted"><ins><em>do so. A
+ available to employers and insurance companies</a>. Even though the
+ data is “anonymized and aggregated,” it can easily be
+ traced back to the woman who uses the app.</p>
+
+ <p>This has harmful implications for women's rights to equal
employment
+ and freedom to make their own pregnancy choices. Don't use
+ these apps, even if someone offers you a reward to do so. A
free-software app that does more or less the same thing without
- spying</em></ins></span> on <span class="removed"><del><strong>The
Road</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<div class="big-subsection">
- <h4 id="SpywareInCameras">Spyware in Cameras</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
-</div>
-
-<ul>
- <li>
- <p>Every “home security” camera, if its manufacturer can
communicate with it,</strong></del></span> <span
class="inserted"><ins><em>you</em></ins></span> is <span
class="removed"><del><strong>a surveillance device.</strong></del></span> <span
class="inserted"><ins><em>available from</em></ins></span> <a
-<span
class="removed"><del><strong>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
- Canary camera</strong></del></span>
- <span
class="inserted"><ins><em>href="https://search.f-droid.org/?q=menstr">F-Droid</a>,
and <a
+ spying on you is available from <a
+ href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
- a new one</em></ins></span> is <span class="removed"><del><strong>an
example</a>.</p>
- <p>The article describes wrongdoing by</strong></del></span> <span
class="inserted"><ins><em>being developed</a>.</p>
+ a new one is being developed</a>.</p>
</li>
<li id="M201904130">
<!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google tracks</em></ins></span> the <span
class="removed"><del><strong>manufacturer, based on</strong></del></span> <span
class="inserted"><ins><em>movements of Android phones and iPhones
+ <p>Google tracks the movements of Android phones and iPhones
running Google apps, and sometimes <a
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
- saves</em></ins></span> the <span class="removed"><del><strong>fact
- that</strong></del></span> <span class="inserted"><ins><em>data for
years</a>.</p>
+ saves the data for years</a>.</p>
- <p>Nonfree software in</em></ins></span> the <span
class="removed"><del><strong>device is tethered</strong></del></span> <span
class="inserted"><ins><em>phone has</em></ins></span> to <span
class="removed"><del><strong>a server.</p>
- <p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
- <p>But it also demonstrates that the device
gives</strong></del></span> <span class="inserted"><ins><em>be responsible for
sending</em></ins></span>
- the <span class="removed"><del><strong>company
- surveillance capability.</p></strong></del></span> <span
class="inserted"><ins><em>location data to Google.</p></em></ins></span>
+ <p>Nonfree software in the phone has to be responsible for sending
+ the location data to Google.</p>
</li>
- <span class="removed"><del><strong><li>
- <p>The Nest Cam “smart” camera is</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201903251">
+ <li id="M201903251">
<!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Many Android phones come with a huge number of</em></ins></span>
<a
- <span
class="removed"><del><strong>href="http://www.bbc.com/news/technology-34922712">always
- watching</a>, even when</strong></del></span>
- <span
class="inserted"><ins><em>href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
+ <p>Many Android phones come with a huge number of <a
+
href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
preinstalled nonfree apps that have access to sensitive data without
- users' knowledge</a>. These hidden apps may either call home
with</em></ins></span>
- the <span class="removed"><del><strong>“owner”
switches</strong></del></span> <span class="inserted"><ins><em>data, or
pass</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
- <p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>on to user-installed apps that have access
to</em></ins></span>
- the <span class="removed"><del><strong>manufacturer is using
it</strong></del></span> <span class="inserted"><ins><em>network but no direct
access</em></ins></span> to <span class="removed"><del><strong>outsmart
- you.</p>
- </li>
-</ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInElectronicReaders">Spyware</strong></del></span>
<span class="inserted"><ins><em>the data. This results</em></ins></span> in
<span class="removed"><del><strong>e-Readers</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
-</div>
-
-<ul>
- <li><p>E-books can contain JavaScript code,
- and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
- this code snoops</strong></del></span> <span
class="inserted"><ins><em>massive
- surveillance</em></ins></span> on <span
class="removed"><del><strong>readers</a>.</p>
+ users' knowledge</a>. These hidden apps may either call home with
+ the data, or pass it on to user-installed apps that have access to
+ the network but no direct access to the data. This results in massive
+ surveillance on which the user has absolutely no control.</p>
</li>
- <li><p>Spyware in many e-readers—not only the
- Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">
- they report even</strong></del></span> which <span
class="removed"><del><strong>page</strong></del></span> the user <span
class="removed"><del><strong>reads at what
time</a>.</p></strong></del></span> <span
class="inserted"><ins><em>has absolutely no control.</p></em></ins></span>
- </li>
-
- <span class="removed"><del><strong><li><p>Adobe made
“Digital Editions,” the e-reader used
- by most US libraries,</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201903201">
+ <li id="M201903201">
<!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>A study of 24 “health” apps found that 19 of
them</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows"></em></ins></span>
- send <span class="removed"><del><strong>lots of</strong></del></span>
<span class="inserted"><ins><em>sensitive personal</em></ins></span> data to
<span class="removed"><del><strong>Adobe</a>. Adobe's
“excuse”: it's
- needed to check DRM!</p>
- </li>
-</ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInVehicles">Spyware</strong></del></span> <span
class="inserted"><ins><em>third parties</a>, which can use it
- for invasive advertising or discriminating against
people</em></ins></span> in <span
class="removed"><del><strong>Vehicles</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
-</div>
-
-<ul>
-<li><p>Computerized cars with nonfree
software</strong></del></span> <span class="inserted"><ins><em>poor
+ <p>A study of 24 “health” apps found that 19 of them
<a
+
href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
+ send sensitive personal data to third parties</a>, which can use it
+ for invasive advertising or discriminating against people in poor
medical condition.</p>
<p>Whenever user “consent” is sought, it is buried in
- lengthy terms of service that</em></ins></span> are
- <span class="removed"><del><strong><a
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
- snooping devices</a>.</p></strong></del></span> <span
class="inserted"><ins><em>difficult to understand. In any case,
- “consent” is not sufficient to legitimize
snooping.</p></em></ins></span>
+ lengthy terms of service that are difficult to understand. In any case,
+ “consent” is not sufficient to legitimize snooping.</p>
</li>
- <li <span class="removed"><del><strong>id="nissan-modem"><p>The
Nissan Leaf has</strong></del></span> <span
class="inserted"><ins><em>id="M201902230">
+ <li id="M201902230">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Facebook offered</em></ins></span> a <span
class="removed"><del><strong>built-in cell phone modem</strong></del></span>
<span class="inserted"><ins><em>convenient proprietary
- library for building mobile apps,</em></ins></span> which <span
class="removed"><del><strong>allows
- effectively
- anyone</strong></del></span> <span
class="inserted"><ins><em>also</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
- access its computers remotely and make changes in various
- settings</a>.</p>
-
- <p>That's easy</strong></del></span>
- <span
class="inserted"><ins><em>href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
- sent personal data</em></ins></span> to <span
class="removed"><del><strong>do because the system has no authentication when
- accessed through</strong></del></span> <span
class="inserted"><ins><em>Facebook</a>. Lots of companies built apps that
- way and released them, apparently not realizing that all</em></ins></span>
the <span class="removed"><del><strong>modem. However, even if it asked for
- authentication, you couldn't be confident</strong></del></span> <span
class="inserted"><ins><em>personal
+ <p>Facebook offered a convenient proprietary
+ library for building mobile apps, which also <a
+ href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
+ sent personal data to Facebook</a>. Lots of companies built apps that
+ way and released them, apparently not realizing that all the personal
data they collected would go to Facebook as well.</p>
- <p>It shows</em></ins></span> that <span
class="removed"><del><strong>Nissan has no
- access. The software in the car is
- proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
- means it demands blind faith from its users</a>.</p>
-
- <p>Even if</strong></del></span> no one <span
class="removed"><del><strong>connects to the car remotely, the cell phone
- modem enables the phone company to track the car's movements all
- the time; it is possible to physically remove</strong></del></span> <span
class="inserted"><ins><em>can trust a nonfree program, not
even</em></ins></span> the <span class="removed"><del><strong>cell phone modem
- though.</p></strong></del></span>
- <span class="inserted"><ins><em>developers of other nonfree
programs.</p></em></ins></span>
+ <p>It shows that no one can trust a nonfree program, not even the
+ developers of other nonfree programs.</p>
</li>
- <li <span
class="removed"><del><strong>id="records-drivers"><p>Proprietary
software in cars
- <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records</strong></del></span>
<span class="inserted"><ins><em>id="M201902140">
+ <li id="M201902140">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The AppCensus database gives</em></ins></span> information <span
class="removed"><del><strong>about drivers'
movements</a>,</strong></del></span> <span class="inserted"><ins><em>on
<a
+ <p>The AppCensus database gives information on <a
href="https://www.appcensus.mobi"> how Android apps use and
misuse users' personal data</a>. As of March 2019, nearly
- 78,000 have been analyzed, of</em></ins></span> which <span
class="removed"><del><strong>is made available</strong></del></span> <span
class="inserted"><ins><em>24,000 (31%) transmit the <a
+ 78,000 have been analyzed, of which 24,000 (31%) transmit the <a
href="/proprietary/proprietary-surveillance.html#M201812290">
- Advertising ID</a></em></ins></span> to <span
class="removed"><del><strong>car manufacturers, insurance</strong></del></span>
<span class="inserted"><ins><em>other</em></ins></span> companies, and
- <span class="removed"><del><strong>others.</p>
-
- <p>The case</strong></del></span> <span
class="inserted"><ins><em><a
+ Advertising ID</a> to other companies, and <a
href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
- 18,000 (23%</em></ins></span> of <span
class="removed"><del><strong>toll-collection systems, mentioned
in</strong></del></span> <span class="inserted"><ins><em>the total)
link</em></ins></span> this <span
class="removed"><del><strong>article,</strong></del></span> <span
class="inserted"><ins><em>ID to hardware identifiers</a>,
+ 18,000 (23% of the total) link this ID to hardware identifiers</a>,
so that users cannot escape tracking by resetting it.</p>
- <p>Collecting hardware identifiers</em></ins></span> is <span
class="removed"><del><strong>not
- really a matter</strong></del></span> <span class="inserted"><ins><em>in
apparent violation</em></ins></span> of <span
class="removed"><del><strong>proprietary surveillance. These systems are an
- intolerable invasion</strong></del></span>
- <span class="inserted"><ins><em>Google's policies. But it seems that
Google wasn't aware</em></ins></span> of <span
class="removed"><del><strong>privacy, and should be replaced with anonymous
- payment systems, but</strong></del></span> <span
class="inserted"><ins><em>it,
+ <p>Collecting hardware identifiers is in apparent violation of
+ Google's policies. But it seems that Google wasn't aware of it,
and, once informed, was in no hurry to take action. This proves
- that</em></ins></span> the <span class="removed"><del><strong>invasion
isn't done by malware. The other
- cases mentioned</strong></del></span> <span
class="inserted"><ins><em>policies of a development platform</em></ins></span>
are <span class="removed"><del><strong>done by
proprietary</strong></del></span> <span class="inserted"><ins><em>ineffective at
- preventing nonfree software developers from including</em></ins></span>
malware in
- <span class="inserted"><ins><em>their programs.</p>
+ that the policies of a development platform are ineffective at
+ preventing nonfree software developers from including malware in
+ their programs.</p>
</li>
<li id="M201902060">
@@ -2186,98 +1500,44 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Many nonfree apps have a surveillance feature for <a
href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
- recording all</em></ins></span> the <span
class="removed"><del><strong>car.</p></li>
-
- <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>users' actions</a> in interacting
with</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>app.</p>
+ recording all the users' actions</a> in interacting with the
app.</p>
</li>
<li id="M201902041.1">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Twenty nine “beauty camera” apps that
used</em></ins></span> to <span class="removed"><del><strong>extract data
remotely and
- determine the car's location at any time. (See</strong></del></span>
- <span class="inserted"><ins><em>be on Google Play had one or more
malicious functionalities, such as</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
- Section 2, paragraphs b</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
+ <p>Twenty nine “beauty camera” apps that used to
+ be on Google Play had one or more malicious functionalities, such as <a
+
href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
stealing users' photos</a> instead of “beautifying” them,
- pushing unwanted</em></ins></span> and <span
class="removed"><del><strong>c.</a>). The company says it doesn't
- store this information, but if the state orders it to get the
data</strong></del></span> <span class="inserted"><ins><em>often malicious ads
on users,</em></ins></span> and <span class="removed"><del><strong>hand it
over, the state can store it.</p>
- </li>
-</ul>
-
-
-<!-- #SpywareAtHome -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>redirecting
- them</em></ins></span> to <span class="removed"><del><strong>place new
items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareAtHome">Spyware at Home</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-<ul>
- <li><p>Lots</strong></del></span> <span
class="inserted"><ins><em>phishing sites that stole their credentials.
Furthermore,
- the user interface</em></ins></span> of <span
class="removed"><del><strong>“smart” products
are</strong></del></span> <span class="inserted"><ins><em>most of them
was</em></ins></span> designed <span class="removed"><del><strong><a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
- listen</strong></del></span> to <span
class="removed"><del><strong>everyone in the house, all the
time</a>.</p>
-
- <p>Today's technological practice does not include any
way</strong></del></span> <span class="inserted"><ins><em>make uninstallation
+ pushing unwanted and often malicious ads on users, and redirecting
+ them to phishing sites that stole their credentials. Furthermore,
+ the user interface of most of them was designed to make uninstallation
difficult.</p>
- <p>Users should</em></ins></span> of
- <span class="removed"><del><strong>making a device that can obey your
voice commands without
- potentially spying on you. Even</strong></del></span> <span
class="inserted"><ins><em>course uninstall these dangerous
apps</em></ins></span> if <span
class="removed"><del><strong>it</strong></del></span> <span
class="inserted"><ins><em>they
+ <p>Users should of course uninstall these dangerous apps if they
haven't yet, but they should also stay away from nonfree apps in
general. <em>All</em> nonfree apps carry a potential risk
because
- there</em></ins></span> is <span class="removed"><del><strong>air-gapped,
it could be
- saving up records about you for later
examination.</p></strong></del></span> <span class="inserted"><ins><em>no
easy way of knowing what they really do.</p></em></ins></span>
+ there is no easy way of knowing what they really do.</p>
</li>
- <span class="removed"><del><strong><li><p>Nest thermometers
- send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
- lot</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201902010">
+ <li id="M201902010">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>An investigation</em></ins></span> of <span
class="removed"><del><strong>data about</strong></del></span> the <span
class="removed"><del><strong>user</a>.</p>
- </li>
-
- <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed</strong></del></span> <span
class="inserted"><ins><em>150 most popular
+ <p>An investigation of the 150 most popular
gratis VPN apps in Google Play found that <a
href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
- 25% fail</em></ins></span> to <span class="removed"><del><strong>spy
on</strong></del></span> <span
class="inserted"><ins><em>protect</em></ins></span> their <span
class="removed"><del><strong>renters</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInTVSets">Spyware</strong></del></span> <span
class="inserted"><ins><em>usersâ privacy</a> due to DNS leaks. In
- addition, 85% feature intrusive permissions or functions</em></ins></span>
in <span class="removed"><del><strong>TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
-</div>
-
-<p>Emo Phillips made a joke: The other day a woman came
up</strong></del></span> <span class="inserted"><ins><em>their
+ 25% fail to protect their usersâ privacy</a> due to DNS leaks. In
+ addition, 85% feature intrusive permissions or functions in their
source code—often used for invasive advertising—that could
- potentially also be used</em></ins></span> to <span
class="removed"><del><strong>me and
-said, “Didn't I see you</strong></del></span> <span
class="inserted"><ins><em>spy</em></ins></span> on <span
class="removed"><del><strong>television?” I said, “I
-don't know. You can't see out the other way.”
Evidently</strong></del></span> <span class="inserted"><ins><em>users. Other
technical flaws were
+ potentially also be used to spy on users. Other technical flaws were
found as well.</p>
- <p>Moreover, a previous investigation had found</em></ins></span>
that <span class="removed"><del><strong>was
-before Amazon “smart” TVs.</p>
-
-<ul>
- <li>
- <p>Vizio
- “smart”</strong></del></span> <a <span
class="removed"><del><strong>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts
- and cable</a>. Even if</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.top10vpn.com/free-vpn-app-investigation/">half
of</em></ins></span>
- the <span class="removed"><del><strong>image</strong></del></span> <span
class="inserted"><ins><em>top 10 gratis VPN apps have lousy privacy
policies</a>.</p>
+ <p>Moreover, a previous investigation had found that <a
+ href="https://www.top10vpn.com/free-vpn-app-investigation/">half of
+ the top 10 gratis VPN apps have lousy privacy policies</a>.</p>
- <p><small>(It</em></ins></span> is <span
class="removed"><del><strong>coming from</strong></del></span> <span
class="inserted"><ins><em>unfortunate that these articles talk about “free
+ <p><small>(It is unfortunate that these articles talk about
“free
apps.” These apps are gratis, but they are <em>not</em>
<a
href="/philosophy/free-sw.html">free
software</a>.)</small></p>
</li>
@@ -2287,68 +1547,43 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The Weather Channel app <a
href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
- stored users' locations to</em></ins></span> the <span
class="removed"><del><strong>user's own
- computer,</strong></del></span> <span class="inserted"><ins><em>company's
server</a>. The company is
- being sued, demanding that it notify</em></ins></span> the <span
class="removed"><del><strong>TV reports</strong></del></span> <span
class="inserted"><ins><em>users of</em></ins></span> what it <span
class="removed"><del><strong>is. The existence of</strong></del></span> <span
class="inserted"><ins><em>will do
+ stored users' locations to the company's server</a>. The company is
+ being sued, demanding that it notify the users of what it will do
with the data.</p>
- <p>We think that lawsuit is about</em></ins></span> a <span
class="removed"><del><strong>way to
- disable</strong></del></span> <span class="inserted"><ins><em>side issue.
What</em></ins></span> the <span class="removed"><del><strong>surveillance,
even if it were not hidden as it was in
- these TVs,</strong></del></span> <span
class="inserted"><ins><em>company</em></ins></span> does <span
class="removed"><del><strong>not legitimize</strong></del></span>
- <span class="inserted"><ins><em>with</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>data is a secondary issue. The principal wrong
here is that
+ <p>We think that lawsuit is about a side issue. What the company does
+ with the data is a secondary issue. The principal wrong here is that
the company gets that data at all.</p>
<p><a
href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
Other weather apps</a>, including Accuweather and WeatherBug, are
- tracking people's locations.</p></em></ins></span>
+ tracking people's locations.</p>
</li>
- <span class="removed"><del><strong><li><p>More or less all
“smart” TVs</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201812290">
+ <li id="M201812290">
<!--#set var="DATE" value='<small
class="date-tag">2018-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Around 40% of gratis Android apps</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
- on their users</a>.</p>
-
- <p>The</strong></del></span>
- <span
class="inserted"><ins><em>href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report"></em></ins></span>
- report <span class="removed"><del><strong>was as of 2014, but we don't
expect this has got better.</p>
-
- <p>This shows that laws requiring products</strong></del></span>
<span class="inserted"><ins><em>on the user's actions</em></ins></span> to
<span class="removed"><del><strong>get users' formal
- consent before collecting personal</strong></del></span> <span
class="inserted"><ins><em>Facebook</a>.</p>
+ <p>Around 40% of gratis Android apps <a
+
href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
+ report on the user's actions to Facebook</a>.</p>
<p>Often they send the machine's “advertising ID,” so
that
- Facebook can correlate the</em></ins></span> data <span
class="removed"><del><strong>are totally inadequate.
- And what happens if a user declines consent?
Probably</strong></del></span> <span class="inserted"><ins><em>it obtains
from</em></ins></span> the <span class="removed"><del><strong>TV
- will say, “Without your consent to tracking,</strong></del></span>
<span class="inserted"><ins><em>same machine via
- various apps. Some of them send Facebook detailed information
about</em></ins></span>
- the <span class="removed"><del><strong>TV will
- not work.”</p>
-
- <p>Proper laws would</strong></del></span> <span
class="inserted"><ins><em>user's activities in the app; others
only</em></ins></span> say that <span class="removed"><del><strong>TVs are not
allowed to report what</strong></del></span> the user <span
class="removed"><del><strong>watches — no exceptions!</p>
- </li>
- <li><p>Vizio goes a step further than other TV manufacturers
in</strong></del></span> <span class="inserted"><ins><em>is
+ Facebook can correlate the data it obtains from the same machine via
+ various apps. Some of them send Facebook detailed information about
+ the user's activities in the app; others only say that the user is
using that app, but that alone is often quite informative.</p>
- <p>This</em></ins></span> spying <span
class="removed"><del><strong>on
- their users: their</strong></del></span> <span
class="inserted"><ins><em>occurs regardless of whether the user has a Facebook
+ <p>This spying occurs regardless of whether the user has a Facebook
account.</p>
</li>
<li id="M201810244">
<!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some Android apps</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers
can</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/"></em></ins></span>
- track <span class="removed"><del><strong>you
- across devices.</p>
-
- <p>It is possible</strong></del></span> <span
class="inserted"><ins><em>the phones of users that have deleted
them</a>.</p>
+ <p>Some Android apps <a
+
href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
+ track the phones of users that have deleted them</a>.</p>
</li>
<li id="M201808030">
@@ -2359,14 +1594,11 @@
record the user's location even when users disable “location
tracking”</a>.</p>
- <p>There are other ways</em></ins></span> to turn <span
class="removed"><del><strong>this off,</strong></del></span> <span
class="inserted"><ins><em>off the other kinds of location
- tracking,</em></ins></span> but <span class="removed"><del><strong>having
it enabled</strong></del></span> <span class="inserted"><ins><em>most users
will be tricked</em></ins></span> by <span class="removed"><del><strong>default
- is an injustice already.</p></strong></del></span> <span
class="inserted"><ins><em>the misleading control.</p></em></ins></span>
+ <p>There are other ways to turn off the other kinds of location
+ tracking, but most users will be tricked by the misleading
control.</p>
</li>
- <span class="removed"><del><strong><li><p>Tivo's alliance with
Viacom adds 2.3 million households</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201806110">
+ <li id="M201806110">
<!--#set var="DATE" value='<small
class="date-tag">2018-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Spanish football streaming app <a
@@ -2375,8 +1607,8 @@
<p>This makes them act as spies for licensing enforcement.</p>
- <p>We expect it implements DRM, too—that there is no
way</em></ins></span> to <span class="inserted"><ins><em>save
- a recording. But we can't be sure from</em></ins></span> the <span
class="removed"><del><strong>600 millions social media
profiles</strong></del></span> <span
class="inserted"><ins><em>article.</p>
+ <p>We expect it implements DRM, too—that there is no way to
save
+ a recording. But we can't be sure from the article.</p>
<p>If you learn to care much less about sports, you will benefit in
many ways. This is one more.</p>
@@ -2387,24 +1619,11 @@
--><!--#echo encoding="none" var="DATE" -->
<p>More than <a
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
- of</em></ins></span> the <span class="removed"><del><strong>company already
- monitors. Tivo customers are unaware they're being
watched</strong></del></span> <span class="inserted"><ins><em>5,855 Android
apps studied</em></ins></span> by
- <span class="removed"><del><strong>advertisers. By combining TV viewing
information with online
- social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
- advertisement with online purchases</a>, exposing all
users</strong></del></span> <span class="inserted"><ins><em>researchers were
found</em></ins></span> to
- <span class="removed"><del><strong>new combined surveillance by
default.</p></li>
- <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>snoop</em></ins></span>
- and <span class="removed"><del><strong>TV advertisements play inaudible
sounds</strong></del></span> <span class="inserted"><ins><em>collect
information about its users</a>. 40% of the apps were
- found</em></ins></span> to <span class="removed"><del><strong>be
- picked up by proprietary malware running</strong></del></span> <span
class="inserted"><ins><em>insecurely snitch</em></ins></span> on <span
class="removed"><del><strong>other devices</strong></del></span> <span
class="inserted"><ins><em>its users. Furthermore, they could
- detect only some methods of snooping,</em></ins></span> in
- <span class="removed"><del><strong>range so as to determine
that</strong></del></span> <span class="inserted"><ins><em>these proprietary
apps whose
- source code</em></ins></span> they <span class="removed"><del><strong>are
nearby. Once your
- Internet devices are paired with your TV, advertisers can
- correlate ads with Web activity, and</strong></del></span> <span
class="inserted"><ins><em>cannot look at. The</em></ins></span> other <span
class="removed"><del><strong><a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p>
- </li>
- <li><p>Vizio “smart” TVs recognize and
- <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track</strong></del></span>
<span class="inserted"><ins><em>apps might be snooping
+ of the 5,855 Android apps studied by researchers were found to snoop
+ and collect information about its users</a>. 40% of the apps were
+ found to insecurely snitch on its users. Furthermore, they could
+ detect only some methods of snooping, in these proprietary apps whose
+ source code they cannot look at. The other apps might be snooping
in other ways.</p>
<p>This is evidence that proprietary apps generally work against
@@ -2471,7 +1690,7 @@
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
calls and sent them and text messages and emails to
snoopers</a>.</p>
- <p>Google did not intend to make these apps spy; on the contrary, it
+ <p>Google did not intend to make these apps spy; on
the</em></ins></span> contrary, it
worked in various ways to prevent that, and deleted these apps after
discovering what they did. So we cannot blame Google specifically
for the snooping of these apps.</p>
@@ -2493,7 +1712,7 @@
enough to outsmart the checking.</p>
<p>But since Google itself develops malicious apps, we cannot trust
- Google to protect us. We must demand release of source code to the
+ Google to protect us. We must <span class="removed"><del><strong>demand
release</strong></del></span> <span class="inserted"><ins><em>demand release of
source code to the
public, so we can depend on each other.</p>
</li>
@@ -2566,7 +1785,7 @@
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
being pre-installed on only one phone</a>, and the user must
explicitly opt-in before the app takes effect. However, the app
- remains spyware—an “optional” piece of spyware is
+ remains spyware—an “optional” piece</em></ins></span> of
<span class="removed"><del><strong>source code</strong></del></span> <span
class="inserted"><ins><em>spyware is
still spyware.</p>
</li>
@@ -2575,7 +1794,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The Meitu photo-editing app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
- user data to a Chinese company</a>.</p>
+ user data</em></ins></span> to <span class="inserted"><ins><em>a Chinese
company</a>.</p>
</li>
<li id="M201611280">
@@ -2583,16 +1802,18 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The Uber app tracks <a
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after the ride</a>.</p>
+ movements before and after</em></ins></span> the
+ <span class="removed"><del><strong>public, so we can depend on each
other.</p></strong></del></span> <span
class="inserted"><ins><em>ride</a>.</p>
<p>This example illustrates how “getting the user's
consent” for surveillance is inadequate as a protection against
- massive surveillance.</p>
+ massive surveillance.</p></em></ins></span>
</li>
+<span class="removed"><del><strong><li></strong></del></span>
- <li id="M201611160">
+ <span class="inserted"><ins><em><li id="M201611160">
<!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
- --><!--#echo encoding="none" var="DATE" -->
+ --><!--#echo encoding="none" var="DATE" --></em></ins></span>
<p>A <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
research paper</a> that investigated the privacy and security of
@@ -2601,11 +1822,15 @@
apps—millions of users may be unawarely subject to poor security
guarantees and abusive practices inflicted by VPN apps.”</p>
- <p>Following is a non-exhaustive list, taken from the research paper,
- of some proprietary VPN apps that track users and infringe their
+ <p>Following is a non-exhaustive <span
class="removed"><del><strong>list</strong></del></span> <span
class="inserted"><ins><em>list, taken from the research paper,</em></ins></span>
+ of <span class="inserted"><ins><em>some</em></ins></span> proprietary VPN
apps <span class="removed"><del><strong>from
+ the research paper</strong></del></span> that <span
class="removed"><del><strong>tracks</strong></del></span> <span
class="inserted"><ins><em>track users</em></ins></span> and <span
class="removed"><del><strong>infringes the privacy of
+ users:</p>
+
+ <dl></strong></del></span> <span class="inserted"><ins><em>infringe
their
privacy:</p>
- <dl class="compact">
+ <dl class="compact"></em></ins></span>
<dt>SurfEasy</dt>
<dd>Includes tracking libraries such as NativeX and Appflood,
meant to track users and show them targeted ads.</dd>
@@ -2627,22 +1852,61 @@
<dt>VPN Services HotspotShield</dt>
<dd>Injects JavaScript code into the HTML pages returned to the
users. The stated purpose of the JS injection is to display ads. Uses
- roughly five tracking libraries. Also, it redirects the user's
+ roughly <span class="removed"><del><strong>5</strong></del></span> <span
class="inserted"><ins><em>five</em></ins></span> tracking libraries. Also, it
redirects the user's
traffic through valueclick.com (an advertising website).</dd>
<dt>WiFi Protector VPN</dt>
- <dd>Injects JavaScript code into HTML pages, and also uses roughly
- five tracking libraries. Developers of this app have confirmed that
- the non-premium version of the app does JavaScript injection for
- tracking the user and displaying ads.</dd>
+ <dd>Injects JavaScript code into HTML pages, and also uses roughly
<span class="removed"><del><strong>5</strong></del></span>
+ <span class="inserted"><ins><em>five</em></ins></span> tracking
libraries. Developers of this app have confirmed that
+ the non-premium version of <span class="removed"><del><strong>the app
does
+ JavaScript injection for tracking and display ads.</dd>
</dl>
+</li>
+<li>
+ <p><a
href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found that 90% of the top-ranked gratis
+ proprietary Android apps contained recognizable tracking libraries. For
+ the paid proprietary apps, it was only 60%.</p>
+
+ <p>The article confusingly describes gratis apps as “free”,
+ but most of them are not in fact
+ <a href="/philosophy/free-sw.html">free software</a>.
+ It also uses the ugly word “monetize”. A good replacement
+ for that word is “exploit”; nearly always that will fit
+ perfectly.</p>
+</li>
+
+<li>
+ <p>Apps for BART
+ <a
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
+ <p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
+ <p>With proprietary apps, one can only hope that they don't.</p>
+</li>
+
+<li>
+ <p>A study found 234 Android apps that track users by
+ <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or played by TV
programs</a>.
+ </p>
+
+</li>
+
+<li>
+ <p>Pairs of Android apps can collude to transmit users' personal
+ data to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands of pairs that
collude</a>.</p></strong></del></span> <span
class="inserted"><ins><em>the app does JavaScript injection for
+ tracking the user and displaying ads.</dd>
+ </dl></em></ins></span>
</li>
- <li id="M201609210">
+<span class="removed"><del><strong><li>
+<p>Google Play intentionally sends</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201609210">
<!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google's new voice messaging app <a
-
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ <p>Google's new voice messaging</em></ins></span> app <span
class="removed"><del><strong>developers</strong></del></span> <a
+<span
class="removed"><del><strong>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p>
</li>
@@ -2652,16 +1916,21 @@
<p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
- and suggests you circulate the picture you take according to who is
- in the frame.</p>
+ and suggests you circulate</em></ins></span> the <span
class="removed"><del><strong>personal details of users that
install</strong></del></span> <span class="inserted"><ins><em>picture you take
according to who is
+ in</em></ins></span> the <span
class="removed"><del><strong>app</a>.</p>
+
+<p>Merely asking</strong></del></span> <span
class="inserted"><ins><em>frame.</p>
<p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures are likely to be
- sent across the wire to Facebook's servers and face-recognition
+ known-faces database, which means</em></ins></span> the <span
class="removed"><del><strong>“consent” of users is not
enough</strong></del></span> <span class="inserted"><ins><em>pictures are
likely</em></ins></span> to <span class="removed"><del><strong>legitimize
actions like this. At this point, most users have
+stopped reading</strong></del></span> <span class="inserted"><ins><em>be
+ sent across</em></ins></span> the <span
class="removed"><del><strong>“Terms</strong></del></span> <span
class="inserted"><ins><em>wire to Facebook's servers</em></ins></span> and
<span class="removed"><del><strong>Conditions” that spell out
+what they</strong></del></span> <span
class="inserted"><ins><em>face-recognition
algorithms.</p>
- <p>If so, none of Facebook users' pictures are private anymore,
- even if the user didn't “upload” them to the service.</p>
+ <p>If so, none of Facebook users' pictures</em></ins></span> are
<span class="removed"><del><strong>“consenting” to. Google should
clearly
+and honestly identify</strong></del></span> <span
class="inserted"><ins><em>private anymore,
+ even if</em></ins></span> the <span
class="removed"><del><strong>information</strong></del></span> <span
class="inserted"><ins><em>user didn't “upload” them to the
service.</p>
</li>
<li id="M201605310">
@@ -2669,8 +1938,8 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook's app listens all the time, <a
href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-listen-what-they-re-saying-claims-professor-a7057526.html">to
- snoop on what people are listening to or watching</a>. In addition,
- it may be analyzing people's conversations to serve them with targeted
+ snoop on what people are listening to or watching</a>. In
addition,</em></ins></span>
+ it <span class="removed"><del><strong>collects</strong></del></span> <span
class="inserted"><ins><em>may be analyzing people's conversations to serve them
with targeted
advertisements.</p>
</li>
@@ -2679,7 +1948,10 @@
--><!--#echo encoding="none" var="DATE" -->
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
- spy on many sorts of data in the phone, and in server accounts,
+ spy</em></ins></span> on <span class="removed"><del><strong>users,
instead</strong></del></span> <span class="inserted"><ins><em>many
sorts</em></ins></span> of <span class="removed"><del><strong>hiding
it</strong></del></span> <span class="inserted"><ins><em>data</em></ins></span>
in <span class="removed"><del><strong>an obscurely worded EULA.</p>
+
+<p>However, to truly protect people's privacy, we must prevent
Google</strong></del></span> <span class="inserted"><ins><em>the
phone,</em></ins></span> and <span class="removed"><del><strong>other companies
from getting this personal information</strong></del></span> in <span
class="removed"><del><strong>the first
+place!</p></strong></del></span> <span class="inserted"><ins><em>server
accounts,
it can alter them too</a>.</p>
</li>
@@ -2690,47 +1962,64 @@
href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
Symphony surveillance software snoop on what radio and TV programs
are playing nearby</a>. Also on what users post on various sites
- such as Facebook, Google+ and Twitter.</p>
+ such as Facebook, Google+ and Twitter.</p></em></ins></span>
</li>
- <li id="M201511190">
+ <span class="removed"><del><strong><li>
+ <p>Google Play (a component of Android)</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511190">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“Cryptic communication,”
- unrelated to the app's functionality, was <a
-
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found in the 500 most popular gratis Android apps</a>.</p>
+ unrelated to the app's functionality, was</em></ins></span> <a
+ <span
class="removed"><del><strong>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in</em></ins></span> the <span class="removed"><del><strong>users'
movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself</strong></del></span> <span
class="inserted"><ins><em>500 most popular gratis Android
apps</a>.</p>
<p>The article should not have described these apps as
- “free”—they are not free software. The clear way
- to say “zero price” is “gratis.”</p>
+ “free”—they are not free software. The clear
way</em></ins></span>
+ to <span class="removed"><del><strong>completely
stop</strong></del></span> <span class="inserted"><ins><em>say “zero
price” is “gratis.”</p>
- <p>The article takes for granted that the usual analytics tools are
- legitimate, but is that valid? Software developers have no right to
- analyze what users are doing or how. “Analytics” tools
- that snoop are just as wrong as any other snooping.</p>
+ <p>The article takes for granted that</em></ins></span> the <span
class="removed"><del><strong>tracking. This</strong></del></span> <span
class="inserted"><ins><em>usual analytics tools are
+ legitimate, but</em></ins></span> is
+ <span class="removed"><del><strong>yet another example of nonfree software
pretending</strong></del></span> <span class="inserted"><ins><em>that valid?
Software developers have no right</em></ins></span> to <span
class="removed"><del><strong>obey the user,
+ when it's actually</strong></del></span>
+ <span class="inserted"><ins><em>analyze what users are</em></ins></span>
doing <span class="removed"><del><strong>something else. Such a thing would be
almost
+ unthinkable with free software.</p></strong></del></span> <span
class="inserted"><ins><em>or how. “Analytics” tools
+ that snoop are just as wrong as any other
snooping.</p></em></ins></span>
</li>
- <li id="M201510300">
+ <span
class="removed"><del><strong><li><p>More</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510300">
<!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>More than 73% and 47% of mobile applications, for Android and iOS
- respectively <a href="https://techscience.org/a/2015103001/">hand
over
- personal, behavioral and location information</a> of their users to
+ <p>More</em></ins></span> than 73% <span
class="inserted"><ins><em>and 47%</em></ins></span> of <span
class="removed"><del><strong>the most popular</strong></del></span> <span
class="inserted"><ins><em>mobile applications, for</em></ins></span> Android
<span class="removed"><del><strong>apps</strong></del></span> <span
class="inserted"><ins><em>and iOS
+ respectively</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share</strong></del></span>
<span
class="inserted"><ins><em>href="https://techscience.org/a/2015103001/">hand
over</em></ins></span>
+ personal, behavioral and location information</a> of their users
<span class="removed"><del><strong>with</strong></del></span> <span
class="inserted"><ins><em>to</em></ins></span>
third parties.</p>
</li>
- <li id="M201508210">
+ <span class="removed"><del><strong><li><p>“Cryptic
communication,” unrelated</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201508210">
<!--#set var="DATE" value='<small
class="date-tag">2015-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Like most “music screaming” disservices, Spotify is
based on proprietary malware (DRM and snooping). In August 2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit to increased snooping</a>, and some are
starting
- to realize that it is nasty.</p>
+ demanded users submit to increased snooping</a>, and some are
starting</em></ins></span>
+ to <span class="inserted"><ins><em>realize that it is nasty.</p>
- <p>This article shows the <a
-
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ <p>This article shows</em></ins></span> the <span
class="removed"><del><strong>app's functionality,
+ was</strong></del></span> <a <span
class="removed"><del><strong>href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
twisted ways that they present snooping as a way to “serve”
users better</a>—never mind whether they want that. This is a
typical example of the attitude of the proprietary software industry
@@ -2744,91 +2033,168 @@
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf">
- A study in 2015</a> found that 90% of the top-ranked gratis
proprietary
- Android apps contained recognizable tracking libraries. For the paid
- proprietary apps, it was only 60%.</p>
+ A study</em></ins></span> in <span
class="inserted"><ins><em>2015</a> found that 90% of</em></ins></span>
the <span class="removed"><del><strong>500 most popular</strong></del></span>
<span class="inserted"><ins><em>top-ranked</em></ins></span> gratis <span
class="inserted"><ins><em>proprietary</em></ins></span>
+ Android <span
class="removed"><del><strong>apps</a>.</p></strong></del></span>
<span class="inserted"><ins><em>apps contained recognizable tracking libraries.
For the paid
+ proprietary apps, it was only 60%.</p></em></ins></span>
+
+ <p>The article <span class="removed"><del><strong>should not have
described these</strong></del></span> <span
class="inserted"><ins><em>confusingly describes gratis</em></ins></span> apps as
+ <span
class="removed"><del><strong>“free”—they</strong></del></span>
+ <span class="inserted"><ins><em>“free”, but most of
them</em></ins></span> are not <span class="removed"><del><strong>free
software. The clear way to say
+ “zero price” is “gratis.”</p>
- <p>The article confusingly describes gratis apps as
- “free”, but most of them are not in fact <a
+ <p>The article takes</strong></del></span> <span
class="inserted"><ins><em>in fact <a
href="/philosophy/free-sw.html">free software</a>. It also uses
the
- ugly word “monetize”. A good replacement for that word
- is “exploit”; nearly always that will fit perfectly.</p>
+ ugly word “monetize”. A good replacement</em></ins></span> for
<span class="removed"><del><strong>granted</strong></del></span> that <span
class="removed"><del><strong>the usual analytics tools are
+ legitimate, but</strong></del></span> <span
class="inserted"><ins><em>word</em></ins></span>
+ is <span class="inserted"><ins><em>“exploit”; nearly
always</em></ins></span> that <span class="removed"><del><strong>valid?
Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools that
snoop are
+ just as wrong as any other snooping.</p></strong></del></span> <span
class="inserted"><ins><em>will fit perfectly.</p></em></ins></span>
</li>
+ <span
class="removed"><del><strong><li><p>Gratis</strong></del></span>
- <li id="M201505060">
+ <span class="inserted"><ins><em><li id="M201505060">
<!--#set var="DATE" value='<small
class="date-tag">2015-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Gratis Android apps (but not <a
+ <p>Gratis</em></ins></span> Android apps (but not <a
href="/philosophy/free-sw.html">free software</a>) connect to 100
<a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs, on the average.</p>
</li>
+ <span class="removed"><del><strong><li><p>Spyware is present in
some Android devices when they are sold.
+ Some Motorola phones modify Android to
+ <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ send personal data to Motorola</a>.</p>
+ </li>
- <li id="M201504060">
+ <li><p>Some manufacturers add a</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201504060">
<!--#set var="DATE" value='<small
class="date-tag">2015-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Widely used <a
-
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
- QR-code scanner apps snoop on the user</a>. This is in addition to
- the snooping done by the phone company, and perhaps by the OS in
- the phone.</p>
+ <p>Widely used</em></ins></span> <a <span
class="removed"><del><strong>href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier
IQ.</a></p>
+ </li>
+
+ <li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access to any
file</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop</em></ins></span> on the <span
class="removed"><del><strong>system.</p>
+ </li>
+</ul>
+
+
+
+<!-- #SpywareOnMobiles -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareIniThings">Spyware</strong></del></span> <span
class="inserted"><ins><em>user</a>. This is</em></ins></span> in <span
class="removed"><del><strong>iThings</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+</div>
+
+<ul>
+ <li><p>The DMCA</strong></del></span> <span
class="inserted"><ins><em>addition to
+ the snooping done by the phone company,</em></ins></span> and <span
class="inserted"><ins><em>perhaps by</em></ins></span> the <span
class="removed"><del><strong>EU Copyright Directive make it <a
+href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
+ illegal to study how iOS cr...apps spy on users</a>, because this
+ would require circumventing</strong></del></span> <span
class="inserted"><ins><em>OS in</em></ins></span>
+ the <span class="removed"><del><strong>iOS
DRM.</p></strong></del></span> <span
class="inserted"><ins><em>phone.</p>
<p>Don't be distracted by the question of whether the app developers
get users to say “I agree”. That is no excuse for
- malware.</p>
+ malware.</p></em></ins></span>
</li>
- <li id="M201411260">
+ <span class="removed"><del><strong><li><p>In the latest iThings
system, “turning off” WiFi and Bluetooth</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201411260">
<!--#set var="DATE" value='<small
class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many proprietary apps for mobile devices
- report which other apps the user has installed. <a
- href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible and optional</a>. Not
- as bad as what the others do.</p>
+ report which other apps</em></ins></span> the
+ <span class="removed"><del><strong>obvious way</strong></del></span>
<span class="inserted"><ins><em>user has installed.</em></ins></span> <a
+ <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
+ doesn't really turn them off</a>.
+ A more advanced</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a</em></ins></span> way <span
class="removed"><del><strong>really does turn them off—only until 5am.
+ That's Apple for you—“We know you want to be spied
on”.</p></strong></del></span> <span class="inserted"><ins><em>that
at least is visible and optional</a>. Not
+ as bad as what the others do.</p></em></ins></span>
</li>
- <li id="M201401150.1">
+ <span class="removed"><del><strong><li><p>Apple
proposes</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201401150.1">
<!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Simeji keyboard is a smartphone version of Baidu's <a
- href="/proprietary/proprietary-surveillance.html#baidu-ime">spying
<abbr
+ <p>The Simeji keyboard is a smartphone version of
Baidu's</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
+ — which would mean no way</strong></del></span>
+ <span
class="inserted"><ins><em>href="/proprietary/proprietary-surveillance.html#baidu-ime">spying
<abbr
title="Input Method Editor">IME</abbr></a>.</p>
</li>
<li id="M201312270">
<!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The nonfree Snapchat app's principal purpose is to restrict the
- use of data on the user's computer, but it does surveillance too: <a
+ <p>The nonfree Snapchat app's principal purpose is</em></ins></span>
to <span class="inserted"><ins><em>restrict the</em></ins></span>
+ use <span class="inserted"><ins><em>of data on the user's computer,
but</em></ins></span> it <span class="removed"><del><strong>without having your
fingerprints
+ taken. Users would have no way</strong></del></span> <span
class="inserted"><ins><em>does surveillance too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries to get the user's list of other people's phone
- numbers</a>.</p>
+ it tries</em></ins></span> to <span class="removed"><del><strong>tell
whether</strong></del></span> <span
class="inserted"><ins><em>get</em></ins></span> the <span
class="inserted"><ins><em>user's list of other people's</em></ins></span> phone
<span class="removed"><del><strong>is snooping on
+ them.</p></li>
+
+ <li><p>iPhones</strong></del></span>
+ <span class="inserted"><ins><em>numbers</a>.</p>
</li>
<li id="M201312060">
<!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Brightest Flashlight app <a
-
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ <p>The Brightest Flashlight app</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
+ lots of</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
sends user data, including geolocation, for use by
companies</a>.</p>
<p>The FTC criticized this app because it asked the user to
- approve sending personal data to the app developer but did not ask
- about sending it to other companies. This shows the weakness of
- the reject-it-if-you-dislike-snooping “solution” to
- surveillance: why should a flashlight app send any information to
- anyone? A free software flashlight app would not.</p>
+ approve sending</em></ins></span> personal data to <span
class="removed"><del><strong>Apple's servers</a>. Big Brother can
+ get them from there.</p>
+ </li>
+
+ <li><p>The iMessage</strong></del></span> <span
class="inserted"><ins><em>the</em></ins></span> app <span
class="removed"><del><strong>on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that</strong></del></span> <span
class="inserted"><ins><em>developer but did not ask
+ about sending it to other companies. This shows</em></ins></span> the
<span class="removed"><del><strong>user types into
it</a>;</strong></del></span> <span class="inserted"><ins><em>weakness
of</em></ins></span>
+ the <span class="removed"><del><strong>server records these numbers for at
least 30
+ days.</p>
+ </li>
+
+ <li><p>Users cannot make an Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
<span class="inserted"><ins><em>reject-it-if-you-dislike-snooping
“solution”</em></ins></span> to <span
class="removed"><del><strong>install even gratis apps)</a>
+ without giving</strong></del></span>
+ <span class="inserted"><ins><em>surveillance: why should</em></ins></span>
a <span class="removed"><del><strong>valid email address and receiving the code
Apple
+ sends</strong></del></span> <span class="inserted"><ins><em>flashlight
app send any information</em></ins></span> to <span
class="removed"><del><strong>it.</p></strong></del></span>
+ <span class="inserted"><ins><em>anyone? A free software flashlight app
would not.</p></em></ins></span>
</li>
- <li id="M201212100">
+ <span class="removed"><del><strong><li><p>Around 47% of
the</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201212100">
<!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>FTC says most mobile apps for children don't respect privacy:
<a
-
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
-
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+ <p>FTC says</em></ins></span> most <span
class="removed"><del><strong>popular iOS</strong></del></span> <span
class="inserted"><ins><em>mobile</em></ins></span> apps <span
class="inserted"><ins><em>for children don't respect privacy:</em></ins></span>
<a <span class="removed"><del><strong>class="not-a-duplicate"
+ href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a> of their users with third
parties.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></em></ins></span>
</li>
-</ul>
+
+ <span class="removed"><del><strong><li><p>iThings automatically
upload</strong></del></span>
+<span class="inserted"><ins><em></ul>
<div class="big-subsection">
@@ -2840,7 +2206,7 @@
<li id="M201908151">
<!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Skype refuses to say whether it can <a
+ <p>Skype refuses</em></ins></span> to <span
class="removed"><del><strong>Apple's servers all</strong></del></span> <span
class="inserted"><ins><em>say whether it can <a
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
on calls</a>.</p>
@@ -2869,58 +2235,120 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is imposing its
- surveillance on the game of Minecraft by <a
-
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
- every player to open an account on Microsoft's network</a>. Microsoft
- has bought the game and will merge all accounts into its network,
+ surveillance on</em></ins></span> the <span
class="removed"><del><strong>photos and
+ videos they make.</p>
+
+ <blockquote><p>
+ iCloud Photo Library stores</strong></del></span> <span
class="inserted"><ins><em>game of Minecraft by <a
+
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring</em></ins></span>
+ every <span class="removed"><del><strong>photo and video you take,
+ and keeps them up</strong></del></span> <span
class="inserted"><ins><em>player</em></ins></span> to <span
class="removed"><del><strong>date</strong></del></span> <span
class="inserted"><ins><em>open an account</em></ins></span> on <span
class="inserted"><ins><em>Microsoft's network</a>. Microsoft
+ has bought the game and will merge</em></ins></span> all <span
class="removed"><del><strong>your devices.
+ Any edits you make are automatically updated everywhere. [...]
+ </p></blockquote>
+
+ <p>(From</strong></del></span> <span
class="inserted"><ins><em>accounts into its network,
which will give them access to people's data.</p>
- <p>Minecraft players <a
- href="https://directory.fsf.org/wiki/Minetest">can play
Minetest</a>
- instead. The essential advantage of Minetest is that it is free
- software, meaning it respects the user's computer freedom. As a bonus,
+ <p>Minecraft players</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.apple.com/icloud/photos/">Apple's
iCloud
+ information</a> as accessed on 24 Sep 2015.)</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://directory.fsf.org/wiki/Minetest">can
play Minetest</a>
+ instead.</em></ins></span> The <span class="removed"><del><strong>iCloud
feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup</strong></del></span> <span class="inserted"><ins><em>essential
advantage</em></ins></span> of <span
class="removed"><del><strong>iOS</a>. The term “cloud” means
+ “please don't ask where.”</p>
+
+ <p>There</strong></del></span> <span
class="inserted"><ins><em>Minetest</em></ins></span> is <span
class="removed"><del><strong>a way to <a
href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active by default
so</strong></del></span> <span class="inserted"><ins><em>that</em></ins></span>
it <span class="removed"><del><strong>still counts as</strong></del></span>
<span class="inserted"><ins><em>is free
+ software, meaning it respects the user's computer freedom.
As</em></ins></span> a
+ <span class="removed"><del><strong>surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage</strong></del></span>
<span class="inserted"><ins><em>bonus,
it offers more options.</p>
</li>
<li id="M201908210">
<!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Microsoft recorded users of Xboxes and had <a
-
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
- human workers listen to the recordings</a>.</p>
+ <p>Microsoft recorded users</em></ins></span> of <span
class="removed"><del><strong>this to</strong></del></span> <span
class="inserted"><ins><em>Xboxes and had</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
+ human workers listen</em></ins></span> to <span
class="removed"><del><strong>get at them, but NSA can access any of them through
+ <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
+ </p></li>
- <p>Morally, we see no difference between having human workers listen
and
- having speech-recognition systems listen. Both intrude on
privacy.</p>
+ <li><p>Spyware in iThings:
+ the <a class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly
where</strong></del></span> the <span class="removed"><del><strong>iThing
is,</strong></del></span> <span
class="inserted"><ins><em>recordings</a>.</p>
+
+ <p>Morally, we see no difference between having human workers
listen</em></ins></span> and <span class="removed"><del><strong>get other info
too.</p></strong></del></span>
+ <span class="inserted"><ins><em>having speech-recognition systems listen.
Both intrude on privacy.</p></em></ins></span>
</li>
- <li id="M201806240">
+ <span
class="removed"><del><strong><li><p>There</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201806240">
<!--#set var="DATE" value='<small
class="date-tag">2018-06</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Red Shell is a spyware that
- is found in many proprietary games. It <a
-
href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
- tracks data on users' computers and sends it to third
parties</a>.</p>
+ <p>Red Shell</em></ins></span> is <span
class="removed"><del><strong>also</strong></del></span> a <span
class="removed"><del><strong>feature for web sites to track users, which is
+ <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6, but
it</strong></del></span> <span class="inserted"><ins><em>spyware
that</em></ins></span>
+ is <span class="removed"><del><strong>still true</strong></del></span>
<span class="inserted"><ins><em>found</em></ins></span> in <span
class="removed"><del><strong>iOS 7.)</p>
+ </li>
+
+ <li><p>The iThing also
+ <a
+href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
</li>
- <li id="M201804144">
+ <li><p>Apple can, and regularly does,</strong></del></span>
<span class="inserted"><ins><em>many proprietary games. It</em></ins></span>
<a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
+ tracks</em></ins></span> data <span class="removed"><del><strong>from
iPhones for the state</a>.</p></strong></del></span> <span
class="inserted"><ins><em>on users' computers and sends it to third
parties</a>.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804144">
<!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>ArenaNet surreptitiously installed a spyware
- program along with an update to the massive
+ program along with an update to</em></ins></span> the <span
class="removed"><del><strong>NSA</strong></del></span> <span
class="inserted"><ins><em>massive
multiplayer game Guild Wars 2. The spyware allowed ArenaNet <a
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
- to snoop on all open processes running on its user's
computer</a>.</p>
+ to</em></ins></span> snoop on all <span class="removed"><del><strong>the
data in an iThing,
+ or it is totally incompetent.</a></p></strong></del></span>
<span class="inserted"><ins><em>open processes running on its user's
computer</a>.</p></em></ins></span>
</li>
- <li id="M201711070">
+ <span class="removed"><del><strong><li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features” of iOS seem to exist</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201711070">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The driver for a certain gaming keyboard <a
-
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
- information to China</a>.</p>
+ <p>The driver</em></ins></span> for <span
class="removed"><del><strong>no
+ possible purpose other than surveillance</a>. Here is
the</strong></del></span> <span class="inserted"><ins><em>a certain gaming
keyboard</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
+ information to China</a>.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
+</div>
+
+<ul>
+ <li><p>Tracking software in popular Android
apps</strong></del></span>
- <li id="M201512290">
+ <span class="inserted"><ins><em><li id="M201512290">
<!--#set var="DATE" value='<small
class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many <a
@@ -2928,27 +2356,46 @@
video game consoles snoop on their users and report to the
internet</a>—even what their users weigh.</p>
- <p>A game console is a computer, and you can't trust a computer with
- a nonfree operating system.</p>
+ <p>A game console</em></ins></span> is <span
class="removed"><del><strong>pervasive</strong></del></span> <span
class="inserted"><ins><em>a computer,</em></ins></span> and
+ <span class="removed"><del><strong>sometimes very clever. Some trackers
can <a
+href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
+ follow</strong></del></span> <span class="inserted"><ins><em>you can't
trust</em></ins></span> a <span class="removed"><del><strong>user's movements
around</strong></del></span> <span class="inserted"><ins><em>computer
with</em></ins></span>
+ a <span class="removed"><del><strong>physical store by noticing WiFi
+ networks</a>.</p></strong></del></span> <span
class="inserted"><ins><em>nonfree operating system.</p></em></ins></span>
</li>
- <li id="M201509160">
+ <span class="removed"><del><strong><li><p>Android tracks
location for Google <a
+href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ even when “location services” are turned off, even
+ when the phone has no SIM card</a>.</p></li>
+
+ <li><p>Some portable phones</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201509160">
<!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Modern gratis game cr…apps <a
-
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
- collect a wide range of data about their users and their users'
+ <p>Modern gratis game cr…apps</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range</em></ins></span> of data <span
class="inserted"><ins><em>about their users and their users'
friends and associates</a>.</p>
<p>Even nastier, they do it through ad networks that merge the data
collected by various cr…apps and sites made by different
companies.</p>
- <p>They use this data to manipulate people to buy things, and hunt
for
- “whales” who can be led to spend a lot of money. They also
- use a back door to manipulate the game play for specific players.</p>
+ <p>They use this data</em></ins></span> to <span
class="removed"><del><strong>China</a>.</p></li>
- <p>While the article describes gratis games, games that cost money
+ <li><p>According</strong></del></span> <span
class="inserted"><ins><em>manipulate people</em></ins></span> to <span
class="removed"><del><strong>Edward Snowden,
+ <a
href="http://www.bbc.com/news/uk-34444233">agencies</strong></del></span>
<span class="inserted"><ins><em>buy things, and hunt for
+ “whales” who</em></ins></span> can <span
class="removed"><del><strong>take over smartphones</a>
+ by sending hidden text messages which enable them</strong></del></span>
<span class="inserted"><ins><em>be led</em></ins></span> to <span
class="removed"><del><strong>turn the phones
+ on and off, listen</strong></del></span> <span
class="inserted"><ins><em>spend a lot of money. They also
+ use a back door</em></ins></span> to <span
class="inserted"><ins><em>manipulate</em></ins></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location data
from</strong></del></span> <span class="inserted"><ins><em>game play for
specific players.</p>
+
+ <p>While</em></ins></span> the
+ <span class="removed"><del><strong>GPS, take photographs, read text
messages, read call, location and web
+ browsing history,</strong></del></span> <span
class="inserted"><ins><em>article describes gratis games, games that cost money
can use the same tactics.</p>
</li>
@@ -2957,9 +2404,13 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Angry Birds <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies, and the NSA takes advantage
- to spy through it too</a>. Here's information on <a
-
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ spies for companies,</em></ins></span> and <span
class="removed"><del><strong>read</strong></del></span> the <span
class="removed"><del><strong>contact list. This malware is
designed</strong></del></span> <span class="inserted"><ins><em>NSA takes
advantage</em></ins></span>
+ to
+ <span class="removed"><del><strong>disguise itself from
investigation.</p>
+ </li>
+
+ <li><p>Samsung phones come with</strong></del></span> <span
class="inserted"><ins><em>spy through it too</a>. Here's information
on</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
more spyware apps</a>.</p>
<p><a
@@ -2971,18 +2422,29 @@
<!--#set var="DATE" value='<small
class="date-tag">2005-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Blizzard Warden is a hidden
- “cheating-prevention” program that <a
+ “cheating-prevention” program</em></ins></span> that <span
class="removed"><del><strong>users can't
delete</a>,</strong></del></span> <span class="inserted"><ins><em><a
href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
- spies on every process running on a gamer's computer and sniffs a
- good deal of personal data</a>, including lots of activities which
- have nothing to do with cheating.</p>
+ spies on every process running on a gamer's computer</em></ins></span> and
<span class="removed"><del><strong>they send so much data that their
transmission is</strong></del></span> <span
class="inserted"><ins><em>sniffs</em></ins></span> a
+ <span class="removed"><del><strong>substantial expense for users. Said
transmission, not wanted or
+ requested by the user, clearly must constitute
spying</strong></del></span>
+ <span class="inserted"><ins><em>good deal</em></ins></span> of <span
class="removed"><del><strong>some
+ kind.</p></li>
+
+ <li><p>A Motorola phone
+ <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the
time</a>.</p></strong></del></span> <span
class="inserted"><ins><em>personal data</a>, including lots of activities
which
+ have nothing to do with cheating.</p></em></ins></span>
</li>
-</ul>
+
+ <span
class="removed"><del><strong><li><p>Spyware</strong></del></span>
+<span class="inserted"><ins><em></ul>
<div class="big-section">
- <h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3>
+ <h3 id="SpywareInEquipment">Spyware</em></ins></span> in <span
class="removed"><del><strong>Android phones (and Windows? laptops): The Wall
+ Street Journal (in an article blocked from us by a paywall)
+ reports that</strong></del></span> <span
class="inserted"><ins><em>Connected Equipment</h3>
<span class="anchor-reference-id">(<a
href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
</div>
<div style="clear: left;"></div>
@@ -2991,90 +2453,142 @@
<li id="M202101050">
<!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Most Internet connected devices in Mozilla's <a
-
href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
+ <p>Most Internet connected devices in Mozilla's</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
Not Included”</a> list <a
href="https://foundation.mozilla.org/privacynotincluded/arlo-video-doorbell">are
designed to snoop on users</a> even if they meet
Mozilla's “Minimum Security Standards.” Insecure
- design of the program running on some of these devices <a
-
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
- the user susceptible to be snooped and exploited by crackers as
+ design of</em></ins></span> the <span class="removed"><del><strong>FBI can
remotely activate</strong></del></span> <span class="inserted"><ins><em>program
running on some of these devices <a
+
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes</em></ins></span>
+ the <span class="removed"><del><strong>GPS</strong></del></span> <span
class="inserted"><ins><em>user susceptible to be snooped</em></ins></span> and
<span class="removed"><del><strong>microphone</strong></del></span> <span
class="inserted"><ins><em>exploited by crackers as
well</a>.</p>
</li>
<li id="M201708280">
<!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The bad security in many Internet of Stings devices allows <a
-
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
- to snoop on the people that use them</a>.</p>
+ <p>The bad security</em></ins></span> in <span
class="removed"><del><strong>Android
+ phones and laptops</a>.
+ (I suspect this means Windows laptops.) Here is</strong></del></span>
<span class="inserted"><ins><em>many Internet of Stings devices
allows</em></ins></span> <a <span
class="removed"><del><strong>href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
- <p>Don't be a sucker—reject all the stings.</p>
+ <li><p>Portable phones with GPS will send their GPS
location</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop</em></ins></span> on
+ <span class="removed"><del><strong>remote command and users cannot stop
them:
+ <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require</strong></del></span> <span
class="inserted"><ins><em>the people that use them</a>.</p>
- <p><small>(It is unfortunate that the article uses the term
<a
-
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p>
+ <p>Don't be a sucker—reject</em></ins></span> all <span
class="removed"><del><strong>new portable phones
+ to have GPS.)</p>
+ </li>
+
+ <li><p>The nonfree Snapchat app's principal
purpose</strong></del></span> <span class="inserted"><ins><em>the
stings.</p>
+
+ <p><small>(It</em></ins></span> is <span
class="removed"><del><strong>to restrict</strong></del></span> <span
class="inserted"><ins><em>unfortunate that</em></ins></span> the <span
class="removed"><del><strong>use of data on</strong></del></span> <span
class="inserted"><ins><em>article uses</em></ins></span> the <span
class="removed"><del><strong>user's computer, but it does surveillance
+ too:</strong></del></span> <span
class="inserted"><ins><em>term</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
+ it tries to get the user's list of other people's phone
+ numbers.</a></p></strong></del></span>
+ <span
class="inserted"><ins><em>href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInTVSets">TV Sets</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+ <h4 <span
class="removed"><del><strong>id="SpywareInMobileApps">Spyware in Mobile
Applications</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInTVSets">TV
Sets</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInTVSets">#SpywareInTVSets</a>)</span></em></ins></span>
</div>
-<p>Emo Phillips made a joke: The other day a woman came up to me and
-said, “Didn't I see you on television?” I said, “I
-don't know. You can't see out the other way.” Evidently that was
-before Amazon “smart” TVs.</p>
+<span class="removed"><del><strong><ul>
+ <li>
+ <p>The moviepass app</strong></del></span>
+
+<span class="inserted"><ins><em><p>Emo Phillips made a joke: The other
day a woman came up to me</em></ins></span> and <span
class="removed"><del><strong>dis-service spy</strong></del></span>
+<span class="inserted"><ins><em>said, “Didn't I see
you</em></ins></span> on <span class="removed"><del><strong>users even more
than users
+ expected. It <a
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel</strong></del></span> <span
class="inserted"><ins><em>television?” I said, “I
+don't know. You can't see out the other way.” Evidently that
was</em></ins></span>
+before <span class="removed"><del><strong>and after
going</strong></del></span> <span class="inserted"><ins><em>Amazon
“smart” TVs.</p>
<ul class="blurbs">
<li id="M202006250">
<!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>TV manufacturers are able to <a
-
href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
- every second of what the user is watching</a>. This is illegal due to
+ <p>TV manufacturers are able</em></ins></span> to <span
class="removed"><del><strong>a movie</a>.
+ </p>
+
+ <p>Don't be tracked — pay cash!</p>
+ </li>
+
+ <li><p>AI-powered driving apps can</strong></del></span> <a
<span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
+ track your</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop</em></ins></span>
+ every <span
class="removed"><del><strong>move</a>.</p></strong></del></span>
<span class="inserted"><ins><em>second of what the user is watching</a>.
This is illegal due to
the Video Privacy Protection Act of 1988, but they're circumventing
- it through EULAs.</p>
+ it through EULAs.</p></em></ins></span>
</li>
- <li id="M201901070">
+ <span class="removed"><del><strong><li><p>The Sarahah
app</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201901070">
<!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Vizio TVs <a
-
href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
+ <p>Vizio TVs</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
collect “whatever the TV sees,”</a> in the own words of
the company's
- CTO, and this data is sold to third parties. This is in return for
+ CTO,</em></ins></span> and <span class="removed"><del><strong>email
addresses</a></strong></del></span> <span class="inserted"><ins><em>this
data is sold to third parties. This is</em></ins></span> in <span
class="removed"><del><strong>user's address
+ book</strong></del></span> <span class="inserted"><ins><em>return for
“better service” (meaning more intrusive ads?) and slightly
lower retail prices.</p>
- <p>What is supposed to make this spying acceptable, according to him,
+ <p>What is supposed</em></ins></span> to <span
class="removed"><del><strong>developer's server. Note
that</strong></del></span> <span
class="inserted"><ins><em>make</em></ins></span> this <span
class="removed"><del><strong>article misuses the words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring</strong></del></span> <span class="inserted"><ins><em>spying
acceptable, according</em></ins></span> to <span
class="removed"><del><strong>zero price.</p>
+ </li>
+
+ <li>
+ <p>Facebook's app listens</strong></del></span> <span
class="inserted"><ins><em>him,
is that it is opt-in in newer models. But since the Vizio software is
nonfree, we don't know what is actually happening behind the scenes,
- and there is no guarantee that all future updates will leave the
- settings unchanged.</p>
+ and there is no guarantee that</em></ins></span> all <span
class="inserted"><ins><em>future updates will leave</em></ins></span> the <span
class="removed"><del><strong>time, <a
href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop</strong></del></span>
+ <span class="inserted"><ins><em>settings unchanged.</p>
<p>If you already own a Vizio “smart” TV (or any
“smart” TV, for that
- matter), the easiest way to make sure it isn't spying on you is
- to disconnect it from the Internet, and use a terrestrial antenna
+ matter), the easiest way to make sure it isn't spying</em></ins></span> on
<span class="removed"><del><strong>what people are
listening</strong></del></span> <span class="inserted"><ins><em>you
is</em></ins></span>
+ to <span class="removed"><del><strong>or watching</a>. In
addition,</strong></del></span> <span
class="inserted"><ins><em>disconnect</em></ins></span> it <span
class="removed"><del><strong>may</strong></del></span> <span
class="inserted"><ins><em>from the Internet, and use a terrestrial antenna
instead. Unfortunately, this is not always possible. Another option,
- if you are technically oriented, is to get your own router (which can
- be an old computer running completely free software), and set up a
- firewall to block connections to Vizio's servers. Or, as a last resort,
- you can replace your TV with another model.</p>
+ if you are technically oriented, is to get your own router (which
can</em></ins></span>
+ be <span class="removed"><del><strong>analyzing people's
conversations</strong></del></span> <span class="inserted"><ins><em>an old
computer running completely free software), and set up a
+ firewall</em></ins></span> to <span class="removed"><del><strong>serve
them</strong></del></span> <span class="inserted"><ins><em>block connections to
Vizio's servers. Or, as a last resort,
+ you can replace your TV</em></ins></span> with <span
class="removed"><del><strong>targeted
+ advertisements.</p></strong></del></span> <span
class="inserted"><ins><em>another model.</p></em></ins></span>
</li>
- <li id="M201804010">
+ <span class="removed"><del><strong><li>
+ <p>Faceapp appears to do lots of surveillance, judging
by</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201804010">
<!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some “Smart” TVs automatically <a
-
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ <p>Some “Smart” TVs automatically</em></ins></span>
<a <span
class="removed"><del><strong>href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access it demands</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
load downgrades that install a surveillance app</a>.</p>
- <p>We link to the article for the facts it presents. It
+ <p>We link</em></ins></span> to <span
class="removed"><del><strong>personal data in</strong></del></span> the <span
class="removed"><del><strong>device</a>.
+ </p>
+ </li>
+
+ <li>
+ <p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
+ announced an opt-in proprietary search app that</strong></del></span>
<span class="inserted"><ins><em>article for the facts</em></ins></span> it
<span class="removed"><del><strong>will</a>
+ pre-install on some</strong></del></span> <span
class="inserted"><ins><em>presents. It
is too bad that the article finishes by advocating the
- moral weakness of surrendering to Netflix. The Netflix app <a
+ moral weakness</em></ins></span> of <span class="removed"><del><strong>its
phones.</strong></del></span> <span class="inserted"><ins><em>surrendering to
Netflix.</em></ins></span> The <span
class="inserted"><ins><em>Netflix</em></ins></span> app <span
class="removed"><del><strong>will give Verizon the same
+ information about the users' searches</strong></del></span> <span
class="inserted"><ins><em><a
href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
malware too</a>.</p>
</li>
@@ -3084,22 +2598,43 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts and
- cable</a>. Even if the image is coming from the user's own computer,
- the TV reports what it is. The existence of a way to disable the
- surveillance, even if it were not hidden as it was in these TVs,
- does not legitimize the surveillance.</p>
+ report everything</em></ins></span> that <span
class="removed"><del><strong>Google normally gets when
+ they use its search engine.</p>
+
+ <p>Currently, the app</strong></del></span> is <span
class="removed"><del><strong><a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
+ being pre-installed</strong></del></span> <span
class="inserted"><ins><em>viewed</em></ins></span> on <span
class="removed"><del><strong>only one phone</a>,</strong></del></span>
<span class="inserted"><ins><em>them,</em></ins></span> and <span
class="inserted"><ins><em>not just broadcasts and
+ cable</a>. Even if</em></ins></span> the
+ <span class="removed"><del><strong>user must explicitly opt-in before the
app takes effect. However,</strong></del></span> <span
class="inserted"><ins><em>image is coming from</em></ins></span> the
+ <span class="removed"><del><strong>app remains spyware—an
“optional” piece</strong></del></span> <span
class="inserted"><ins><em>user's own computer,
+ the TV reports what it is. The existence</em></ins></span> of <span
class="removed"><del><strong>spyware is
+ still spyware.</p>
+ </li>
+
+ <li><p>The Meitu photo-editing
+ app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+ user data to</strong></del></span> a <span
class="removed"><del><strong>Chinese company</a>.</p></li>
+
+ <li><p>A pregnancy test controller
application</strong></del></span> <span class="inserted"><ins><em>way to
disable the
+ surveillance, even if it were</em></ins></span> not <span
class="removed"><del><strong>only
+ can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
+ on many sorts of data</strong></del></span> <span
class="inserted"><ins><em>hidden as it was</em></ins></span> in <span
class="inserted"><ins><em>these TVs,
+ does not legitimize</em></ins></span> the <span
class="removed"><del><strong>phone,</strong></del></span> <span
class="inserted"><ins><em>surveillance.</p>
</li>
<li id="M201511130">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some web and TV advertisements play inaudible
+ <p>Some web</em></ins></span> and <span class="inserted"><ins><em>TV
advertisements play inaudible
sounds to be picked up by proprietary malware running
- on other devices in range so as to determine that they
+ on other devices</em></ins></span> in <span
class="removed"><del><strong>server accounts, it</strong></del></span> <span
class="inserted"><ins><em>range so as to determine that they
are nearby. Once your Internet devices are paired with
- your TV, advertisers can correlate ads with Web activity, and other <a
-
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
+ your TV, advertisers</em></ins></span> can
+ <span class="removed"><del><strong>alter them too</a>.
+ </p></li>
+
+ <li><p>The Uber app tracks</strong></del></span> <span
class="inserted"><ins><em>correlate ads with Web activity, and
other</em></ins></span> <a <span
class="removed"><del><strong>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
cross-device tracking</a>.</p>
</li>
@@ -3109,15 +2644,21 @@
<p>Vizio goes a step further than other TV
manufacturers in spying on their users: their <a
href="https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers can track you
+ “smart” TVs analyze your viewing habits in
detail</em></ins></span> and <span class="removed"><del><strong>after the
ride</a>.</p>
+
+ <p>This example illustrates how “getting the user's
consent”
+ for surveillance</strong></del></span>
+ <span class="inserted"><ins><em>link them your IP address</a> so
that advertisers can track you
across devices.</p>
- <p>It is possible to turn this off, but having it enabled by default
- is an injustice already.</p>
+ <p>It</em></ins></span> is <span
class="removed"><del><strong>inadequate as a protection against massive
+ surveillance.</p></strong></del></span> <span
class="inserted"><ins><em>possible to turn this off, but having it enabled by
default
+ is an injustice already.</p></em></ins></span>
</li>
- <li id="M201511020">
+ <span
class="removed"><del><strong><li><p>Google's</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511020">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tivo's alliance with Viacom adds 2.3 million households
@@ -3127,23 +2668,28 @@
information with online social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
correlate TV advertisement with online purchases</a>, exposing all
- users to new combined surveillance by default.</p>
+ users to</em></ins></span> new <span class="removed"><del><strong>voice
messaging app</strong></del></span> <span class="inserted"><ins><em>combined
surveillance by default.</p>
</li>
<li id="M201507240">
<!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Vizio “smart” TVs recognize and <a
- href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
- what people are watching</a>, even if it isn't a TV
channel.</p>
+ <p>Vizio “smart” TVs recognize and</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
+ what people are watching</a>, even if it isn't a TV
channel.</p></em></ins></span>
</li>
- <li id="M201505290">
+ <span class="removed"><del><strong><li><p>Apps that
include</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201505290">
<!--#set var="DATE" value='<small
class="date-tag">2015-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Verizon cable TV <a
-
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
- snoops on what programs people watch, and even what they wanted to
+ <p>Verizon cable TV</em></ins></span> <a <span
class="removed"><del><strong>href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
+ snoops</em></ins></span> on what <span class="removed"><del><strong>radio
and TV</strong></del></span> programs
+ <span class="removed"><del><strong>are playing nearby</a>.
Also</strong></del></span> <span class="inserted"><ins><em>people watch, and
even what they wanted to
record</a>.</p>
</li>
@@ -3152,25 +2698,39 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio <a
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
- used a firmware “upgrade” to make its TVs snoop on what
- users watch</a>. The TVs did not do that when first sold.</p>
+ used a firmware “upgrade” to make its TVs
snoop</em></ins></span> on what
+ users <span class="removed"><del><strong>post on various sites
+ such as Facebook, Google+ and Twitter.</p></strong></del></span>
<span class="inserted"><ins><em>watch</a>. The TVs did not do that when
first sold.</p></em></ins></span>
</li>
- <li id="M201502090">
+ <span class="removed"><del><strong><li><p>Facebook's new Magic
Photo app</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201502090">
<!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Samsung “Smart” TV <a
-
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
- transmits users' voice on the internet to another company,
Nuance</a>.
- Nuance can save it and would then have to give it to the US or some
+ <p>The Samsung “Smart” TV</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
+scans your mobile phone's photo collections for known faces</a>,
+ and suggests you to share</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
+ transmits users' voice on</em></ins></span> the <span
class="removed"><del><strong>picture you take according</strong></del></span>
<span class="inserted"><ins><em>internet</em></ins></span> to <span
class="removed"><del><strong>who
+ is in the frame.</p>
+
+ <p>This spyware feature seems</strong></del></span> <span
class="inserted"><ins><em>another company, Nuance</a>.
+ Nuance can save it and would then have</em></ins></span> to <span
class="removed"><del><strong>require online access</strong></del></span> <span
class="inserted"><ins><em>give it</em></ins></span> to <span
class="removed"><del><strong>some
+ known-faces database, which means</strong></del></span> the <span
class="removed"><del><strong>pictures are likely</strong></del></span> <span
class="inserted"><ins><em>US or some
other government.</p>
- <p>Speech recognition is not to be trusted unless it is done by free
+ <p>Speech recognition is not</em></ins></span> to be
+ <span class="removed"><del><strong>sent across the
wire</strong></del></span> <span class="inserted"><ins><em>trusted unless it is
done by free
software in your own computer.</p>
<p>In its privacy policy, Samsung explicitly confirms that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be transmitted to third
+ data containing sensitive information will be
transmitted</em></ins></span> to <span class="removed"><del><strong>Facebook's
servers and face-recognition
+ algorithms.</p>
+
+ <p>If so, none</strong></del></span> <span
class="inserted"><ins><em>third
parties</a>.</p>
</li>
@@ -3189,34 +2749,57 @@
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
on their users</a>.</p>
- <p>The report was as of 2014, but we don't expect this has got
+ <p>The report was as</em></ins></span> of <span
class="removed"><del><strong>Facebook</strong></del></span> <span
class="inserted"><ins><em>2014, but we don't expect this has got
better.</p>
- <p>This shows that laws requiring products to get users' formal
- consent before collecting personal data are totally inadequate.
- And what happens if a user declines consent? Probably the TV will
- say, “Without your consent to tracking, the TV will not
+ <p>This shows that laws requiring products to get</em></ins></span>
users' <span class="removed"><del><strong>pictures</strong></del></span> <span
class="inserted"><ins><em>formal
+ consent before collecting personal data</em></ins></span> are <span
class="removed"><del><strong>private
+ anymore, even</strong></del></span> <span
class="inserted"><ins><em>totally inadequate.
+ And what happens</em></ins></span> if <span
class="removed"><del><strong>the</strong></del></span> <span
class="inserted"><ins><em>a</em></ins></span> user <span
class="removed"><del><strong>didn't “upload”
them</strong></del></span> <span class="inserted"><ins><em>declines consent?
Probably the TV will
+ say, “Without your consent</em></ins></span> to <span
class="inserted"><ins><em>tracking,</em></ins></span> the <span
class="removed"><del><strong>service.</p></strong></del></span> <span
class="inserted"><ins><em>TV will not
work.”</p>
<p>Proper laws would say that TVs are not allowed to report what the
- user watches—no exceptions!</p>
+ user watches—no exceptions!</p></em></ins></span>
</li>
- <li id="M201405200">
+ <span class="removed"><del><strong><li><p>Like most “music
screaming” disservices, Spotify
+ is based on proprietary malware (DRM and snooping). In August
+ 2015 it</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201405200">
<!--#set var="DATE" value='<small
class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Spyware in LG “smart” TVs <a
-
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what the user watches, and the switch to turn this off has
- no effect</a>. (The fact that the transmission reports a 404 error
- really means nothing; the server could save that data anyway.)</p>
+ <p>Spyware in LG “smart” TVs</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit to increased
snooping</a>,</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ reports what the user watches,</em></ins></span> and <span
class="removed"><del><strong>some
+ are starting</strong></del></span> <span class="inserted"><ins><em>the
switch</em></ins></span> to <span
class="removed"><del><strong>realize</strong></del></span> <span
class="inserted"><ins><em>turn this off has
+ no effect</a>. (The fact</em></ins></span> that <span
class="removed"><del><strong>it is nasty.</p>
+
+ <p>This article shows</strong></del></span> the <span
class="removed"><del><strong><a
+href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as a way
+ to “serve” users better</a>—never mind
+ whether they want that. This is</strong></del></span> <span
class="inserted"><ins><em>transmission reports</em></ins></span> a <span
class="removed"><del><strong>typical example of
+ the attitude of</strong></del></span> <span
class="inserted"><ins><em>404 error
+ really means nothing;</em></ins></span> the <span
class="removed"><del><strong>proprietary software industry towards
+ those they have subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p>
+ </li>
+ <li><p>Many proprietary apps for mobile devices report
which</strong></del></span> <span class="inserted"><ins><em>server could save
that data anyway.)</p>
<p>Even worse, it <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
- snoops on other devices on the user's local network</a>.</p>
+ snoops on</em></ins></span> other
+ <span class="removed"><del><strong>apps</strong></del></span> <span
class="inserted"><ins><em>devices on</em></ins></span> the <span
class="removed"><del><strong>user has
+ installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing</strong></del></span> <span class="inserted"><ins><em>user's
local network</a>.</p>
<p>LG later said it had installed a patch to stop this, but any
- product could spy this way.</p>
+ product could spy</em></ins></span> this <span
class="removed"><del><strong>in</strong></del></span> <span
class="inserted"><ins><em>way.</p>
<p>Meanwhile, LG TVs <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
@@ -3228,10 +2811,18 @@
--><!--#echo encoding="none" var="DATE" -->
<p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
- Crackers found a way to break security on a “smart”
TV</a>
- and use its camera to watch the people who are watching TV.</p>
+ Crackers found</em></ins></span> a way <span
class="removed"><del><strong>that at least is visible</strong></del></span>
<span class="inserted"><ins><em>to break security on a “smart”
TV</a></em></ins></span>
+ and
+ <span class="removed"><del><strong>optional</a>. Not as bad as
what</strong></del></span> <span class="inserted"><ins><em>use its camera to
watch</em></ins></span> the <span class="removed"><del><strong>others
do.</p>
</li>
-</ul>
+
+ <li><p>FTC says most mobile apps for children don't respect
privacy:
+ <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
<span class="inserted"><ins><em>people who are watching
TV.</p></em></ins></span>
+ </li>
+
+ <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
+<span class="inserted"><ins><em></ul>
<div class="big-subsection">
@@ -3243,41 +2834,56 @@
<li id="M201901100">
<!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Amazon Ring “security” devices <a
-
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
- send the video they capture to Amazon servers</a>, which save it
+ <p>Amazon Ring “security” devices</em></ins></span>
<a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
+ send</em></ins></span> the <span
class="removed"><del><strong>user</a>. This is in
addition</strong></del></span> <span class="inserted"><ins><em>video they
capture</em></ins></span> to <span class="inserted"><ins><em>Amazon
servers</a>, which save it
long-term.</p>
- <p>In many cases, the video shows everyone that comes near, or merely
- passes by, the user's front door.</p>
+ <p>In many cases,</em></ins></span> the <span
class="removed"><del><strong>snooping done by the phone company, and perhaps
by</strong></del></span> <span class="inserted"><ins><em>video shows everyone
that comes near, or merely
+ passes by,</em></ins></span> the <span class="removed"><del><strong>OS
in</strong></del></span> <span class="inserted"><ins><em>user's front
door.</p>
<p>The article focuses on how Ring used to let individual employees
look
- at the videos freely. It appears Amazon has tried to prevent that
- secondary abuse, but the primary abuse—that Amazon gets the
- video—Amazon expects society to surrender to.</p>
+ at</em></ins></span> the
+ <span class="removed"><del><strong>phone.</p>
+
+ <p>Don't be distracted by</strong></del></span> <span
class="inserted"><ins><em>videos freely. It appears Amazon has tried to
prevent that
+ secondary abuse, but</em></ins></span> the <span
class="removed"><del><strong>question of whether</strong></del></span> <span
class="inserted"><ins><em>primary abuse—that Amazon
gets</em></ins></span> the <span class="removed"><del><strong>app developers get
+ users</strong></del></span>
+ <span class="inserted"><ins><em>video—Amazon expects
society</em></ins></span> to <span class="removed"><del><strong>say “I
agree”. That is no excuse for malware.</p></strong></del></span>
<span class="inserted"><ins><em>surrender to.</p></em></ins></span>
</li>
- <li id="M201810300">
+ <span class="removed"><del><strong><li><p>The Brightest
Flashlight app</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201810300">
<!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Nearly all “home security cameras” <a
-
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
- give the manufacturer an unencrypted copy of everything they
+ <p>Nearly all “home security cameras”</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by
companies.</a></p>
+
+ <p>The FTC criticized this app because it
asked</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
+ give</em></ins></span> the <span class="removed"><del><strong>user to
+ approve sending personal data</strong></del></span> <span
class="inserted"><ins><em>manufacturer an unencrypted copy of everything they
see</a>. “Home insecurity camera” would be a better
name!</p>
<p>When Consumer Reports tested them, it suggested that these
- manufacturers promise not to look at what's in the videos. That's not
- security for your home. Security means making sure they don't get to
- see through your camera.</p>
+ manufacturers promise not</em></ins></span> to <span
class="inserted"><ins><em>look at what's in</em></ins></span> the <span
class="removed"><del><strong>app developer but did</strong></del></span> <span
class="inserted"><ins><em>videos. That's</em></ins></span> not
+ <span class="removed"><del><strong>ask about sending
it</strong></del></span>
+ <span class="inserted"><ins><em>security for your home. Security means
making sure they don't get</em></ins></span> to <span
class="removed"><del><strong>other companies. This shows the
+ weakness</strong></del></span>
+ <span class="inserted"><ins><em>see through your camera.</p>
</li>
<li id="M201603220">
<!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Over 70 brands of network-connected surveillance cameras have
<a
+ <p>Over 70 brands</em></ins></span> of <span
class="removed"><del><strong>the reject-it-if-you-dislike-snooping
+ “solution”</strong></del></span> <span
class="inserted"><ins><em>network-connected surveillance cameras have <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone to watch through them</a>.</p>
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>surveillance: why should a flashlight
+ app send any information</strong></del></span> <span
class="inserted"><ins><em>watch through them</a>.</p>
</li>
<li id="M201511250">
@@ -3287,18 +2893,23 @@
href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
even when the “owner” switches it “off.”</p>
- <p>A “smart” device means the manufacturer is using it
- to outsmart you.</p>
+ <p>A “smart” device means the manufacturer is using
it</em></ins></span>
+ to <span class="removed"><del><strong>anyone? A free software flashlight
+ app would not.</p></strong></del></span> <span
class="inserted"><ins><em>outsmart you.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Toys</h4>
+ <h4 <span class="removed"><del><strong>id="SpywareInToys">Spyware in
Toys</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
<span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+
+ <li></strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201711244">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
@@ -3311,15 +2922,28 @@
<li id="M201711100">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
- --><!--#echo encoding="none" var="DATE" -->
+ --><!--#echo encoding="none" var="DATE" --></em></ins></span>
<p>A remote-control sex toy was found to make <a
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
recordings of the conversation between two users</a>.</p>
</li>
- <li id="M201703140">
+ <span class="removed"><del><strong><li>
+ <p>The “smart” toys My Friend Cayla and i-Que transmit
+ <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>,
+ a speech recognition company based in the U.S.</p>
+
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control the toys with a mobile phone. This would
+ enable crackers to listen in on a child's speech, and even speak
+ into the toys themselves.</p>
+ </li>
+
+ <li></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703140">
<!--#set var="DATE" value='<small
class="date-tag">2017-03</small>'
- --><!--#echo encoding="none" var="DATE" -->
+ --><!--#echo encoding="none" var="DATE" --></em></ins></span>
<p>A computerized vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
was snooping on its users through the proprietary control
app</a>.</p>
@@ -3340,21 +2964,97 @@
<p>The company's statement that it was anonymizing the data may be
true, but it doesn't really matter. If it had sold the data to a data
- broker, the data broker would have been able to figure out who the
+ broker, the data broker would have been able to figure out who <span
class="removed"><del><strong>the user was.</p>
+
+ <p>Following this lawsuit,
+ <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered to pay a total of C$4m</a>
+ to its customers.</p>
+ </li>
+
+ <li><p> “CloudPets” toys with microphones
+ <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to the
+ manufacturer</a>. Guess what?
+ <a
href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found a way to access the data</a>
+ collected by the manufacturer's snooping.</p>
+
+ <p>That the manufacturer and the FBI could listen to these
conversations
+ was unacceptable by itself.</p></li>
+
+ <li><p>Barbie
+ <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p>
+ </li>
+</ul>
+
+
+<!-- #SpywareOnSmartWatches -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareOnSmartWatches">Spyware on “Smart”
Watches</h3>
+ <span class="anchor-reference-id">
+ (<a
href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li>
+ <p>An LG “smart” watch is designed
+ <a
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
+ to report its location to someone else and to transmit
+ conversations too</a>.</p>
+ </li>
+ <li>
+ <p>A very cheap “smart watch” comes with an Android app
+ <a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
+ that connects to an unidentified site in China</a>.</p>
+ <p>The article says this is a back door, but that could be a
+ misunderstanding. However, it is certainly surveillance, at
+ least.</p>
+ </li>
+</ul>
+
+<!-- #SpywareAtLowLevel -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
+</div>
+
+<ul>
+<li><p></strong></del></span> <span class="inserted"><ins><em>the
user was.</p>
- <p>Following this lawsuit, <a
-
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay a total of C$4m</a> to its
- customers.</p>
+ <p>Following this lawsuit,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
+Note that</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"></em></ins></span>
+ the <span class="removed"><del><strong>specific sabotage method Lenovo
used did not affect
+GNU/Linux; also,</strong></del></span> <span class="inserted"><ins><em>company
has been ordered to pay</em></ins></span> a <span
class="removed"><del><strong>“clean” Windows install is not really
+clean since <a href="/proprietary/malware-microsoft.html">Microsoft
+puts in</strong></del></span> <span class="inserted"><ins><em>total of
C$4m</a> to</em></ins></span> its <span class="removed"><del><strong>own
malware</a>.
+</p></li>
+</ul>
+
+<!-- #SpywareAtWork</strong></del></span>
+ <span class="inserted"><ins><em>customers.</p>
</li>
<li id="M201702280">
<!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>“CloudPets” toys with microphones <a
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
+ <span class="inserted"><ins><em><p>“CloudPets” toys with
microphones <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations to the manufacturer</a>. Guess what?
<a
+ leak childrens' conversations</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each
subsection</strong></del></span> <span class="inserted"><ins><em>the
manufacturer</a>. Guess what? <a
href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
Crackers found a way to access the data</a> collected by the
manufacturer's snooping.</p>
@@ -3365,50 +3065,94 @@
<li id="M201612060">
<!--#set var="DATE" value='<small
class="date-tag">2016-12</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>The “smart” toys My Friend Cayla and i-Que transmit
<a
-
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+
+<span class="removed"><del><strong><div class="big-section">
+ <h3 id="SpywareAtWork">Spyware at Work</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p>Investigation
+ Shows</strong></del></span>
+ <span class="inserted"><ins><em><p>The “smart” toys My
Friend Cayla and i-Que transmit</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Using US Companies, NSA To Route Around Domestic Surveillance
+ Restrictions</a>.</p>
+
+ <p>Specifically, it</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>, a speech recognition
company based in the U.S.</p>
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control the toys with a mobile phone. This would enable
- crackers to listen in on a child's speech, and even speak into the
+ <p>Those toys also contain major security vulnerabilities;
crackers</em></ins></span>
+ can <span class="removed"><del><strong>collect</strong></del></span> <span
class="inserted"><ins><em>remotely control</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
+ this way, because they pass it through Microsoft.</p></li>
+
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>toys with a mobile phone. This would enable
+ crackers to listen</em></ins></span> in <span
class="removed"><del><strong>Cisco TNP IP phones:</strong></del></span> <span
class="inserted"><ins><em>on a child's speech, and even speak into the
toys themselves.</p>
</li>
<li id="M201502180">
<!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Barbie <a
-
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going to spy on children and adults</a>.</p>
+ <p>Barbie</em></ins></span> <a <span
class="removed"><del><strong>href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
+ going to spy on children and adults</a>.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInDrones">Drones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInDrones">#SpywareInDrones</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInSkype">Spyware in
Skype</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInDrones">Drones</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInSkype">#SpywareInSkype</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInDrones">#SpywareInDrones</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+ <li><p>Spyware in Skype:
+ <a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
+
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
+ Microsoft changed Skype
+ <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically for spying</a>.</p>
+ </li>
+</ul>
+
+
+
+<!-- #SpywareOnTheRoad</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201708040">
<!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>While you're using a DJI drone
- to snoop on other people, DJI is in many cases <a
-
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
- on you</a>.</p>
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
+ <span class="inserted"><ins><em><p>While you're using a DJI
drone</em></ins></span>
+ to <span class="removed"><del><strong>place new
items</strong></del></span> <span
class="inserted"><ins><em>snoop</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareOnTheRoad">Spyware</strong></del></span> <span
class="inserted"><ins><em>other people, DJI is in many cases <a
+
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping</em></ins></span>
+ on <span class="removed"><del><strong>The Road</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
+</div>
+<div style="clear: left;"></div></strong></del></span> <span
class="inserted"><ins><em>you</a>.</p>
</li>
-</ul>
+</ul></em></ins></span>
<div class="big-subsection">
- <h4 id="SpywareAtHome">Other Appliances</h4><span
class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+ <h4 <span class="removed"><del><strong>id="SpywareInCameras">Spyware
in Cameras</h4>
+ <span</strong></del></span> <span
class="inserted"><ins><em>id="SpywareAtHome">Other
Appliances</h4><span</em></ins></span>
class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInCameras">#SpywareInCameras</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareAtHome">#SpywareAtHome</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+ <li>
+ <p>Every “home security” camera, if its manufacturer can
communicate with it,</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M202009270">
<!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
@@ -3416,21 +3160,24 @@
software, including videoconference software, to <a
href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
surveil and monitor staff working at home</a>. If the program reports
- whether you are “active,” that is in effect a malicious
- surveillance feature.</p>
+ whether you are “active,” that</em></ins></span> is <span
class="inserted"><ins><em>in effect</em></ins></span> a <span
class="inserted"><ins><em>malicious</em></ins></span>
+ surveillance <span
class="removed"><del><strong>device.</strong></del></span> <span
class="inserted"><ins><em>feature.</p>
</li>
<li id="M202008030">
<!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google Nest <a
-
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
- is taking over ADT</a>. Google sent out a software
+ <p>Google Nest</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
+ Canary camera</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/"></em></ins></span>
+ is <span class="inserted"><ins><em>taking over ADT</a>. Google sent
out a software
update to its speaker devices using their back door <a
href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
listens for things like smoke alarms</a> and then notifies your phone
- that an alarm is happening. This means the devices now listen for more
- than just their wake words. Google says the software update was sent
+ that</em></ins></span> an <span
class="removed"><del><strong>example</a>.</p>
+ <p>The article describes wrongdoing by</strong></del></span> <span
class="inserted"><ins><em>alarm is happening. This means</em></ins></span> the
<span class="removed"><del><strong>manufacturer, based on</strong></del></span>
<span class="inserted"><ins><em>devices now listen for more
+ than just their wake words. Google says</em></ins></span> the <span
class="removed"><del><strong>fact</strong></del></span> <span
class="inserted"><ins><em>software update was sent
out prematurely and on accident and Google was planning on disclosing
this new feature and offering it to customers who pay for it.</p>
</li>
@@ -3438,35 +3185,40 @@
<li id="M202006300">
<!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>“Bossware” is malware that bosses <a
+ <p>“Bossware” is malware</em></ins></span> that <span
class="inserted"><ins><em>bosses <a
href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
- coerce workers into installing in their own computers</a>, so the
- bosses can spy on them.</p>
+ coerce workers into installing in their own computers</a>,
so</em></ins></span> the <span
class="removed"><del><strong>device</strong></del></span>
+ <span class="inserted"><ins><em>bosses can spy on them.</p>
- <p>This shows why requiring the user's “consent” is not
+ <p>This shows why requiring the user's
“consent”</em></ins></span> is <span
class="removed"><del><strong>tethered</strong></del></span> <span
class="inserted"><ins><em>not
an adequate basis for protecting digital privacy. The boss can coerce
- most workers into consenting to almost anything, even probable exposure
+ most workers into consenting</em></ins></span> to <span
class="removed"><del><strong>a server.</p>
+ <p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
+ <p>But</strong></del></span> <span class="inserted"><ins><em>almost
anything, even probable exposure
to contagious disease that can be fatal. Software like this should
- be illegal and bosses that demand it should be prosecuted for it.</p>
+ be illegal and bosses that demand</em></ins></span> it <span
class="removed"><del><strong>also demonstrates</strong></del></span> <span
class="inserted"><ins><em>should be prosecuted for it.</p>
</li>
<li id="M201911190">
<!--#set var="DATE" value='<small
class="date-tag">2019-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Internet-tethered Amazon Ring had
- a security vulnerability that enabled attackers to <a
+ a security vulnerability</em></ins></span> that <span
class="inserted"><ins><em>enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
- access the user's wifi password</a>, and snoop on the household
+ access</em></ins></span> the <span class="removed"><del><strong>device
gives</strong></del></span> <span class="inserted"><ins><em>user's wifi
password</a>, and snoop on</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>household
through connected surveillance devices.</p>
<p>Knowledge of the wifi password would not be sufficient to carry
- out any significant surveillance if the devices implemented proper
+ out any significant</em></ins></span> surveillance <span
class="removed"><del><strong>capability.</p></strong></del></span> <span
class="inserted"><ins><em>if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
- manufacturers for snooping.</p>
+ manufacturers for snooping.</p></em></ins></span>
</li>
- <li id="M201907210">
+ <span class="removed"><del><strong><li>
+ <p>The Nest Cam “smart” camera</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201907210">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google “Assistant” records users' conversations <a
@@ -3475,55 +3227,124 @@
subcontractors discloses a thousand confidential voice recordings,
users were easily identified from these recordings.</p>
- <p>Since Google “Assistant” uses proprietary software,
there is no
- way to see or control what it records or sends.</p>
+ <p>Since Google “Assistant” uses proprietary software,
there</em></ins></span> is <span class="removed"><del><strong><a
+ href="http://www.bbc.com/news/technology-34922712">always
+ watching</a>, even when the “owner”
switches</strong></del></span> <span class="inserted"><ins><em>no
+ way to see or control what</em></ins></span> it <span
class="removed"><del><strong>“off.”</p>
+ <p>A “smart” device means</strong></del></span> <span
class="inserted"><ins><em>records or sends.</p>
+
+ <p>Rather than trying to better control</em></ins></span> the <span
class="removed"><del><strong>manufacturer is using it</strong></del></span>
<span class="inserted"><ins><em>use of recordings, Google
+ should not record or listen</em></ins></span> to <span
class="removed"><del><strong>outsmart
+ you.</p>
+ </li>
+</ul>
+
+<div class="big-subsection">
+ <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
+</div>
- <p>Rather than trying to better control the use of recordings, Google
- should not record or listen to the person's voice. It should only
- get commands that the user wants to send to some Google service.</p>
+<ul>
+ <li><p>E-books can contain JavaScript code,
+ and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
+ this code snoops on readers</a>.</p>
+ </li>
+
+ <li><p>Spyware in many e-readers—not
only</strong></del></span> the
+ <span class="removed"><del><strong>Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">
+ they report even which page</strong></del></span> <span
class="inserted"><ins><em>person's voice. It should only
+ get commands that</em></ins></span> the user <span
class="removed"><del><strong>reads at what time</a>.</p>
</li>
- <li id="M201905061">
+ <li><p>Adobe made “Digital Editions,” the e-reader
used
+ by most US libraries,
+ <a
href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots of data</strong></del></span> <span
class="inserted"><ins><em>wants</em></ins></span> to <span
class="removed"><del><strong>Adobe</a>. Adobe's “excuse”:
it's
+ needed</strong></del></span> <span
class="inserted"><ins><em>send</em></ins></span> to <span
class="removed"><del><strong>check DRM!</p>
+ </li>
+</ul>
+
+<div class="big-subsection">
+ <h4 id="SpywareInVehicles">Spyware in Vehicles</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
+</div>
+
+<ul>
+<li><p>Computerized cars with nonfree software are
+ <a
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
+ snooping devices</a>.</p></strong></del></span> <span
class="inserted"><ins><em>some Google service.</p></em></ins></span>
+ </li>
+
+ <li <span class="removed"><del><strong>id="nissan-modem"><p>The
Nissan Leaf has</strong></del></span> <span
class="inserted"><ins><em>id="M201905061">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Amazon Alexa collects a lot more information from users
+ <p>Amazon Alexa collects</em></ins></span> a <span
class="removed"><del><strong>built-in cell phone modem which allows
+ effectively
+ anyone <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
+ access its computers remotely</strong></del></span> <span
class="inserted"><ins><em>lot more information from users
than is necessary for correct functioning (time, location,
- recordings made without a legitimate prompt), and sends
- it to Amazon's servers, which store it indefinitely. Even
- worse, Amazon forwards it to third-party companies. Thus,
- even if users request deletion of their data from Amazon's servers, <a
+ recordings made without a legitimate prompt),</em></ins></span> and <span
class="removed"><del><strong>make changes in various
+ settings</a>.</p>
+
+ <p>That's easy</strong></del></span> <span
class="inserted"><ins><em>sends
+ it</em></ins></span> to <span class="removed"><del><strong>do because the
system has no authentication when
+ accessed through the modem. However,</strong></del></span> <span
class="inserted"><ins><em>Amazon's servers, which store it indefinitely. Even
+ worse, Amazon forwards it to third-party companies. Thus,</em></ins></span>
+ even if <span class="removed"><del><strong>it asked for
+ authentication, you couldn't</strong></del></span> <span
class="inserted"><ins><em>users request deletion of their data from Amazon's
servers, <a
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
- the data remain on other servers</a>, where they can be accessed by
+ the data remain on other servers</a>, where they
can</em></ins></span> be <span class="removed"><del><strong>confident that
Nissan has no
+ access. The software in</strong></del></span> <span
class="inserted"><ins><em>accessed by
advertising companies and government agencies. In other words,
- deleting the collected information doesn't cancel the wrong of
+ deleting</em></ins></span> the <span class="removed"><del><strong>car is
+ proprietary, <a
href="/philosophy/free-software-even-more-important.html">which
+ means it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to</strong></del></span> <span
class="inserted"><ins><em>collected information doesn't
cancel</em></ins></span> the <span class="removed"><del><strong>car
remotely,</strong></del></span> <span class="inserted"><ins><em>wrong of
collecting it.</p>
- <p>Data collected by devices such as the Nest thermostat, the Philips
- Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
- speakers are likewise stored longer than necessary on the servers
- the devices are tethered to. Moreover, they are made available to
- Alexa. As a result, Amazon has a very precise picture of users' life
- at home, not only in the present, but in the past (and, who knows,
+ <p>Data collected by devices such as</em></ins></span> the <span
class="removed"><del><strong>cell phone
+ modem enables</strong></del></span> <span class="inserted"><ins><em>Nest
thermostat,</em></ins></span> the <span class="removed"><del><strong>phone
company to track</strong></del></span> <span class="inserted"><ins><em>Philips
+ Hue-connected lights,</em></ins></span> the <span
class="removed"><del><strong>car's movements all</strong></del></span> <span
class="inserted"><ins><em>Chamberlain MyQ garage opener and</em></ins></span>
the <span class="removed"><del><strong>time; it is possible to physically
remove</strong></del></span> <span class="inserted"><ins><em>Sonos
+ speakers are likewise stored longer than necessary on</em></ins></span>
the <span class="removed"><del><strong>cell phone modem
+ though.</p>
+ </li>
+
+ <li id="records-drivers"><p>Proprietary software in cars
+ <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records
information about drivers' movements</a>,
+ which is</strong></del></span> <span class="inserted"><ins><em>servers
+ the devices are tethered to. Moreover, they are</em></ins></span> made
available to <span class="removed"><del><strong>car manufacturers, insurance
companies, and
+ others.</p>
+
+ <p>The case</strong></del></span>
+ <span class="inserted"><ins><em>Alexa. As a result, Amazon has a very
precise picture</em></ins></span> of <span
class="removed"><del><strong>toll-collection systems, mentioned in this
article, is</strong></del></span> <span class="inserted"><ins><em>users' life
+ at home,</em></ins></span> not
+ <span class="removed"><del><strong>really a matter</strong></del></span>
<span class="inserted"><ins><em>only in the present, but in the past (and, who
knows,
in the future too?)</p>
</li>
<li id="M201904240">
<!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some of users' commands to the Alexa service are <a
+ <p>Some</em></ins></span> of <span
class="removed"><del><strong>proprietary surveillance. These
systems</strong></del></span> <span class="inserted"><ins><em>users' commands
to the Alexa service</em></ins></span> are <span class="removed"><del><strong>an
+ intolerable invasion of privacy,</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
- recorded for Amazon employees to listen to</a>. The Google and Apple
+ recorded for Amazon employees to listen to</a>. The
Google</em></ins></span> and <span class="removed"><del><strong>should be
replaced with anonymous
+ payment systems, but</strong></del></span> <span
class="inserted"><ins><em>Apple
voice assistants do similar things.</p>
- <p>A fraction of the Alexa service staff even has access to <a
+ <p>A fraction of</em></ins></span> the <span
class="removed"><del><strong>invasion isn't done by malware.
The</strong></del></span> <span class="inserted"><ins><em>Alexa service staff
even has access to <a
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
- location and other personal data</a>.</p>
+ location and</em></ins></span> other
+ <span class="removed"><del><strong>cases mentioned
are</strong></del></span> <span class="inserted"><ins><em>personal
data</a>.</p>
+
+ <p>Since the client program is nonfree, and data processing
is</em></ins></span> done <span class="removed"><del><strong>by proprietary
malware in</strong></del></span>
+ <span class="inserted"><ins><em>“<a
href="/philosophy/words-to-avoid.html#CloudComputing">in</em></ins></span>
+ the <span class="removed"><del><strong>car.</p></li>
- <p>Since the client program is nonfree, and data processing is done
- “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
- the cloud</a>” (a soothing way of saying “We won't
+ <li><p>Tesla cars allow</strong></del></span> <span
class="inserted"><ins><em>cloud</a>” (a soothing way of saying
“We won't
tell you how and where it's done”), users have no way
- to know what happens to the recordings unless human eavesdroppers <a
+ to know what happens to</em></ins></span> the <span
class="removed"><del><strong>company</strong></del></span> <span
class="inserted"><ins><em>recordings unless human eavesdroppers <a
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
break their non-disclosure agreements</a>.</p>
</li>
@@ -3534,11 +3355,14 @@
<p>The HP <a
href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
“ink subscription” cartridges have DRM that constantly
- communicates with HP servers</a> to make sure the user is still
- paying for the subscription, and hasn't printed more pages than were
+ communicates with HP servers</a></em></ins></span> to <span
class="removed"><del><strong>extract data remotely</strong></del></span> <span
class="inserted"><ins><em>make sure the user is still
+ paying for the subscription,</em></ins></span> and
+ <span class="removed"><del><strong>determine</strong></del></span> <span
class="inserted"><ins><em>hasn't printed more pages than were
paid for.</p>
- <p>Even though the ink subscription program may be cheaper in some
+ <p>Even though</em></ins></span> the <span
class="removed"><del><strong>car's location at any time. (See
+ <a
href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ Section 2, paragraphs b</strong></del></span> <span
class="inserted"><ins><em>ink subscription program may be cheaper in some
specific cases, it spies on users, and involves totally unacceptable
restrictions in the use of ink cartridges that would otherwise be in
working order.</p>
@@ -3547,33 +3371,49 @@
<li id="M201808120">
<!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Crackers found a way to break the security of an Amazon device,
- and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
- turn it into a listening device</a> for them.</p>
+ <p>Crackers found a way to break the security of an Amazon
device,</em></ins></span>
+ and <span class="removed"><del><strong>c.</a>). The company
says</strong></del></span> <span class="inserted"><ins><em><a
href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn</em></ins></span> it <span class="removed"><del><strong>doesn't
+ store this information, but</strong></del></span> <span
class="inserted"><ins><em>into a listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
- easier for Amazon. And if some government such as China or the US
- told Amazon to do this, or cease to sell the product in that country,
- do you think Amazon would have the moral fiber to say no?</p>
+ easier for Amazon. And</em></ins></span> if <span
class="inserted"><ins><em>some government such as China or</em></ins></span>
the <span class="removed"><del><strong>state orders it</strong></del></span>
<span class="inserted"><ins><em>US
+ told Amazon</em></ins></span> to <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>do this, or cease to sell</em></ins></span> the <span
class="removed"><del><strong>data
+ and hand it over,</strong></del></span> <span
class="inserted"><ins><em>product in that country,
+ do you think Amazon would have</em></ins></span> the <span
class="removed"><del><strong>state can store
it.</p></strong></del></span> <span class="inserted"><ins><em>moral fiber
to say no?</p>
<p><small>(These crackers are probably hackers too, but please
<a
href="https://stallman.org/articles/on-hacking.html"> don't use
- “hacking” to mean “breaking
security”</a>.)</small></p>
+ “hacking” to mean “breaking
security”</a>.)</small></p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+<!-- #SpywareAtHome</strong></del></span>
- <li id="M201804140">
+ <span class="inserted"><ins><em><li id="M201804140">
<!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>A medical insurance company <a
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items</strong></del></span>
+ <span class="inserted"><ins><em><p>A medical insurance company <a
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
- offers a gratis electronic toothbrush that snoops on its user by
+ offers a gratis electronic toothbrush that snoops</em></ins></span> on
<span class="removed"><del><strong>top under each
subsection</strong></del></span> <span class="inserted"><ins><em>its user by
sending usage data back over the Internet</a>.</p>
</li>
<li id="M201706204">
<!--#set var="DATE" value='<small
class="date-tag">2017-06</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Lots of “smart” products are designed <a
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+
+<span class="removed"><del><strong><div class="big-section">
+ <h3 id="SpywareAtHome">Spyware at Home</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul>
+ <li><p>Lots</strong></del></span>
+ <span class="inserted"><ins><em><p>Lots</em></ins></span> of
“smart” products are designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
listen to everyone in the house, all the time</a>.</p>
@@ -3583,20 +3423,56 @@
about you for later examination.</p>
</li>
- <li id="M201407170">
+ <span class="removed"><del><strong><li><p>Nest thermometers
+ send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
+ lot of data about the user</a>.</p>
+ </li>
+
+ <li><p><a
href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed to spy on their
renters</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTVSets">Spyware in TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+</div>
+
+<p>Emo Phillips made a joke: The other day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul>
+ <li>
+ <p>Vizio
+ “smart” <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts
+ and cable</a>. Even if the image is coming from the user's own
+ computer, the TV reports what it is. The existence of a way to
+ disable the surveillance, even if it were not hidden as it was in
+ these TVs, does not legitimize</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201407170">
<!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="nest-thermometers">Nest thermometers send <a
href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
- data about the user</a>.</p>
+ data about</em></ins></span> the <span
class="removed"><del><strong>surveillance.</p></strong></del></span>
<span class="inserted"><ins><em>user</a>.</p></em></ins></span>
</li>
- <li id="M201310260">
+ <span class="removed"><del><strong><li><p>More or less all
“smart” TVs <a
+href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201310260">
<!--#set var="DATE" value='<small
class="date-tag">2013-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20180911191954/http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
- Rent-to-own computers were programmed to spy on their
renters</a>.</p>
+ Rent-to-own computers were programmed to spy</em></ins></span> on their
<span class="removed"><del><strong>users</a>.</p>
+
+ <p>The report was as of 2014, but we don't expect this has got
better.</p></strong></del></span> <span
class="inserted"><ins><em>renters</a>.</p>
</li>
</ul>
@@ -3612,10 +3488,12 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Tommy Hilfiger clothing <a
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
- monitor how often people wear it</a>.</p>
+ monitor how often people wear it</a>.</p></em></ins></span>
- <p>This will teach the sheeple to find it normal that companies
- monitor every aspect of</em></ins></span> what <span
class="inserted"><ins><em>they do.</p>
+ <p>This <span class="removed"><del><strong>shows that laws requiring
products</strong></del></span> <span class="inserted"><ins><em>will teach the
sheeple</em></ins></span> to <span class="removed"><del><strong>get users'
formal
+ consent before collecting personal data are totally inadequate.
+ And</strong></del></span> <span class="inserted"><ins><em>find it normal
that companies
+ monitor every aspect of</em></ins></span> what <span
class="removed"><del><strong>happens if</strong></del></span> <span
class="inserted"><ins><em>they do.</p>
</li>
</ul>
@@ -3628,25 +3506,33 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Internet-enabled watches with proprietary software
are malware, violating people (specially children's)
- privacy. In addition, they have a lot of security flaws. They <a
+ privacy. In addition, they have</em></ins></span> a <span
class="removed"><del><strong>user declines consent?
Probably</strong></del></span> <span class="inserted"><ins><em>lot of security
flaws. They <a
href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
- permit security breakers (and unauthorized people) to access</a> the
watch.</p>
+ permit security breakers (and unauthorized people) to
access</a></em></ins></span> the <span class="removed"><del><strong>TV
+ will say, “Without your consent</strong></del></span> <span
class="inserted"><ins><em>watch.</p>
+
+ <p>Thus, ill-intentioned unauthorized people can intercept
communications between parent and child and spoof messages</em></ins></span> to
<span class="removed"><del><strong>tracking,</strong></del></span> <span
class="inserted"><ins><em>and from</em></ins></span> the <span
class="removed"><del><strong>TV will
+ not work.”</p>
- <p>Thus, ill-intentioned unauthorized</em></ins></span> people <span
class="removed"><del><strong>are watching</a>,</strong></del></span>
<span class="inserted"><ins><em>can intercept communications between parent and
child and spoof messages to and from the watch, possibly endangering the
child.</p>
+ <p>Proper laws would say</strong></del></span> <span
class="inserted"><ins><em>watch, possibly endangering the child.</p>
- <p><small>(Note that this article misuses the word “<a
+ <p><small>(Note</em></ins></span> that <span
class="removed"><del><strong>TVs are not allowed to report
what</strong></del></span> <span class="inserted"><ins><em>this article
misuses</em></ins></span> the <span class="removed"><del><strong>user watches
— no exceptions!</p></strong></del></span> <span
class="inserted"><ins><em>word “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
- to mean “crackers.”)</small></p>
+ to mean “crackers.”)</small></p></em></ins></span>
</li>
+ <span class="removed"><del><strong><li><p>Vizio goes a step
further than other TV manufacturers in spying on
+ their users: their</strong></del></span>
- <li id="M201603020">
+ <span class="inserted"><ins><em><li id="M201603020">
<!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>A very cheap “smart watch” comes with an Android app
<a
-
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
- that connects to an unidentified site in China</a>.</p>
+ <p>A very cheap “smart watch” comes with an Android
app</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
+ that connects to an unidentified site</em></ins></span> in <span
class="removed"><del><strong>detail and
+ link them your IP address</a> so</strong></del></span> <span
class="inserted"><ins><em>China</a>.</p>
- <p>The article says this is a back door, but that could be a
+ <p>The article says this is a back door, but</em></ins></span> that
<span class="removed"><del><strong>advertisers</strong></del></span> <span
class="inserted"><ins><em>could be a
misunderstanding. However, it is certainly surveillance, at
least.</p>
</li>
@@ -3675,10 +3561,17 @@
upload data to AWS to help create custom insurance premiums</a>
based on driver behaviour.</p>
- <p>Before you buy a “connected” car, make sure you can
- disconnect its cellular antenna and its GPS antenna. If you want
+ <p>Before you buy a “connected” car, make sure
you</em></ins></span> can <span
class="removed"><del><strong>track</strong></del></span>
+ <span class="inserted"><ins><em>disconnect its cellular antenna and its
GPS antenna. If</em></ins></span> you
+ <span class="removed"><del><strong>across devices.</p>
+
+ <p>It is possible to turn this off, but having it enabled by
default
+ is an injustice already.</p>
+ </li>
+
+ <li><p>Tivo's alliance</strong></del></span> <span
class="inserted"><ins><em>want
GPS navigation, get a separate navigator which runs free software
- and works with Open Street Map.</p>
+ and works</em></ins></span> with <span class="removed"><del><strong>Viacom
adds 2.3 million households</strong></del></span> <span
class="inserted"><ins><em>Open Street Map.</p>
</li>
<li id="M201912171">
@@ -3686,26 +3579,38 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Most modern cars now <a
href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
- record and send various kinds of data to the manufacturer</a>. For
- the user, access to the data is nearly impossible, as it involves
- cracking the car's computer, which is always hidden and running with
- proprietary software.</p>
+ record and send various kinds of data</em></ins></span> to the <span
class="removed"><del><strong>600 millions social media
profiles</strong></del></span> <span
class="inserted"><ins><em>manufacturer</a>. For</em></ins></span>
+ the <span class="removed"><del><strong>company already
+ monitors. Tivo customers are unaware they're being watched by
+ advertisers. By combining TV viewing information with online
+ social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
TV
+ advertisement with online purchases</a>, exposing all
users</strong></del></span> <span class="inserted"><ins><em>user,
access</em></ins></span> to
+ <span class="removed"><del><strong>new combined surveillance by
default.</p></li>
+ <li><p>Some web</strong></del></span> <span
class="inserted"><ins><em>the data is nearly impossible, as it involves
+ cracking the car's computer, which is always hidden</em></ins></span> and
<span class="removed"><del><strong>TV advertisements play inaudible sounds to be
+ picked up by proprietary malware</strong></del></span> running <span
class="removed"><del><strong>on other devices in
+ range so as to determine that they are nearby. Once your
+ Internet devices are paired with your TV, advertisers can
+ correlate ads</strong></del></span> with <span
class="removed"><del><strong>Web activity,</strong></del></span>
+ <span class="inserted"><ins><em>proprietary software.</p>
</li>
<li id="M201903290">
<!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Tesla cars collect lots of personal data, and <a
-
href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
+ <p>Tesla cars collect lots of personal data,</em></ins></span> and
+ <span class="removed"><del><strong>other</strong></del></span> <a
<span
class="removed"><del><strong>href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device
tracking</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
when they go to a junkyard the driver's personal data goes with
- them</a>.</p>
+ them</a>.</p></em></ins></span>
</li>
+ <span class="removed"><del><strong><li><p>Vizio
“smart” TVs recognize and</strong></del></span>
- <li id="M201902011">
+ <span class="inserted"><ins><em><li id="M201902011">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The FordPass Connect feature of some Ford vehicles has <a
-
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
+ <p>The FordPass Connect feature of some Ford vehicles
has</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
what people are watching</a>,</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
near-complete access to the internal car network</a>. It is
constantly
connected to the cellular phone network and sends Ford a lot of data,
including car location. This feature operates</em></ins></span> even <span
class="removed"><del><strong>if</strong></del></span> <span
class="inserted"><ins><em>when the ignition
@@ -4468,7 +4373,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 14:33:05 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/proprietary-surveillance.it-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.it-diff.html,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -b -r1.232 -r1.233
--- proprietary/po/proprietary-surveillance.it-diff.html 6 Feb 2021
14:33:05 -0000 1.232
+++ proprietary/po/proprietary-surveillance.it-diff.html 6 Feb 2021
16:03:04 -0000 1.233
@@ -436,28 +436,30 @@
<li><p></strong></del></span> <span
class="inserted"><ins><em>ads.</p>
<p>We can suppose</em></ins></span> Microsoft <span
class="removed"><del><strong>uses Windows 10's “privacy policy” to
overtly impose a
- “right” to look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files <span
class="removed"><del><strong>at any time. Windows</strong></del></span> <span
class="inserted"><ins><em>for the US government
- on demand, though the “privacy policy” does not explicitly
+ “right” to look at users' files at any time. Windows 10 full disk
+ encryption <a
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
+ gives Microsoft a key</a>.</p>
+
+ <p>Thus, Windows is overt malware in regard to surveillance,
+ as in other issues.</p>
+
+ <p>We can suppose Microsoft look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
+ on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
say so. Will it look at users' files for the Chinese government
on demand?</p>
- </li>
+ <span class="inserted"><ins><em></li>
<li id="M201506170">
<!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft uses Windows 10's “privacy policy”
to overtly impose a “right” to look at
- users' files at any time. Windows</em></ins></span> 10 full disk
encryption <a <span
class="removed"><del><strong>href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/"></em></ins></span>
+ users' files at any time. Windows 10 full disk encryption <a
+
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
gives Microsoft a key</a>.</p>
<p>Thus, Windows is overt malware in regard to surveillance, as in
- other issues.</p>
-
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ other issues.</p></em></ins></span>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
@@ -631,18 +633,37 @@
<p><a <span
class="removed"><del><strong>href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A
study in 2015</a> found</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware and spyware via
- BIOS</a> on Windows installs. Note</em></ins></span> that <span
class="removed"><del><strong>90% of</strong></del></span> the <span
class="removed"><del><strong>top-ranked gratis
- proprietary Android apps contained recognizable tracking libraries. For
- the paid proprietary apps, it was only 60%.</p>
+ BIOS</a> on Windows installs. Note</em></ins></span> that <span
class="removed"><del><strong>90% of the top-ranked gratis
+ proprietary Android apps contained recognizable tracking libraries.
For</strong></del></span> the <span class="removed"><del><strong>paid
proprietary apps, it was only 60%.</p>
<p>The article confusingly describes gratis apps as “free”,
but most of them are</strong></del></span> <span
class="inserted"><ins><em>specific
- sabotage method Lenovo used did not affect GNU/Linux; also, a
- “clean” Windows install is</em></ins></span> not <span
class="inserted"><ins><em>really clean since <a
- href="/proprietary/malware-microsoft.html">Microsoft
puts</em></ins></span> in <span
class="removed"><del><strong>fact</strong></del></span> <span
class="inserted"><ins><em>its
- own malware</a>.</p>
+ sabotage method Lenovo used did</em></ins></span> not <span
class="removed"><del><strong>in fact
+ <a href="/philosophy/free-sw.html">free software</a>.
+ It also uses the ugly word “monetize”. A good replacement
+ for that word</strong></del></span> <span class="inserted"><ins><em>affect
GNU/Linux; also, a
+ “clean” Windows install</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always that will fit
+ perfectly.</p>
+</li>
+
+<li>
+ <p>Apps for BART
+ <a
href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop
on users</a>.</p>
+ <p>With free software apps, users could <em>make sure</em>
that they don't snoop.</p>
+ <p>With proprietary apps, one can only hope that they don't.</p>
+</li>
+
+<li>
+ <p>A study found 234 Android apps that track users
by</strong></del></span> <span class="inserted"><ins><em>not really clean
since</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed</strong></del></span>
+ <span
class="inserted"><ins><em>href="/proprietary/malware-microsoft.html">Microsoft
puts</em></ins></span> in <span class="removed"><del><strong>stores or played
by TV programs</a>.
+ </p></strong></del></span> <span class="inserted"><ins><em>its
+ own malware</a>.</p></em></ins></span>
</li>
-</ul>
+
+<span class="removed"><del><strong><li>
+ <p>Pairs</strong></del></span>
+<span class="inserted"><ins><em></ul>
@@ -661,228 +682,254 @@
<li id="M202101080">
<!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>As of 2021, WhatsApp (one of Facebook's subsidiaries)
is</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>.
- It also uses the ugly word “monetize”. A good replacement
- for that word</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
- its users to hand over sensitive personal data</a> to its parent
+ <p>As</em></ins></span> of <span
class="removed"><del><strong>Android apps can collude</strong></del></span>
<span class="inserted"><ins><em>2021, WhatsApp (one of Facebook's subsidiaries)
is <a
+
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
+ its users</em></ins></span> to <span class="removed"><del><strong>transmit
users'</strong></del></span> <span class="inserted"><ins><em>hand over
sensitive</em></ins></span> personal
+ <span class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>data</a></em></ins></span> to <span
class="removed"><del><strong>servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
+ tens of thousands</strong></del></span> <span
class="inserted"><ins><em>its parent
company. This increases Facebook's power over users, and further
jeopardizes people's privacy and security.</p>
- <p>Instead of WhatsApp you can use <a
- href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>,
which</em></ins></span> is <span
class="removed"><del><strong>“exploit”; nearly always
that</strong></del></span>
- <span class="inserted"><ins><em>free software and</em></ins></span> will
<span class="removed"><del><strong>fit
- perfectly.</p></strong></del></span> <span
class="inserted"><ins><em>not collect your data.</p></em></ins></span>
- </li>
+ <p>Instead</em></ins></span> of <span
class="removed"><del><strong>pairs that collude</a>.</p>
+</li>
-<span class="removed"><del><strong><li>
- <p>Apps for BART</strong></del></span>
+<li>
+<p>Google Play intentionally sends app developers</strong></del></span>
<span class="inserted"><ins><em>WhatsApp you can use</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+the personal details of users that install the app</a>.</p>
- <span class="inserted"><ins><em><li id="M202006260">
+<p>Merely asking the “consent” of users</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://directory.fsf.org/wiki/Jami">GNU
Jami</a>, which</em></ins></span> is
+ <span class="inserted"><ins><em>free software and will</em></ins></span>
not <span class="removed"><del><strong>enough
+to legitimize actions</strong></del></span> <span
class="inserted"><ins><em>collect your data.</p>
+ </li>
+
+ <li id="M202006260">
<!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Most apps are malware, but
- Trump's campaign app, like Modi's campaign app, is</em></ins></span> <a
<span
class="removed"><del><strong>href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
- especially nasty malware, helping companies snoop</em></ins></span> on
<span class="removed"><del><strong>users</a>.</p>
- <p>With free software apps,</strong></del></span> users <span
class="removed"><del><strong>could <em>make sure</em> that they
don't snoop.</p>
- <p>With proprietary apps, one can only hope</strong></del></span>
<span class="inserted"><ins><em>as well
- as snooping on them itself</a>.</p>
-
- <p>The article says</em></ins></span> that <span
class="removed"><del><strong>they don't.</p>
-</li>
-
-<li>
- <p>A study found 234 Android apps</strong></del></span> <span
class="inserted"><ins><em>Biden's app has a less manipulative overall
- approach, but</em></ins></span> that <span
class="removed"><del><strong>track users by
- <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening</strong></del></span>
<span class="inserted"><ins><em>does not tell us whether it has
functionalities we
- consider malicious, such as sending data the user has not explicitly
- asked</em></ins></span> to <span class="removed"><del><strong>ultrasound
from beacons placed in stores or played by TV programs</a>.
- </p></strong></del></span> <span
class="inserted"><ins><em>send.</p></em></ins></span>
+ Trump's campaign app,</em></ins></span> like <span
class="removed"><del><strong>this. At this point, most</strong></del></span>
<span class="inserted"><ins><em>Modi's campaign app, is <a
+
href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
+ especially nasty malware, helping companies snoop on</em></ins></span>
users <span class="removed"><del><strong>have
+stopped reading the “Terms and Conditions” that spell out
+what they are “consenting” to. Google should clearly
+and honestly identify the information it collects</strong></del></span> <span
class="inserted"><ins><em>as well
+ as snooping</em></ins></span> on <span class="removed"><del><strong>users,
instead
+of hiding</strong></del></span> <span class="inserted"><ins><em>them
itself</a>.</p>
+
+ <p>The article says that Biden's app has a less manipulative overall
+ approach, but that does not tell us whether</em></ins></span> it <span
class="removed"><del><strong>in an obscurely worded EULA.</p>
+
+<p>However, to truly protect people's privacy,</strong></del></span>
<span class="inserted"><ins><em>has functionalities</em></ins></span> we <span
class="removed"><del><strong>must prevent Google
+and other companies from getting this personal information
in</strong></del></span>
+ <span class="inserted"><ins><em>consider malicious, such as sending
data</em></ins></span> the <span class="removed"><del><strong>first
+place!</p></strong></del></span> <span class="inserted"><ins><em>user
has not explicitly
+ asked to send.</p></em></ins></span>
</li>
-<span class="removed"><del><strong><li>
- <p>Pairs</strong></del></span>
+ <span class="removed"><del><strong><li>
+ <p>Google Play (a component</strong></del></span>
<span class="inserted"><ins><em><li id="M201601110">
<!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The natural extension</em></ins></span> of <span
class="removed"><del><strong>Android apps can collude</strong></del></span>
<span class="inserted"><ins><em>monitoring
- people through “their” phones is <a
+ <p>The natural extension</em></ins></span> of <span
class="removed"><del><strong>Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking.
This</strong></del></span> <span class="inserted"><ins><em>monitoring
+ people through “their” phones</em></ins></span> is
+ <span class="removed"><del><strong>yet another example of
nonfree</strong></del></span> <span class="inserted"><ins><em><a
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
- proprietary software</em></ins></span> to <span
class="removed"><del><strong>transmit users' personal
- data</strong></del></span> <span class="inserted"><ins><em>make sure
they can't “fool”
- the monitoring</a>.</p>
+ proprietary</em></ins></span> software <span
class="removed"><del><strong>pretending</strong></del></span> to <span
class="removed"><del><strong>obey</strong></del></span> <span
class="inserted"><ins><em>make sure they can't
“fool”</em></ins></span>
+ the <span class="removed"><del><strong>user,
+ when it's actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p></strong></del></span> <span
class="inserted"><ins><em>monitoring</a>.</p></em></ins></span>
</li>
- <li id="M201510050">
+ <span class="removed"><del><strong><li><p>More than 73% of the
most popular Android apps</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201510050">
<!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>According</em></ins></span> to <span
class="removed"><del><strong>servers.</strong></del></span> <span
class="inserted"><ins><em>Edward Snowden,</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found
- tens of thousands of pairs that collude</a>.</p>
-</li>
-
-<li>
-<p>Google Play intentionally sends app developers <a
-href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"></strong></del></span>
+ <p>According to Edward Snowden,</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
+ behavioral</strong></del></span>
<span
class="inserted"><ins><em>href="http://www.bbc.com/news/uk-34444233">agencies
can take over
smartphones</a> by sending hidden text messages which enable
- them to turn</em></ins></span> the <span
class="removed"><del><strong>personal details of users that
install</strong></del></span> <span class="inserted"><ins><em>phones on and
off, listen to</em></ins></span> the <span
class="removed"><del><strong>app</a>.</p>
+ them to turn the phones on</em></ins></span> and <span
class="removed"><del><strong>location information</a> of their users with
third parties.</p>
+ </li>
-<p>Merely asking</strong></del></span> <span
class="inserted"><ins><em>microphone,
- retrieve geo-location data from</em></ins></span> the <span
class="removed"><del><strong>“consent” of
users</strong></del></span> <span class="inserted"><ins><em>GPS, take
photographs, read
+ <li><p>“Cryptic communication,”
unrelated</strong></del></span> <span class="inserted"><ins><em>off,
listen</em></ins></span> to the <span class="removed"><del><strong>app's
functionality,
+ was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in</strong></del></span> <span class="inserted"><ins><em>microphone,
+ retrieve geo-location data from</em></ins></span> the <span
class="removed"><del><strong>500 most popular gratis Android
apps</a>.</p>
+
+ <p>The article should not have described these apps as
+ “free”—they are not free software. The clear way to say
+ “zero price” is “gratis.”</p>
+
+ <p>The article takes for granted that</strong></del></span> <span
class="inserted"><ins><em>GPS, take photographs, read
text messages, read call, location and web browsing history, and
- read the contact list. This malware</em></ins></span> is <span
class="removed"><del><strong>not enough</strong></del></span> <span
class="inserted"><ins><em>designed</em></ins></span> to <span
class="removed"><del><strong>legitimize actions like this.
At</strong></del></span> <span class="inserted"><ins><em>disguise itself
- from investigation.</p>
+ read</em></ins></span> the <span class="removed"><del><strong>usual
analytics tools are
+ legitimate, but</strong></del></span> <span
class="inserted"><ins><em>contact list. This malware</em></ins></span> is <span
class="removed"><del><strong>that valid? Software developers have no
right</strong></del></span> <span
class="inserted"><ins><em>designed</em></ins></span> to
+ <span class="removed"><del><strong>analyze what users are doing or how.
“Analytics” tools that snoop are
+ just as wrong as any other snooping.</p></strong></del></span> <span
class="inserted"><ins><em>disguise itself
+ from investigation.</p></em></ins></span>
</li>
+ <span class="removed"><del><strong><li><p>Gratis Android apps
(but</strong></del></span>
- <li id="M201311120">
+ <span class="inserted"><ins><em><li id="M201311120">
<!--#set var="DATE" value='<small
class="date-tag">2013-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones,
- Android, and BlackBerry</a>. While there is not much
- detail here, it seems that</em></ins></span> this <span
class="removed"><del><strong>point, most users have
-stopped reading</strong></del></span> <span class="inserted"><ins><em>does not
operate via</em></ins></span>
- the <span class="removed"><del><strong>“Terms and
Conditions”</strong></del></span> <span
class="inserted"><ins><em>universal back door</em></ins></span> that <span
class="removed"><del><strong>spell out
-what they</strong></del></span> <span class="inserted"><ins><em>we know nearly
all portable
- phones have. It may involve exploiting various bugs.
There</em></ins></span> are <span
class="removed"><del><strong>“consenting” to. Google should clearly
-and honestly identify the information it collects on users,
instead</strong></del></span> <span class="inserted"><ins><em><a
-
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
- lots</em></ins></span> of <span class="removed"><del><strong>hiding it in
an obscurely worded EULA.</p>
-
-<p>However, to truly protect people's privacy, we must prevent Google
-and other companies from getting this personal
information</strong></del></span> <span
class="inserted"><ins><em>bugs</em></ins></span> in the <span
class="removed"><del><strong>first
-place!</p></strong></del></span> <span class="inserted"><ins><em>phones'
radio software</a>.</p></em></ins></span>
+ Android, and BlackBerry</a>. While there is</em></ins></span> not
<span class="inserted"><ins><em>much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There
are</em></ins></span> <a <span
class="removed"><del><strong>href="/philosophy/free-sw.html">free
software</a>)
+ connect to 100
+ <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs,
+ on</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in</em></ins></span> the <span
class="removed"><del><strong>average.</p></strong></del></span> <span
class="inserted"><ins><em>phones' radio
software</a>.</p></em></ins></span>
</li>
-
- <span class="removed"><del><strong><li>
- <p>Google Play (a component of Android)</strong></del></span>
+ <span class="removed"><del><strong><li><p>Spyware is present in
some Android devices when they are sold.
+ Some Motorola</strong></del></span>
<span class="inserted"><ins><em><li id="M201307000">
<!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Portable phones with GPS</em></ins></span> <a
- <span
class="removed"><del><strong>href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
- tracks the users' movements without</strong></del></span>
+ <p>Portable</em></ins></span> phones <span
class="removed"><del><strong>modify Android to</strong></del></span> <span
class="inserted"><ins><em>with GPS</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"></strong></del></span>
<span
class="inserted"><ins><em>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
- will send</em></ins></span> their <span
class="removed"><del><strong>permission</a>.</p>
+ will</em></ins></span> send <span class="removed"><del><strong>personal
data to Motorola</a>.</p>
+ </li>
- <p>Even if you disable Google Maps and</strong></del></span> <span
class="inserted"><ins><em>GPS</em></ins></span> location <span
class="removed"><del><strong>tracking, you must
- disable Google Play itself to completely</strong></del></span> <span
class="inserted"><ins><em>on remote command, and users cannot</em></ins></span>
stop <span class="removed"><del><strong>the tracking. This is
- yet another example of nonfree software pretending</strong></del></span>
- <span class="inserted"><ins><em>them</a>. (The US says it will
eventually require all new portable phones</em></ins></span>
- to <span class="removed"><del><strong>obey the user,
- when it's actually doing something else. Such a thing would be almost
- unthinkable with free software.</p></strong></del></span> <span
class="inserted"><ins><em>have GPS.)</p></em></ins></span>
+ <li><p>Some manufacturers add a
+ <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier
IQ.</a></p>
</li>
- <span class="removed"><del><strong><li><p>More than 73% of the
most popular Android apps</strong></del></span>
-<span class="inserted"><ins><em></ul>
+ <li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access to any
file</strong></del></span> <span class="inserted"><ins><em>their GPS
location</em></ins></span> on <span class="removed"><del><strong>the
system.</p></strong></del></span> <span class="inserted"><ins><em>remote
command, and users cannot stop
+ them</a>. (The US says it will eventually require all new portable
phones
+ to have GPS.)</p></em></ins></span>
+ </li>
+</ul>
+
+
+
+<span class="removed"><del><strong><!-- #SpywareOnMobiles -->
+<!-- WEBMASTERS: make sure to place new items on top under each subsection
-->
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div></strong></del></span>
<div class="big-subsection">
- <h4 id="SpywareIniThings">iThings</h4>
+ <h4 <span class="removed"><del><strong>id="SpywareIniThings">Spyware
in iThings</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareIniThings">iThings</h4></em></ins></span>
<span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+ <li><p>Apple proposes</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M202009183">
<!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Facebook</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
- behavioral and location information</a> of their</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
- on Instagram</a></em></ins></span> users <span
class="removed"><del><strong>with third
parties.</p></strong></del></span> <span class="inserted"><ins><em>by
surreptitously turning on the device's
- camera.</p></em></ins></span>
+ <p>Facebook</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>
+ — which would mean no way to use it without having your
fingerprints
+ taken. Users would have no way to tell whether the phone is
snooping</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops</em></ins></span>
+ on
+ <span class="removed"><del><strong>them.</p></li>
+
+ <li><p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
+ lots of personal data to Apple's servers</a>. Big Brother can
+ get them from there.</p>
</li>
- <span class="removed"><del><strong><li><p>“Cryptic
communication,” unrelated to</strong></del></span>
+ <li><p>The iMessage app</strong></del></span> <span
class="inserted"><ins><em>Instagram</a> users by surreptitously
turning</em></ins></span> on <span
class="removed"><del><strong>iThings</strong></del></span> <span
class="inserted"><ins><em>the device's
+ camera.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M202004200">
+ <li id="M202004200">
<!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple whistleblower Thomas Le Bonniec reports that Apple
- made a practice of surreptitiously activating</em></ins></span> the <span
class="removed"><del><strong>app's functionality,
- was</strong></del></span> <span class="inserted"><ins><em>Siri software
to</em></ins></span> <a <span
class="removed"><del><strong>href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
- found in the 500 most popular gratis Android apps</a>.</p>
-
- <p>The article should</strong></del></span>
+ made a practice of surreptitiously activating the Siri software
to</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
- record users' conversations when they had</em></ins></span> not <span
class="removed"><del><strong>have described</strong></del></span> <span
class="inserted"><ins><em>activated Siri</a>.
+ record users' conversations when they had not activated Siri</a>.
This was not just occasional, it was systematic practice.</p>
- <p>His job was to listen to</em></ins></span> these <span
class="removed"><del><strong>apps as
- “free”—they are</strong></del></span> <span
class="inserted"><ins><em>recordings, in a group that made
- transcripts of them. He does</em></ins></span> not <span
class="removed"><del><strong>free software. The clear</strong></del></span>
<span class="inserted"><ins><em>believes that Apple has ceased this
+ <p>His job was to listen to these recordings, in</em></ins></span> a
<span class="removed"><del><strong>server every phone
number</strong></del></span> <span class="inserted"><ins><em>group that made
+ transcripts of them. He does not believes that Apple has ceased this
practice.</p>
- <p>The only reliable</em></ins></span> way to <span
class="removed"><del><strong>say
- “zero price” is “gratis.”</p>
-
- <p>The article takes</strong></del></span> <span
class="inserted"><ins><em>prevent this is,</em></ins></span> for <span
class="removed"><del><strong>granted that</strong></del></span> the <span
class="removed"><del><strong>usual analytics tools are
- legitimate, but is</strong></del></span> <span
class="inserted"><ins><em>program</em></ins></span> that <span
class="removed"><del><strong>valid? Software developers have no
right</strong></del></span>
- <span class="inserted"><ins><em>controls access</em></ins></span> to
- <span class="removed"><del><strong>analyze what users are doing or how.
“Analytics” tools that snoop are
- just as wrong as</strong></del></span> <span class="inserted"><ins><em>the
microphone to decide when the user has
- “activated”</em></ins></span> any <span
class="removed"><del><strong>other snooping.</p>
- </li>
- <li><p>Gratis Android apps (but not <a
href="/philosophy/free-sw.html">free software</a>)
- connect</strong></del></span> <span
class="inserted"><ins><em>service,</em></ins></span> to <span
class="removed"><del><strong>100
- <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking</strong></del></span>
<span class="inserted"><ins><em>be free software,</em></ins></span> and <span
class="removed"><del><strong>advertising</a> URLs,
- on</strong></del></span> the <span
class="removed"><del><strong>average.</p>
- </li>
- <li><p>Spyware is present in some Android devices when they are
sold.
- Some Motorola phones modify Android to
- <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
- send personal data</strong></del></span>
- <span class="inserted"><ins><em>operating system under it free as well.
This way, users could make
- sure Apple can't listen</em></ins></span> to <span
class="removed"><del><strong>Motorola</a>.</p></strong></del></span>
<span class="inserted"><ins><em>them.</p></em></ins></span>
+ <p>The only reliable way to prevent this is, for the
program</em></ins></span> that
+ <span class="inserted"><ins><em>controls access to the microphone to
decide when</em></ins></span> the user <span class="removed"><del><strong>types
into it</a>;</strong></del></span> <span class="inserted"><ins><em>has
+ “activated” any service, to be free software,
and</em></ins></span> the <span class="removed"><del><strong>server records
these numbers for at least 30
+ days.</p>
</li>
- <span class="removed"><del><strong><li><p>Some manufacturers add
a</strong></del></span>
+ <li><p>Users cannot</strong></del></span>
+ <span class="inserted"><ins><em>operating system under it free as well.
This way, users could</em></ins></span> make <span
class="removed"><del><strong>an</strong></del></span>
+ <span class="inserted"><ins><em>sure</em></ins></span> Apple <span
class="removed"><del><strong>ID</strong></del></span> <span
class="inserted"><ins><em>can't listen to them.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M201910131">
+ <li id="M201910131">
<!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Safari occasionally</em></ins></span> <a <span
class="removed"><del><strong>href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
- hidden general surveillance package such as Carrier
IQ.</a></p>
- </li>
-
- <li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access</strong></del></span>
+ <p>Safari occasionally</em></ins></span> <a <span
class="removed"><del><strong>href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
<span
class="inserted"><ins><em>href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
- sends browsing data from Apple devices in China</em></ins></span> to <span
class="removed"><del><strong>any file on</strong></del></span> the <span
class="removed"><del><strong>system.</p>
+ sends browsing data from Apple devices in China</em></ins></span> to <span
class="removed"><del><strong>install even gratis apps)</a>
+ without giving a valid email address and receiving</strong></del></span>
the <span class="removed"><del><strong>code Apple
+ sends</strong></del></span> <span class="inserted"><ins><em>Tencent Safe
+ Browsing service</a>,</em></ins></span> to <span
class="removed"><del><strong>it.</p>
</li>
-</ul>
-
-
-<!-- #SpywareOnMobiles -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>Tencent Safe
- Browsing service</a>,</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each
subsection</strong></del></span> <span class="inserted"><ins><em>check URLs
that possibly correspond to
+ <li><p>Around 47% of</strong></del></span> <span
class="inserted"><ins><em>check URLs that possibly correspond to
“fraudulent” websites. Since Tencent collaborates
- with the Chinese government, its Safe Browsing black list most certainly
- contains the websites of political opponents. By linking the requests
+ with</em></ins></span> the <span class="inserted"><ins><em>Chinese
government, its Safe Browsing black list</em></ins></span> most <span
class="removed"><del><strong>popular iOS apps
+ <a class="not-a-duplicate"
+ href="http://jots.pub/a/2015103001/index.php">share personal,
+ behavioral and location information</a></strong></del></span>
<span class="inserted"><ins><em>certainly
+ contains the websites</em></ins></span> of <span
class="inserted"><ins><em>political opponents. By linking the requests
originating from single IP addresses, the government can identify
- dissenters in China and Hong Kong, thus endangering their lives.</p>
+ dissenters in China and Hong Kong, thus endangering</em></ins></span>
their <span class="removed"><del><strong>users with third
parties.</p></strong></del></span> <span
class="inserted"><ins><em>lives.</p></em></ins></span>
</li>
- <li id="M201905280">
+ <span class="removed"><del><strong><li><p>iThings automatically
upload to</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201905280">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In spite of</em></ins></span> Apple's <span
class="removed"><del><strong>servers all the photos and
+ videos they make.</p>
-<span class="removed"><del><strong><div class="big-section">
- <h3 id="SpywareOnMobiles">Spyware</strong></del></span>
- <span class="inserted"><ins><em><p>In spite of Apple's supposed
commitment to
- privacy, iPhone apps contain trackers that are busy at night <a
-
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
+ <blockquote><p>
+ iCloud Photo Library stores every photo and video you take,
+ and keeps them up</strong></del></span> <span
class="inserted"><ins><em>supposed commitment</em></ins></span> to <span
class="removed"><del><strong>date on all your devices.
+ Any edits you make</strong></del></span>
+ <span class="inserted"><ins><em>privacy, iPhone apps contain trackers
that</em></ins></span> are <span class="removed"><del><strong>automatically
updated everywhere. [...]
+ </p></blockquote>
+
+ <p>(From</strong></del></span> <span class="inserted"><ins><em>busy
at night</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.apple.com/icloud/photos/">Apple's
iCloud
+ information</a> as accessed on 24 Sep 2015.)</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
sending users' personal information to third parties</a>.</p>
<p>The article mentions specific examples: Microsoft OneDrive,
- Intuitâs Mint, Nike, Spotify, The Washington Post, The Weather
- Channel (owned by IBM), the crime-alert service Citizen, Yelp
+ Intuitâs Mint, Nike, Spotify,</em></ins></span> The <span
class="removed"><del><strong>iCloud feature is
+ <a
href="https://support.apple.com/en-us/HT202033">activated</strong></del></span>
<span class="inserted"><ins><em>Washington Post, The Weather
+ Channel (owned</em></ins></span> by <span
class="inserted"><ins><em>IBM),</em></ins></span> the
+ <span class="removed"><del><strong>startup of iOS</a>. The term
“cloud” means
+ “please</strong></del></span> <span
class="inserted"><ins><em>crime-alert service Citizen, Yelp
and DoorDash. But it is likely that most nonfree apps contain
trackers. Some of these send personally identifying data such as phone
fingerprint, exact location, email address, phone number or even
@@ -896,19 +943,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The DMCA and the EU Copyright Directive make it <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
- illegal to study how iOS cr…apps spy</em></ins></span> on <span
class="removed"><del><strong>Mobiles</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-
-<div class="big-subsection">
- <h4 id="SpywareIniThings">Spyware in iThings</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
-</div>
-
-<ul>
- <li><p>Apple</strong></del></span> <span
class="inserted"><ins><em>users</a>, because
+ illegal to study how iOS cr…apps spy on users</a>, because
this would require circumventing the iOS DRM.</p>
</li>
@@ -926,64 +961,45 @@
<li id="M201702150">
<!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Apple</em></ins></span> proposes <a
+ <p>Apple proposes <a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
- fingerprint-scanning touch <span
class="removed"><del><strong>screen</a>
- — which</strong></del></span> <span
class="inserted"><ins><em>screen</a>—which</em></ins></span> would
mean no way
+ fingerprint-scanning touch screen</a>—which would mean no way
to use it without having your fingerprints taken. Users would have
- no way to tell whether the phone is snooping on
- <span class="removed"><del><strong>them.</p></li>
-
- <li><p>iPhones</strong></del></span> <span
class="inserted"><ins><em>them.</p>
+ no way to tell whether the phone is snooping on them.</p>
</li>
<li id="M201611170">
<!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iPhones</em></ins></span> <a <span
class="removed"><del><strong>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send</em></ins></span>
+ <p>iPhones <a
+
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
lots of personal data to Apple's servers</a>. Big Brother can get
them from there.</p>
</li>
- <span
class="removed"><del><strong><li><p>The</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201609280">
+ <li id="M201609280">
<!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The</em></ins></span> iMessage app on iThings <a
+ <p>The iMessage app on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
a server every phone number that the user types into it</a>; the
server records these numbers for at least 30 days.</p>
</li>
- <span class="removed"><del><strong><li><p>Users cannot make an
Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
- without giving a valid email address and receiving the code Apple
- sends to it.</p>
- </li>
-
- <li><p>Around 47% of the most popular iOS apps
- <a class="not-a-duplicate"
- href="http://jots.pub/a/2015103001/index.php">share personal,
- behavioral and location information</a> of their users with third
parties.</p>
- </li>
-
- <li><p>iThings</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201509240">
+ <li id="M201509240">
<!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iThings</em></ins></span> automatically upload to Apple's servers
all the photos
+ <p>iThings automatically upload to Apple's servers all the photos
and videos they make.</p>
<blockquote><p> iCloud Photo Library stores every photo and
video you
take, and keeps them up to date on all your devices. Any edits you
- make are automatically updated everywhere. <span
class="removed"><del><strong>[...]</strong></del></span> <span
class="inserted"><ins><em>[…]</em></ins></span>
</p></blockquote>
+ make are automatically updated everywhere. […]
</p></blockquote>
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
information</a> as accessed on 24 Sep 2015.) The iCloud feature is
<a href="https://support.apple.com/en-us/HT202033">activated by the
- startup of iOS</a>. The term “cloud” means “please
+ startup of iOS</a>. The term “cloud” means
“please</em></ins></span>
don't ask where.”</p>
<p>There is a way to
@@ -998,19 +1014,18 @@
</p></li>
<li><p>Spyware in iThings:
- the</strong></del></span>
+ the <a class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores</strong></del></span>
<span
class="inserted"><ins><em>href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
<li id="M201409220">
<!--#set var="DATE" value='<small
class="date-tag">2014-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Apple can, and regularly does,</em></ins></span> <a <span
class="removed"><del><strong>class="not-a-duplicate"
-
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly
where</strong></del></span>
- <span
class="inserted"><ins><em>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones for</em></ins></span> the <span
class="removed"><del><strong>iThing is,
- and</strong></del></span> <span
class="inserted"><ins><em>state</a>.</p>
+ <p>Apple can, and regularly does, <a
+
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for the state</a>.</p>
<p>This may have improved with <a
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
@@ -1035,7 +1050,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly where the iThing is,
and</em></ins></span>
+ iBeacon</a> lets stores</em></ins></span> determine exactly where
the iThing is, and
get other info too.</p>
</li>
@@ -1119,11 +1134,10 @@
<span
class="inserted"><ins><em>href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
caught collecting sensitive personal data</a> that</em></ins></span>
can <span class="removed"><del><strong>take over smartphones</a>
by sending hidden text messages which enable</strong></del></span> <span
class="inserted"><ins><em>be used for
- lifetime tracking of users, and putting</em></ins></span> them <span
class="removed"><del><strong>to turn the phones
- on</strong></del></span> <span class="inserted"><ins><em>in danger. More
than 1.4
- billion people worldwide are affected by these proprietary
apps,</em></ins></span> and <span class="removed"><del><strong>off,
listen</strong></del></span>
- <span class="inserted"><ins><em>users' privacy is jeopardized by this
surveillance tool. Data collected
- by Baidu may be handed over</em></ins></span> to the <span
class="removed"><del><strong>microphone, retrieve geo-location data
from</strong></del></span> <span class="inserted"><ins><em>Chinese government,
possibly
+ lifetime tracking of users, and putting</em></ins></span> them <span
class="inserted"><ins><em>in danger. More than 1.4
+ billion people worldwide are affected by these proprietary apps, and
+ users' privacy is jeopardized by this surveillance tool. Data collected
+ by Baidu may be handed over</em></ins></span> to <span
class="removed"><del><strong>turn</strong></del></span> the <span
class="inserted"><ins><em>Chinese government, possibly
putting Chinese people in danger.</p>
</li>
@@ -1139,18 +1153,19 @@
<li id="M202004300">
<!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Xiaomi phones <a
+ <p>Xiaomi</em></ins></span> phones
+ <span class="removed"><del><strong>on</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
many actions the user takes</a>: starting an app, looking at a
folder,
visiting a website, listening to a song. They send device identifying
information too.</p>
- <p>Other nonfree programs snoop too. For instance, Spotify and
- other streaming dis-services make a dossier about each user, and <a
+ <p>Other nonfree programs snoop too. For instance,
Spotify</em></ins></span> and <span class="removed"><del><strong>off,
listen</strong></del></span>
+ <span class="inserted"><ins><em>other streaming dis-services make a
dossier about each user, and <a
href="/malware/proprietary-surveillance.html#M201508210"> they make
- users identify themselves to pay</a>. Out, out, damned
Spotify!</p>
+ users identify themselves</em></ins></span> to <span
class="inserted"><ins><em>pay</a>. Out, out, damned Spotify!</p>
- <p>Forbes exonerates the same wrongs when the culprits are not
Chinese,
+ <p>Forbes exonerates</em></ins></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location
data</strong></del></span> <span class="inserted"><ins><em>same wrongs when the
culprits are not Chinese,
but we condemn this no matter who does it.</p>
</li>
@@ -1159,7 +1174,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook's app got “consent” to <a
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
- upload call logs automatically from Android phones</a> while
disguising
+ upload call logs automatically</em></ins></span> from <span
class="inserted"><ins><em>Android phones</a> while disguising
what the “consent” was for.</p>
</li>
@@ -1225,7 +1240,7 @@
listens for voice all the
time</a>.</p></strong></del></span> <span
class="inserted"><ins><em>kind.</p></em></ins></span>
</li>
- <span class="removed"><del><strong><li><p>Spyware in Android
phones (and Windows?</strong></del></span>
+ <span class="removed"><del><strong><li><p>Spyware in Android
phones</strong></del></span>
<span class="inserted"><ins><em><li id="M201403120">
<!--#set var="DATE" value='<small
class="date-tag">2014-03</small>'
@@ -1237,7 +1252,7 @@
<li id="M201308010">
<!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Spyware in Android phones (and Windows?</em></ins></span>
laptops): The Wall Street
+ <p>Spyware in Android phones</em></ins></span> (and Windows?
laptops): The Wall Street
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
@@ -1431,28 +1446,15 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Foundry's graphics software <a
href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
- reports information</em></ins></span> to <span
class="inserted"><ins><em>identify</em></ins></span> who is <span
class="removed"><del><strong>in the frame.</p>
-
- <p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures are likely to be
- sent across the wire to Facebook's servers and face-recognition
- algorithms.</p>
-
- <p>If so, none</strong></del></span> <span
class="inserted"><ins><em>running it</a>. The result is
- often a legal threat demanding a lot</em></ins></span> of <span
class="removed"><del><strong>Facebook users' pictures are private
- anymore,</strong></del></span> <span
class="inserted"><ins><em>money.</p>
+ reports information</em></ins></span> to <span
class="inserted"><ins><em>identify</em></ins></span> who is <span
class="removed"><del><strong>in the frame.</p></strong></del></span>
<span class="inserted"><ins><em>running it</a>. The result is
+ often a legal threat demanding a lot of money.</p>
<p>The fact that this is used for repression of forbidden sharing
- makes it</em></ins></span> even <span
class="removed"><del><strong>if</strong></del></span> <span
class="inserted"><ins><em>more vicious.</p>
+ makes it even more vicious.</p></em></ins></span>
- <p>This illustrates that making unauthorized copies of nonfree
software
- is not a cure for</em></ins></span> the <span
class="removed"><del><strong>user didn't “upload” them
to</strong></del></span> <span class="inserted"><ins><em>injustice of nonfree
software. It may avoid
- paying for</em></ins></span> the <span
class="removed"><del><strong>service.</p>
- </li>
-
- <li><p>Like most “music screaming” disservices,
Spotify
- is based on proprietary malware (DRM and snooping). In August
- 2015</strong></del></span> <span class="inserted"><ins><em>nasty thing,
but cannot make</em></ins></span> it <span class="inserted"><ins><em>less
nasty.</p>
+ <p>This <span class="removed"><del><strong>spyware feature seems to
require online access</strong></del></span> <span
class="inserted"><ins><em>illustrates that making unauthorized copies of
nonfree software
+ is not a cure for the injustice of nonfree software. It may avoid
+ paying for the nasty thing, but cannot make it less nasty.</p>
</li>
</ul>
@@ -1466,56 +1468,36 @@
<!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many cr…apps, developed by various
- companies for various organizations, do</em></ins></span> <a
-<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
- location tracking unknown</em></ins></span> to <span
class="removed"><del><strong>increased
snooping</a>,</strong></del></span> <span class="inserted"><ins><em>those
companies</em></ins></span> and <span class="inserted"><ins><em>those
+ companies for various organizations, do <a
+
href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
+ location tracking unknown</em></ins></span> to <span
class="inserted"><ins><em>those companies and those
organizations</a>. It's actually</em></ins></span> some
- <span class="removed"><del><strong>are starting to
realize</strong></del></span> <span class="inserted"><ins><em>widely used
libraries</em></ins></span> that <span class="removed"><del><strong>it is
nasty.</p>
-
- <p>This article shows</strong></del></span> <span
class="inserted"><ins><em>do</em></ins></span>
- the <span class="removed"><del><strong><a
-href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
- twisted ways that they present snooping as a way
- to “serve” users better</a>—never mind
- whether they want that. This</strong></del></span> <span
class="inserted"><ins><em>tracking.</p>
+ <span class="removed"><del><strong>known-faces database, which
means</strong></del></span> <span class="inserted"><ins><em>widely used
libraries that do</em></ins></span>
+ the <span class="removed"><del><strong>pictures are
likely</strong></del></span> <span class="inserted"><ins><em>tracking.</p>
- <p>What's unusual here</em></ins></span> is <span
class="removed"><del><strong>a typical example of
- the attitude of the</strong></del></span> <span
class="inserted"><ins><em>that</em></ins></span> proprietary software <span
class="removed"><del><strong>industry towards
- those they have subjugated.</p>
-
- <p>Out, out, damned Spotify!</p>
- </li>
- <li><p>Many</strong></del></span> <span
class="inserted"><ins><em>developer A tricks</em></ins></span>
- proprietary <span class="removed"><del><strong>apps</strong></del></span>
<span class="inserted"><ins><em>software developers B1 … B50 into making
platforms</em></ins></span> for <span class="removed"><del><strong>mobile
devices report which other
- apps</strong></del></span>
- <span class="inserted"><ins><em>A to mistreat</em></ins></span> the <span
class="removed"><del><strong>user has
- installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible and
- optional</a>. Not as bad as what the others do.</p>
- </li>
+ <p>What's unusual here is that proprietary software developer A
tricks
+ proprietary software developers B1 … B50 into making platforms for
+ A</em></ins></span> to <span class="removed"><del><strong>be
+ sent across</strong></del></span> <span
class="inserted"><ins><em>mistreat</em></ins></span> the <span
class="removed"><del><strong>wire to Facebook's servers and face-recognition
+ algorithms.</p>
- <li><p>FTC says most mobile apps for children don't respect
privacy:
- <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
-
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
<span class="inserted"><ins><em>end user.</p></em></ins></span>
+ <p>If so, none</strong></del></span> <span
class="inserted"><ins><em>end user.</p>
</li>
- <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M202003260">
+ <li id="M202003260">
<!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Apple iOS version of Zoom</em></ins></span> <a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
- QR-code scanner apps snoop on the user</a>. This is in
addition</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
- sending users' data</em></ins></span> to <span
class="inserted"><ins><em>Facebook</a> even if</em></ins></span> the
<span class="removed"><del><strong>snooping done by</strong></del></span> <span
class="inserted"><ins><em>user doesn't have
- a Facebook account. According to</em></ins></span> the <span
class="removed"><del><strong>phone company,</strong></del></span> <span
class="inserted"><ins><em>article, Zoom</em></ins></span> and <span
class="removed"><del><strong>perhaps by the OS in the
- phone.</p>
-
- <p>Don't be distracted by the question</strong></del></span> <span
class="inserted"><ins><em>Facebook
- don't even mention this surveillance on their privacy policy page,
- making this an obvious violation</em></ins></span> of <span
class="inserted"><ins><em>people's privacy even in their
+ <p>The Apple iOS version</em></ins></span> of <span
class="removed"><del><strong>Facebook</strong></del></span> <span
class="inserted"><ins><em>Zoom <a
+
href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
+ sending</em></ins></span> users' <span
class="removed"><del><strong>pictures are private
+ anymore,</strong></del></span> <span class="inserted"><ins><em>data to
Facebook</a></em></ins></span> even if the user <span
class="removed"><del><strong>didn't “upload”
them</strong></del></span> <span class="inserted"><ins><em>doesn't have
+ a Facebook account. According</em></ins></span> to the <span
class="removed"><del><strong>service.</p>
+ </li>
+
+ <li><p>Like most “music screaming” disservices,
Spotify
+ is based</strong></del></span> <span class="inserted"><ins><em>article,
Zoom and Facebook
+ don't even mention this surveillance</em></ins></span> on <span
class="removed"><del><strong>proprietary malware (DRM</strong></del></span>
<span class="inserted"><ins><em>their privacy policy page,
+ making this an obvious violation of people's privacy even in their
own terms.</p>
</li>
@@ -1523,130 +1505,111 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Alipay Health Code app
- estimates</em></ins></span> whether the <span
class="removed"><del><strong>app developers get
- users to say “I agree”. That is no excuse for
malware.</p></strong></del></span> <span class="inserted"><ins><em>user
has Covid-19 and <a
-
href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
- tells the cops directly</a>.</p></em></ins></span>
- </li>
+ estimates whether the user has Covid-19</em></ins></span> and <span
class="removed"><del><strong>snooping). In August
+ 2015 it</strong></del></span> <a
+<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit to increased snooping</a>, and some
+ are starting to realize that it is nasty.</p>
- <span class="removed"><del><strong><li><p>The Brightest
Flashlight</strong></del></span>
+ <p>This article shows</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
+ tells</em></ins></span> the <span class="removed"><del><strong><a
+href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping</strong></del></span> <span
class="inserted"><ins><em>cops directly</a>.</p>
+ </li>
- <span class="inserted"><ins><em><li id="M202001290">
+ <li id="M202001290">
<!--#set var="DATE" value='<small
class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Amazon Ring</em></ins></span> app <span
class="inserted"><ins><em>does</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
- sends user data, including geolocation,</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
- surveillance</em></ins></span> for <span class="removed"><del><strong>use
by companies.</a></p></strong></del></span> <span
class="inserted"><ins><em>other companies as well as for
Amazon</a>.</p>
+ <p>The Amazon Ring app does <a
+
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
+ surveillance for other companies</em></ins></span> as <span
class="removed"><del><strong>a way</strong></del></span> <span
class="inserted"><ins><em>well as for Amazon</a>.</p>
</li>
<li id="M201912220">
<!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
- --><!--#echo encoding="none" var="DATE" --></em></ins></span>
- <p>The <span class="removed"><del><strong>FTC criticized this app
because it asked the user to
- approve sending personal data to the</strong></del></span> <span
class="inserted"><ins><em>ToToc messaging</em></ins></span> app <span
class="removed"><del><strong>developer but did not
- ask about sending it</strong></del></span> <span
class="inserted"><ins><em>seems</em></ins></span> to <span
class="removed"><del><strong>other companies. This shows</strong></del></span>
<span class="inserted"><ins><em>be a <a
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The ToToc messaging app seems</em></ins></span> to <span
class="removed"><del><strong>“serve” users
better</a>—never mind
+ whether they want that. This is</strong></del></span> <span
class="inserted"><ins><em>be</em></ins></span> a <span
class="removed"><del><strong>typical example of</strong></del></span> <span
class="inserted"><ins><em><a
href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
- spying tool for</em></ins></span> the
- <span class="removed"><del><strong>weakness</strong></del></span> <span
class="inserted"><ins><em>government</em></ins></span> of the <span
class="removed"><del><strong>reject-it-if-you-dislike-snooping
- “solution” to surveillance: why should</strong></del></span>
<span class="inserted"><ins><em>United Arab Emirates</a>.
- Any nonfree program could be doing this, and that is</em></ins></span> a
<span class="removed"><del><strong>flashlight
- app send any information</strong></del></span> <span
class="inserted"><ins><em>good
- reason</em></ins></span> to <span class="removed"><del><strong>anyone?
A</strong></del></span> <span class="inserted"><ins><em>use</em></ins></span>
free software <span class="removed"><del><strong>flashlight
- app would not.</p>
- </li>
-</ul>
-
+ spying tool for</em></ins></span> the <span
class="removed"><del><strong>attitude</strong></del></span> <span
class="inserted"><ins><em>government</em></ins></span> of the <span
class="removed"><del><strong>proprietary</strong></del></span> <span
class="inserted"><ins><em>United Arab Emirates</a>.
+ Any nonfree program could be doing this, and that is a good
+ reason to use free</em></ins></span> software <span
class="removed"><del><strong>industry towards
+ those they have subjugated.</p>
-<div class="big-subsection">
- <h4 id="SpywareInGames">Spyware</strong></del></span> <span
class="inserted"><ins><em>instead.</p>
+ <p>Out, out, damned Spotify!</p></strong></del></span> <span
class="inserted"><ins><em>instead.</p>
- <p><small>Note: this article uses the word
“free”</em></ins></span> in <span
class="removed"><del><strong>Games</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
-</div>
-
-<ul>
- <li><p>nVidia's proprietary GeForce
Experience</strong></del></span>
- <span class="inserted"><ins><em>the sense of
“gratis.”</small></p>
+ <p><small>Note: this article uses the word “free”
in
+ the sense of
“gratis.”</small></p></em></ins></span>
</li>
+ <span class="removed"><del><strong><li><p>Many proprietary
apps</strong></del></span>
- <li id="M201912090">
+ <span class="inserted"><ins><em><li id="M201912090">
<!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>iMonsters and Android phones,
- when used for work, give employers powerful</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
- users identify themselves</strong></del></span>
+ when used</em></ins></span> for <span class="removed"><del><strong>mobile
devices report which other
+ apps the user has
+ installed.</strong></del></span> <span class="inserted"><ins><em>work,
give employers powerful</em></ins></span> <a <span
class="removed"><del><strong>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
- snooping</em></ins></span> and <span class="removed"><del><strong>then
sends personal data about them</strong></del></span> <span
class="inserted"><ins><em>sabotage capabilities</a> if they install their
own
- software on the device. Many employers demand</em></ins></span> to
- <span class="removed"><del><strong>nVidia servers</a>.</p>
+ snooping and sabotage capabilities</a> if they install their own
+ software on the device. Many employers demand to do this. For the
+ employee,</em></ins></span> this <span class="removed"><del><strong>in a
way that at least</strong></del></span> is <span
class="removed"><del><strong>visible</strong></del></span> <span
class="inserted"><ins><em>simply nonfree software, as fundamentally
unjust</em></ins></span>
+ and
+ <span class="removed"><del><strong>optional</a>.
Not</strong></del></span> as <span
class="removed"><del><strong>bad</strong></del></span> <span
class="inserted"><ins><em>dangerous</em></ins></span> as <span
class="removed"><del><strong>what the others do.</p>
</li>
- <li><p>Angry Birds
- <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies,</strong></del></span> <span
class="inserted"><ins><em>do this. For the
- employee, this is simply nonfree software, as fundamentally
unjust</em></ins></span>
- and <span class="inserted"><ins><em>as dangerous as any other nonfree
software.</p>
+ <li><p>FTC says most mobile apps for children don't respect
privacy:
+ <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
<span class="inserted"><ins><em>any other nonfree
software.</p></em></ins></span>
</li>
- <li id="M201910130">
+ <span class="removed"><del><strong><li><p>Widely used <a
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201910130">
<!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Chinese Communist Party's “Study</em></ins></span>
- the <span class="removed"><del><strong>NSA takes
advantage</strong></del></span> <span class="inserted"><ins><em>Great
Nation” app requires users</em></ins></span> to <span
class="removed"><del><strong>spy through</strong></del></span> <span
class="inserted"><ins><em>grant</em></ins></span> it <span
class="removed"><del><strong>too</a>.
- Here's information on</strong></del></span> <a <span
class="removed"><del><strong>href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
- more spyware apps</a>.</p>
- <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
- More about NSA app spying</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInToys">Spyware in Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
-</div>
-
-<ul>
- <li>
- <p>The “smart” toys My Friend Cayla</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
- access to the phone's microphone, photos, text messages,
contacts,</em></ins></span> and <span class="removed"><del><strong>i-Que
transmit
- <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations</strong></del></span>
- <span class="inserted"><ins><em>internet history</a>, and the
Android version was found</em></ins></span> to <span
class="removed"><del><strong>Nuance
Communications</a>,</strong></del></span> <span
class="inserted"><ins><em>contain</em></ins></span> a <span
class="removed"><del><strong>speech recognition company
based</strong></del></span>
- <span class="inserted"><ins><em>back-door allowing developers to run any
code they wish</em></ins></span> in the <span
class="removed"><del><strong>U.S.</p>
-
- <p>Those toys also contain major security vulnerabilities; crackers
- can remotely control</strong></del></span> <span
class="inserted"><ins><em>users'
- phone, as “superusers.” Downloading and using this
+ the <span class="removed"><del><strong>user</a>. This is in
addition</strong></del></span> <span class="inserted"><ins><em>Great
Nation” app requires users to grant it <a
+
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
+ access</em></ins></span> to the <span
class="removed"><del><strong>snooping done by</strong></del></span> <span
class="inserted"><ins><em>phone's microphone, photos, text messages, contacts,
and
+ internet history</a>, and</em></ins></span> the <span
class="removed"><del><strong>phone company,</strong></del></span> <span
class="inserted"><ins><em>Android version was found to contain a
+ back-door allowing developers to run any code they wish in the users'
+ phone, as “superusers.” Downloading</em></ins></span> and
<span class="removed"><del><strong>perhaps by</strong></del></span> <span
class="inserted"><ins><em>using this
app is mandatory at some workplaces.</p>
<p>Note: The <a
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
- Washington Post version of</em></ins></span> the <span
class="removed"><del><strong>toys with a mobile phone. This would
- enable crackers to listen</strong></del></span> <span
class="inserted"><ins><em>article</a> (partly obfuscated, but
- readable after copy-pasting</em></ins></span> in <span
class="removed"><del><strong>on</strong></del></span> a <span
class="removed"><del><strong>child's speech, and even speak
- into</strong></del></span> <span class="inserted"><ins><em>text editor)
includes a clarification
- saying that</em></ins></span> the <span class="removed"><del><strong>toys
themselves.</p>
- </li>
-
- <li>
- <p>A computerized vibrator
- <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping</strong></del></span> <span
class="inserted"><ins><em>tests were only performed</em></ins></span> on <span
class="removed"><del><strong>its users through</strong></del></span> the <span
class="removed"><del><strong>proprietary control
app</a>.</p></strong></del></span> <span
class="inserted"><ins><em>Android version
- of the app, and that, according to Apple, “this kind of
+ Washington Post version of</em></ins></span> the <span
class="removed"><del><strong>OS</strong></del></span> <span
class="inserted"><ins><em>article</a> (partly obfuscated, but
+ readable after copy-pasting</em></ins></span> in <span
class="inserted"><ins><em>a text editor) includes a clarification
+ saying that</em></ins></span> the
+ <span class="removed"><del><strong>phone.</p>
+
+ <p>Don't be distracted by</strong></del></span> <span
class="inserted"><ins><em>tests were only performed on</em></ins></span> the
<span class="removed"><del><strong>question</strong></del></span> <span
class="inserted"><ins><em>Android version</em></ins></span>
+ of <span class="removed"><del><strong>whether</strong></del></span> the
<span class="removed"><del><strong>app developers get
+ users</strong></del></span> <span class="inserted"><ins><em>app, and
that, according</em></ins></span> to <span class="removed"><del><strong>say
“I agree”. That is no excuse for
malware.</p></strong></del></span> <span class="inserted"><ins><em>Apple,
“this kind of
‘superuser’ surveillance could not be conducted on
- Apple's operating system.”</p>
+ Apple's operating system.”</p></em></ins></span>
</li>
- <li id="M201909091">
+ <span class="removed"><del><strong><li><p>The Brightest
Flashlight app
+ <a
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by
companies.</a></p></strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201909091">
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" --></em></ins></span>
- <p>The <span class="inserted"><ins><em>Facebook</em></ins></span>
app <span class="removed"><del><strong>was reporting</strong></del></span>
<span class="inserted"><ins><em><a
+ <p>The <span class="removed"><del><strong>FTC criticized
this</strong></del></span> <span
class="inserted"><ins><em>Facebook</em></ins></span> app <span
class="removed"><del><strong>because</strong></del></span> <span
class="inserted"><ins><em><a
href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
- tracks users even when it is turned off</a>, after tricking them
- into giving</em></ins></span> the <span
class="removed"><del><strong>temperature</strong></del></span> <span
class="inserted"><ins><em>app broad permissions in order to use
one</em></ins></span> of <span class="removed"><del><strong>the vibrator minute
by
- minute (thus, indirectly, whether it was surrounded
by</strong></del></span> <span class="inserted"><ins><em>its
+ tracks users even when</em></ins></span> it <span
class="removed"><del><strong>asked the user to
+ approve sending personal data to</strong></del></span> <span
class="inserted"><ins><em>is turned off</a>, after tricking them
+ into giving</em></ins></span> the app <span
class="removed"><del><strong>developer but did not
+ ask about sending it</strong></del></span> <span
class="inserted"><ins><em>broad permissions in order</em></ins></span> to <span
class="removed"><del><strong>other companies. This shows the
+ weakness</strong></del></span> <span class="inserted"><ins><em>use
one</em></ins></span> of <span class="removed"><del><strong>the
reject-it-if-you-dislike-snooping
+ “solution” to surveillance: why should a flashlight
+ app</strong></del></span> <span class="inserted"><ins><em>its
functionalities.</p>
</li>
@@ -1654,99 +1617,191 @@
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some nonfree period-tracking apps including MIA Fem and Maya <a
-
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
- send intimate details of users' lives to Facebook</a>.</p>
+
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem"></em></ins></span>
+ send <span class="removed"><del><strong>any
information</strong></del></span> <span class="inserted"><ins><em>intimate
details of users' lives</em></ins></span> to <span
class="removed"><del><strong>anyone?</strong></del></span> <span
class="inserted"><ins><em>Facebook</a>.</p>
</li>
<li id="M201909060">
<!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Keeping track of who downloads</em></ins></span> a <span
class="removed"><del><strong>person's
- body), as well as the vibration frequency.</p>
-
- <p>Note the totally inadequate proposed
response:</strong></del></span> <span class="inserted"><ins><em>proprietary
- program is</em></ins></span> a <span class="removed"><del><strong>labeling
- standard with which manufacturers would make statements about
- their products, rather than free software which users could have
- checked and changed.</p>
-
- <p>The company that made the vibrator
- <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued</strong></del></span> <span class="inserted"><ins><em>form of
surveillance. There is a
- proprietary program</em></ins></span> for <span
class="removed"><del><strong>collecting lots</strong></del></span> <span
class="inserted"><ins><em>adjusting a certain telescopic rifle sight. <a
-
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
- A US prosecutor has demanded the list</em></ins></span> of <span
class="removed"><del><strong>personal information about
how</strong></del></span> <span class="inserted"><ins><em>all the 10,000 or
more</em></ins></span> people <span
class="removed"><del><strong>used</strong></del></span>
- <span class="inserted"><ins><em>who have installed</em></ins></span>
it</a>.</p>
+ <p>Keeping track of who downloads a proprietary
+ program is a form of surveillance. There is a
+ proprietary program for adjusting a certain telescopic rifle sight. <a
+
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/"></em></ins></span>
+ A <span class="inserted"><ins><em>US prosecutor has demanded the list of
all the 10,000 or more people
+ who have installed it</a>.</p>
+
+ <p>With a</em></ins></span> free <span
class="removed"><del><strong>software flashlight
+ app</strong></del></span> <span class="inserted"><ins><em>program
there</em></ins></span> would <span
class="removed"><del><strong>not.</p></strong></del></span> <span
class="inserted"><ins><em>not be a list of who has installed
+ it.</p></em></ins></span>
+ </li>
+<span class="removed"><del><strong></ul>
- <span class="removed"><del><strong><p>The company's statement that
it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data
to</strong></del></span>
- <span class="inserted"><ins><em><p>With</em></ins></span> a
- <span class="removed"><del><strong>data broker, the data
broker</strong></del></span> <span class="inserted"><ins><em>free program
there</em></ins></span> would <span class="removed"><del><strong>have been able
to figure out</strong></del></span> <span class="inserted"><ins><em>not be a
list of</em></ins></span> who <span class="removed"><del><strong>the user
was.</p>
+<div class="big-subsection">
+ <h4 id="SpywareInGames">Spyware in Games</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+</div>
- <p>Following this lawsuit,
- <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company</strong></del></span> has <span
class="removed"><del><strong>been ordered</strong></del></span> <span
class="inserted"><ins><em>installed
- it.</p>
- </li>
+<ul>
+ <li><p>nVidia's proprietary GeForce
Experience</strong></del></span>
- <li id="M201907081">
+ <span class="inserted"><ins><em><li id="M201907081">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Many unscrupulous mobile-app developers keep finding
ways</em></ins></span> to <span class="removed"><del><strong>pay a
total</strong></del></span> <span class="inserted"><ins><em><a
-
href="https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
- bypass user's settings</a>, regulations, and privacy-enhancing
features</em></ins></span>
- of <span class="removed"><del><strong>C$4m</a></strong></del></span>
<span class="inserted"><ins><em>the operating system, in
order</em></ins></span> to <span class="removed"><del><strong>its
customers.</p></strong></del></span> <span
class="inserted"><ins><em>gather as much private data as
+ <p>Many unscrupulous mobile-app developers keep finding ways
to</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
+ users identify themselves</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
+ bypass user's settings</a>, regulations,</em></ins></span> and <span
class="removed"><del><strong>then sends personal</strong></del></span> <span
class="inserted"><ins><em>privacy-enhancing features
+ of the operating system, in order to gather as much
private</em></ins></span> data <span
class="removed"><del><strong>about</strong></del></span> <span
class="inserted"><ins><em>as
they possibly can.</p>
<p>Thus, we can't trust rules against spying. What we can trust is
- having control over the software we run.</p></em></ins></span>
+ having control over the software we run.</p>
</li>
- <span class="removed"><del><strong><li><p>
“CloudPets” toys with microphones
- <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations to</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201907080">
+ <li id="M201907080">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many Android apps can track
- users' movements even when</em></ins></span> the
- <span class="removed"><del><strong>manufacturer</a>. Guess
what?</strong></del></span> <span class="inserted"><ins><em>user
says</em></ins></span> <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found a way</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
- not</em></ins></span> to <span class="inserted"><ins><em>allow
them</em></ins></span> access <span class="removed"><del><strong>the
data</a>
- collected by the manufacturer's snooping.</p>
-
- <p>That the manufacturer and the FBI could
listen</strong></del></span> to <span class="removed"><del><strong>these
conversations
- was unacceptable</strong></del></span> <span
class="inserted"><ins><em>locations</a>.</p>
+ users' movements even when the user says <a
+
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
+ not to allow</em></ins></span> them <span
class="inserted"><ins><em>access</em></ins></span> to
+ <span class="removed"><del><strong>nVidia
servers</a>.</p></strong></del></span> <span
class="inserted"><ins><em>locations</a>.</p>
<p>This involves an apparently unintentional weakness in Android,
- exploited intentionally</em></ins></span> by <span
class="removed"><del><strong>itself.</p></li>
-
- <li><p>Barbie</strong></del></span> <span
class="inserted"><ins><em>malicious apps.</p>
+ exploited intentionally by malicious apps.</p></em></ins></span>
</li>
- <li id="M201905300">
+ <span class="removed"><del><strong><li><p>Angry
Birds</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201905300">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Femm “fertility” app is secretly
a</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy</strong></del></span>
+ <p>The Femm “fertility” app is secretly
a</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
- tool for propaganda</a> by natalist Christians. It spreads distrust
+ tool</em></ins></span> for <span class="removed"><del><strong>companies,
and the NSA takes advantage to spy through it too</a>.
+ Here's information</strong></del></span> <span
class="inserted"><ins><em>propaganda</a> by natalist Christians. It
spreads distrust
for contraception.</p>
- <p>It snoops</em></ins></span> on <span
class="removed"><del><strong>children and
adults</a>.</p></strong></del></span> <span
class="inserted"><ins><em>users, too, as you must expect from nonfree
+ <p>It snoops</em></ins></span> on
+ <span class="removed"><del><strong><a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more spyware apps</a>.</p>
+ <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em>users, too, as you must expect from nonfree
programs.</p></em></ins></span>
</li>
<span class="removed"><del><strong></ul>
-<!-- #SpywareAtLowLevel</strong></del></span>
+<div class="big-subsection">
+ <h4 id="SpywareInToys">Spyware in Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+</div>
+
+<ul>
+ <li>
+ <p>The “smart” toys My Friend Cayla and i-Que
transmit</strong></del></span>
<span class="inserted"><ins><em><li id="M201905060">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>BlizzCon 2019 imposed a</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
+ requirement</em></ins></span> to <span class="removed"><del><strong>Nuance
Communications</a>,</strong></del></span> <span
class="inserted"><ins><em>run</em></ins></span> a <span
class="removed"><del><strong>speech recognition company based in the
U.S.</p>
+
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control</strong></del></span> <span
class="inserted"><ins><em>proprietary phone app</a> to be allowed
into</em></ins></span>
+ the <span class="removed"><del><strong>toys with</strong></del></span>
<span class="inserted"><ins><em>event.</p>
+
+ <p>This app is</em></ins></span> a <span
class="removed"><del><strong>mobile phone. This would
+ enable crackers to listen in</strong></del></span> <span
class="inserted"><ins><em>spyware that can snoop</em></ins></span> on a <span
class="removed"><del><strong>child's speech,</strong></del></span> <span
class="inserted"><ins><em>lot of
+ sensitive data, including user's location</em></ins></span> and <span
class="removed"><del><strong>even speak
+ into the toys themselves.</p>
+ </li>
+
+ <li>
+ <p>A computerized vibrator</strong></del></span> <span
class="inserted"><ins><em>contact list, and has</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping on its users through the proprietary control
app</a>.</p>
+
+ <p>The app was reporting the temperature of</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
+ near-complete control</a> over</em></ins></span> the <span
class="removed"><del><strong>vibrator minute by
+ minute (thus, indirectly, whether it was
surrounded</strong></del></span> <span
class="inserted"><ins><em>phone.</p>
+ </li>
+
+ <li id="M201904131">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Data collected</em></ins></span> by <span
class="removed"><del><strong>a person's
+ body), as well as the vibration frequency.</p>
+
+ <p>Note the totally inadequate proposed response: a labeling
+ standard with which manufacturers would make statements about
+ their products, rather than free software which users could have
+ checked</strong></del></span> <span
class="inserted"><ins><em>menstrual</em></ins></span> and <span
class="removed"><del><strong>changed.</p>
+
+ <p>The company that made the vibrator</strong></del></span> <span
class="inserted"><ins><em>pregnancy monitoring apps is often</em></ins></span>
<a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
+ was sued for collecting lots of personal information about how
+ people used it</a>.</p>
+
+ <p>The company's statement that it was
anonymizing</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
+ available to employers and insurance companies</a>. Even
though</em></ins></span> the
+ data <span class="removed"><del><strong>may be
+ true, but it doesn't really matter. If</strong></del></span> <span
class="inserted"><ins><em>is “anonymized and
aggregated,”</em></ins></span> it <span class="removed"><del><strong>had
sold the data</strong></del></span> <span class="inserted"><ins><em>can easily
be
+ traced back</em></ins></span> to <span class="removed"><del><strong>a
+ data broker,</strong></del></span> the <span
class="removed"><del><strong>data broker would have been able to figure
out</strong></del></span> <span
class="inserted"><ins><em>woman</em></ins></span> who <span
class="inserted"><ins><em>uses</em></ins></span> the <span
class="removed"><del><strong>user was.</p>
+
+ <p>Following this lawsuit,
+ <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company</strong></del></span> <span
class="inserted"><ins><em>app.</p>
+
+ <p>This</em></ins></span> has <span
class="removed"><del><strong>been ordered</strong></del></span> <span
class="inserted"><ins><em>harmful implications for women's
rights</em></ins></span> to <span class="removed"><del><strong>pay a total of
C$4m</a></strong></del></span> <span class="inserted"><ins><em>equal
employment
+ and freedom</em></ins></span> to <span class="removed"><del><strong>its
customers.</p>
+ </li>
+
+ <li><p> “CloudPets” toys with microphones
+ <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak
childrens' conversations</strong></del></span> <span
class="inserted"><ins><em>make their own pregnancy choices. Don't use
+ these apps, even if someone offers you a reward</em></ins></span> to <span
class="inserted"><ins><em>do so. A
+ free-software app that does more or less</em></ins></span> the
+ <span class="removed"><del><strong>manufacturer</a>. Guess
what?</strong></del></span> <span class="inserted"><ins><em>same thing without
+ spying on you is available from</em></ins></span> <a <span
class="removed"><del><strong>href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers
found</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://search.f-droid.org/?q=menstr">F-Droid</a>,
and <a
+
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f"></em></ins></span>
+ a <span class="removed"><del><strong>way to access the data</a>
+ collected by the manufacturer's snooping.</p>
+
+ <p>That</strong></del></span> <span class="inserted"><ins><em>new
one is being developed</a>.</p>
+ </li>
+
+ <li id="M201904130">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google tracks</em></ins></span> the <span
class="removed"><del><strong>manufacturer</strong></del></span> <span
class="inserted"><ins><em>movements of Android phones and iPhones
+ running Google apps,</em></ins></span> and <span
class="inserted"><ins><em>sometimes <a
+
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
+ saves</em></ins></span> the <span class="removed"><del><strong>FBI could
listen</strong></del></span> <span class="inserted"><ins><em>data for
years</a>.</p>
+
+ <p>Nonfree software in the phone has</em></ins></span> to <span
class="removed"><del><strong>these conversations
+ was unacceptable by itself.</p></li>
+
+ <li><p>Barbie
+ <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span> <span class="inserted"><ins><em>be responsible for
sending
+ the location data</em></ins></span> to <span
class="removed"><del><strong>spy on children and
adults</a>.</p></strong></del></span> <span
class="inserted"><ins><em>Google.</p></em></ins></span>
+ </li>
+<span class="removed"><del><strong></ul>
+
+
+<!-- #SpywareAtLowLevel -->
+<!-- WEBMASTERS: make sure to place new items on top under each
subsection</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201903251">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-<span class="removed"><del><strong><!-- WEBMASTERS: make sure to place new
items on top under each subsection -->
-<div class="big-section">
+<span class="removed"><del><strong><div class="big-section">
<h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
<span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
</div>
@@ -1760,29 +1815,27 @@
<ul>
<li><p></strong></del></span>
- <span class="inserted"><ins><em><p>BlizzCon 2019 imposed
a</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware and</strong></del></span>
- <span
class="inserted"><ins><em>href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
- requirement to run a proprietary phone app</a> to be allowed into
- the event.</p>
-
- <p>This app is a</em></ins></span> spyware <span
class="removed"><del><strong>via BIOS</a> on Windows installs.
-Note</strong></del></span> that <span class="removed"><del><strong>the
specific sabotage method Lenovo used did not affect
-GNU/Linux; also,</strong></del></span> <span class="inserted"><ins><em>can
snoop on</em></ins></span> a <span
class="removed"><del><strong>“clean” Windows install is not really
-clean since</strong></del></span> <span class="inserted"><ins><em>lot of
- sensitive data, including user's location and contact list, and
has</em></ins></span> <a <span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
+ <span class="inserted"><ins><em><p>Many Android phones come with a
huge number of</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via
BIOS</a></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
+ preinstalled nonfree apps that have access to sensitive data without
+ users' knowledge</a>. These hidden apps may either call home with
+ the data, or pass it</em></ins></span> on <span
class="removed"><del><strong>Windows installs.
+Note</strong></del></span> <span class="inserted"><ins><em>to user-installed
apps</em></ins></span> that <span class="inserted"><ins><em>have access
to</em></ins></span>
+ the <span class="removed"><del><strong>specific sabotage method Lenovo
used did not affect
+GNU/Linux; also, a “clean” Windows install is not really
+clean since <a href="/proprietary/malware-microsoft.html">Microsoft
puts in its own malware</a>.
</p></li>
</ul>
<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure to place new items on top under each
subsection</strong></del></span>
- <span
class="inserted"><ins><em>href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
- near-complete control</a> over the phone.</p>
+<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>network but no direct access</em></ins></span> to
<span class="removed"><del><strong>place new items</strong></del></span> <span
class="inserted"><ins><em>the data. This results in massive
+ surveillance</em></ins></span> on <span class="removed"><del><strong>top
under each subsection</strong></del></span> <span
class="inserted"><ins><em>which the user has absolutely no control.</p>
</li>
- <li id="M201904131">
- <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ <li id="M201903201">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE"</em></ins></span> -->
<span class="removed"><del><strong><div class="big-section">
@@ -1793,93 +1846,18 @@
<ul>
<li><p>Investigation
- Shows</strong></del></span>
- <span class="inserted"><ins><em><p>Data collected by menstrual and
pregnancy monitoring apps is often</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
<p>Specifically,</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
- available to employers and insurance companies</a>. Even though the
- data is “anonymized and aggregated,”</em></ins></span> it can
<span class="removed"><del><strong>collect</strong></del></span> <span
class="inserted"><ins><em>easily be
- traced back to</em></ins></span> the <span
class="removed"><del><strong>emails of members of Parliament
- this way, because they pass it through Microsoft.</p></li>
-
- <li><p>Spyware in Cisco TNP IP phones:
- <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInSkype">Spyware in Skype</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
-</div>
-
-<ul>
- <li><p>Spyware in Skype:
- <a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
-
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
- Microsoft changed Skype
- <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
- specifically</strong></del></span> <span class="inserted"><ins><em>woman
who uses the app.</p>
-
- <p>This has harmful implications</em></ins></span> for <span
class="removed"><del><strong>spying</a>.</p>
- </li>
-</ul>
-
-
-
-<!-- #SpywareOnTheRoad -->
-<!-- WEBMASTERS:</strong></del></span> <span
class="inserted"><ins><em>women's rights to equal employment
- and freedom to</em></ins></span> make <span
class="removed"><del><strong>sure</strong></del></span> <span
class="inserted"><ins><em>their own pregnancy choices. Don't use
- these apps, even if someone offers you a reward</em></ins></span> to <span
class="removed"><del><strong>place new items</strong></del></span> <span
class="inserted"><ins><em>do so. A
- free-software app that does more or less the same thing without
- spying</em></ins></span> on <span class="removed"><del><strong>top under
each subsection</strong></del></span> <span class="inserted"><ins><em>you is
available from <a
- href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
-
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
- a new one is being developed</a>.</p>
- </li>
-
- <li id="M201904130">
- <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-
-<span class="removed"><del><strong><div class="big-section">
- <h3 id="SpywareOnTheRoad">Spyware on The Road</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span></strong></del></span>
- <span class="inserted"><ins><em><p>Google tracks the movements of
Android phones and iPhones
- running Google apps, and sometimes <a
-
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
- saves the data for years</a>.</p>
-
- <p>Nonfree software in the phone has to be responsible for sending
- the location data to Google.</p>
- </li>
-
- <li id="M201903251">
- <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Many Android phones come with a huge number of <a
-
href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
- preinstalled nonfree apps that have access to sensitive data without
- users' knowledge</a>. These hidden apps may either call home with
- the data, or pass it on to user-installed apps that have access to
- the network but no direct access to the data. This results in massive
- surveillance on which the user has absolutely no control.</p>
- </li>
-
- <li id="M201903201">
- <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>A study of 24 “health” apps found that 19 of them
<a
+ <span class="inserted"><ins><em><p>A study of 24
“health” apps found that 19 of them <a
href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
send sensitive personal data to third parties</a>, which can use it
for invasive advertising or discriminating against people in poor
medical condition.</p>
- <p>Whenever user “consent” is sought, it is buried in
+ <p>Whenever user “consent” is sought,</em></ins></span>
it <span class="inserted"><ins><em>is buried in
lengthy terms of service that are difficult to understand. In any case,
“consent” is not sufficient to legitimize snooping.</p>
</li>
@@ -1894,8 +1872,8 @@
way and released them, apparently not realizing that all the personal
data they collected would go to Facebook as well.</p>
- <p>It shows that no one can trust a nonfree program, not even the
- developers of other nonfree programs.</p>
+ <p>It shows that no one</em></ins></span> can <span
class="removed"><del><strong>collect</strong></del></span> <span
class="inserted"><ins><em>trust a nonfree program, not even</em></ins></span>
the <span class="removed"><del><strong>emails</strong></del></span>
+ <span class="inserted"><ins><em>developers</em></ins></span> of <span
class="removed"><del><strong>members</strong></del></span> <span
class="inserted"><ins><em>other nonfree programs.</p>
</li>
<li id="M201902140">
@@ -1903,38 +1881,68 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The AppCensus database gives information on <a
href="https://www.appcensus.mobi"> how Android apps use and
- misuse users' personal data</a>. As of March 2019, nearly
+ misuse users' personal data</a>. As</em></ins></span> of <span
class="removed"><del><strong>Parliament</strong></del></span> <span
class="inserted"><ins><em>March 2019, nearly
78,000 have been analyzed, of which 24,000 (31%) transmit the <a
href="/proprietary/proprietary-surveillance.html#M201812290">
Advertising ID</a> to other companies, and <a
href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
- 18,000 (23% of the total) link this ID to hardware identifiers</a>,
+ 18,000 (23% of the total) link</em></ins></span> this <span
class="removed"><del><strong>way, because they pass it through
Microsoft.</p></li>
+
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>ID to hardware identifiers</a>,
so that users cannot escape tracking by resetting it.</p>
- <p>Collecting hardware identifiers is in apparent violation of
+ <p>Collecting hardware identifiers is</em></ins></span> in <span
class="removed"><del><strong>Cisco TNP IP phones:
+ <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInSkype">Spyware</strong></del></span> <span
class="inserted"><ins><em>apparent violation of
Google's policies. But it seems that Google wasn't aware of it,
- and, once informed, was in no hurry to take action. This proves
+ and, once informed, was</em></ins></span> in <span
class="removed"><del><strong>Skype</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+</div>
+
+<ul>
+ <li><p>Spyware</strong></del></span> <span
class="inserted"><ins><em>no hurry to take action. This proves
that the policies of a development platform are ineffective at
- preventing nonfree software developers from including malware in
- their programs.</p>
+ preventing nonfree software developers from including
malware</em></ins></span> in <span class="removed"><del><strong>Skype:
+ <a
href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
+
http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
+ Microsoft changed Skype
+ <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically</strong></del></span>
+ <span class="inserted"><ins><em>their programs.</p>
</li>
<li id="M201902060">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Many nonfree apps have a surveillance feature for <a
+ <p>Many nonfree apps have a surveillance feature</em></ins></span>
for <span
class="removed"><del><strong>spying</a>.</p></strong></del></span>
<span class="inserted"><ins><em><a
href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
- recording all the users' actions</a> in interacting with the
app.</p>
+ recording all the users' actions</a> in interacting with the
app.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
+
+
+
+<!-- #SpywareOnTheRoad</strong></del></span>
- <li id="M201902041.1">
+ <span class="inserted"><ins><em><li id="M201902041.1">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Twenty nine “beauty camera” apps that used to
- be on Google Play had one or more malicious functionalities, such as <a
+ --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
+ <span class="inserted"><ins><em><p>Twenty nine “beauty
camera” apps that used</em></ins></span> to <span
class="removed"><del><strong>place new items</strong></del></span>
+ <span class="inserted"><ins><em>be</em></ins></span> on <span
class="removed"><del><strong>top under each subsection -->
+
+<div class="big-section">
+ <h3 id="SpywareOnTheRoad">Spyware</strong></del></span> <span
class="inserted"><ins><em>Google Play had one or more malicious
functionalities, such as <a
href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
stealing users' photos</a> instead of “beautifying” them,
- pushing unwanted and often malicious ads on users, and redirecting
+ pushing unwanted and often malicious ads</em></ins></span> on <span
class="removed"><del><strong>The Road</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span></strong></del></span>
<span class="inserted"><ins><em>users, and redirecting
them to phishing sites that stole their credentials. Furthermore,
the user interface of most of them was designed to make uninstallation
difficult.</p>
@@ -4210,7 +4218,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 14:33:05 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
Index: proprietary/po/proprietary-surveillance.ja-diff.html
===================================================================
RCS file: /web/www/www/proprietary/po/proprietary-surveillance.ja-diff.html,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -b -r1.250 -r1.251
--- proprietary/po/proprietary-surveillance.ja-diff.html 6 Feb 2021
14:33:05 -0000 1.250
+++ proprietary/po/proprietary-surveillance.ja-diff.html 6 Feb 2021
16:03:04 -0000 1.251
@@ -432,13 +432,18 @@
<li><p></strong></del></span> <span
class="inserted"><ins><em>ads.</p>
<p>We can suppose</em></ins></span> Microsoft <span
class="removed"><del><strong>uses Windows 10's “privacy policy” to
overtly impose a
- “right” to look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files <span
class="removed"><del><strong>at any time. Windows 10 full disk
+ “right” to look at users' files at any time. Windows 10 full disk
encryption <a
href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
- gives</strong></del></span> <span class="inserted"><ins><em>for the US
government
- on demand, though the “privacy policy” does not explicitly
+ gives Microsoft a key</a>.</p>
+
+ <p>Thus, Windows is overt malware in regard to surveillance,
+ as in other issues.</p>
+
+ <p>We can suppose Microsoft look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
+ on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
say so. Will it look at users' files for the Chinese government
on demand?</p>
- </li>
+ <span class="inserted"><ins><em></li>
<li id="M201506170">
<!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
@@ -447,15 +452,10 @@
to overtly impose a “right” to look at
users' files at any time. Windows 10 full disk encryption <a
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
- gives</em></ins></span> Microsoft a key</a>.</p>
+ gives Microsoft a key</a>.</p>
<p>Thus, Windows is overt malware in regard to surveillance, as in
- other issues.</p>
-
- <p>We can suppose Microsoft <span
class="removed"><del><strong>look</strong></del></span> <span
class="inserted"><ins><em>looks</em></ins></span> at users' files for the US
government
- on demand, though the “privacy policy” does not <span
class="removed"><del><strong>explicit</strong></del></span> <span
class="inserted"><ins><em>explicitly</em></ins></span>
- say so. Will it look at users' files for the Chinese government
- on demand?</p>
+ other issues.</p></em></ins></span>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
@@ -698,7 +698,7 @@
<li id="M202101080">
<!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>As of 2021, WhatsApp (one</em></ins></span> of <span
class="inserted"><ins><em>Facebook's subsidiaries) is <a
+ <p>As</em></ins></span> of <span class="inserted"><ins><em>2021,
WhatsApp (one of Facebook's subsidiaries) is <a
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
its users to hand over sensitive</em></ins></span> personal <span
class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>data</a></em></ins></span> to <span
class="removed"><del><strong>Apple's servers</a>. Big
Brother</strong></del></span> <span class="inserted"><ins><em>its parent
company. This increases Facebook's power over users, and further
@@ -717,57 +717,37 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Most apps are malware, but
Trump's campaign app, like Modi's campaign app, is</em></ins></span> <a
<span
class="removed"><del><strong>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number</strong></del></span>
+ a server every phone number that the</strong></del></span>
<span
class="inserted"><ins><em>href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
especially nasty malware, helping companies snoop on users as well
as snooping on them itself</a>.</p>
- <p>The article says</em></ins></span> that <span
class="removed"><del><strong>the user types into it</a>; the server
records these numbers for at least 30
- days.</p>
- </li>
-
- <li><p>Users cannot make an Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary
to install even gratis apps)</a>
- without giving</strong></del></span> <span
class="inserted"><ins><em>Biden's app has</em></ins></span> a <span
class="removed"><del><strong>valid email address and
receiving</strong></del></span> <span class="inserted"><ins><em>less
manipulative overall
+ <p>The article says that Biden's app has a less manipulative overall
approach, but that does not tell us whether it has functionalities we
- consider malicious, such as sending data</em></ins></span> the <span
class="removed"><del><strong>code Apple
- sends</strong></del></span> <span class="inserted"><ins><em>user has not
explicitly
- asked</em></ins></span> to <span
class="removed"><del><strong>it.</p></strong></del></span> <span
class="inserted"><ins><em>send.</p></em></ins></span>
+ consider malicious, such as sending data the user has not explicitly
+ asked to send.</p>
</li>
- <span class="removed"><del><strong><li><p>Around
47%</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201601110">
+ <li id="M201601110">
<!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The natural extension</em></ins></span> of <span
class="removed"><del><strong>the most popular iOS apps</strong></del></span>
<span class="inserted"><ins><em>monitoring
- people through “their” phones is</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
- behavioral and location information</a> of their users with third
parties.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ <p>The natural extension of monitoring
+ people through “their” phones is <a
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
proprietary software to make sure they can't “fool”
- the monitoring</a>.</p></em></ins></span>
+ the monitoring</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>iThings automatically
upload</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201510050">
+ <li id="M201510050">
<!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>According</em></ins></span> to <span
class="removed"><del><strong>Apple's servers all</strong></del></span> <span
class="inserted"><ins><em>Edward Snowden, <a
+ <p>According to Edward Snowden, <a
href="http://www.bbc.com/news/uk-34444233">agencies can take over
smartphones</a> by sending hidden text messages which enable
- them to turn</em></ins></span> the <span
class="removed"><del><strong>photos</strong></del></span> <span
class="inserted"><ins><em>phones on</em></ins></span> and
- <span class="removed"><del><strong>videos they make.</p>
-
- <blockquote><p>
- iCloud Photo Library stores every photo</strong></del></span> <span
class="inserted"><ins><em>off, listen to the microphone,
+ them to turn the phones on and off, listen to the microphone,
retrieve geo-location data from the GPS, take photographs, read
- text messages, read call, location</em></ins></span> and <span
class="removed"><del><strong>video you take,</strong></del></span> <span
class="inserted"><ins><em>web browsing history,</em></ins></span> and <span
class="removed"><del><strong>keeps them up</strong></del></span>
- <span class="inserted"><ins><em>read the contact list. This malware is
designed</em></ins></span> to <span class="removed"><del><strong>date on all
your devices.
- Any edits you make are automatically updated everywhere. [...]
- </p></blockquote>
-
- <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
- information</a> as accessed on 24 Sep 2015.)</strong></del></span>
<span class="inserted"><ins><em>disguise itself
+ text messages, read call, location and web browsing history, and
+ read the contact list. This malware is designed to disguise itself
from investigation.</p>
</li>
@@ -775,41 +755,24 @@
<!--#set var="DATE" value='<small
class="date-tag">2013-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
-
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"></em></ins></span>
- The <span class="removed"><del><strong>iCloud
feature</strong></del></span> <span class="inserted"><ins><em>NSA can tap data
in smart phones, including iPhones,
- Android, and BlackBerry</a>. While there</em></ins></span> is
- <span class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT202033">activated
by</strong></del></span> <span class="inserted"><ins><em>not much
- detail here, it seems that this does not operate via</em></ins></span>
- the
- <span class="removed"><del><strong>startup</strong></del></span> <span
class="inserted"><ins><em>universal back door that we know nearly all portable
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
phones have. It may involve exploiting various bugs. There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
- lots</em></ins></span> of <span
class="removed"><del><strong>iOS</a>. The term “cloud” means
- “please don't ask where.”</p>
-
- <p>There is a way to</strong></del></span> <span
class="inserted"><ins><em>bugs in the phones' radio
software</a>.</p>
+ lots of bugs in the phones' radio software</a>.</p>
</li>
<li id="M201307000">
<!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Portable phones with GPS</em></ins></span> <a <span
class="removed"><del><strong>href="https://support.apple.com/en-us/HT201104">
- deactivate iCloud</a>, but it's active by default
so</strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+ <p>Portable phones with GPS <a
+
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
will send their GPS location on remote command, and users cannot stop
- them</a>. (The US says</em></ins></span> it <span
class="removed"><del><strong>still counts as a
- surveillance functionality.</p>
-
- <p>Unknown people apparently took advantage of this to
- <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos of many celebrities</a>. They needed to break Apple's
- security</strong></del></span> <span class="inserted"><ins><em>will
eventually require all new portable phones</em></ins></span>
- to <span class="removed"><del><strong>get at them, but NSA can access any
of them through
- <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
- </p></li>
-
- <li><p>Spyware in iThings:
- the</strong></del></span> <span class="inserted"><ins><em>have
GPS.)</p>
+ them</a>. (The US says it will eventually require all new portable
phones
+ to have GPS.)</p>
</li>
</ul>
@@ -823,44 +786,28 @@
<li id="M202009183">
<!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Facebook</em></ins></span> <a <span
class="removed"><del><strong>href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
- iBeacon</a> lets stores determine exactly
where</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
- on Instagram</a> users by surreptitously turning
on</em></ins></span> the <span class="removed"><del><strong>iThing is,
- and get other info too.</p></strong></del></span> <span
class="inserted"><ins><em>device's
- camera.</p></em></ins></span>
+ <p>Facebook <a
+
href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
+ on Instagram</a> users by surreptitously turning on the device's
+ camera.</p>
</li>
- <span class="removed"><del><strong><li><p>There is
also</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M202004200">
+ <li id="M202004200">
<!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple whistleblower Thomas Le Bonniec reports that Apple
- made</em></ins></span> a <span class="removed"><del><strong>feature for
web sites</strong></del></span> <span class="inserted"><ins><em>practice of
surreptitiously activating the Siri software</em></ins></span> to <span
class="removed"><del><strong>track users, which is</strong></del></span> <a
<span
class="removed"><del><strong>href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled by default</a>. (That article talks about iOS 6,
but</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
+ made a practice of surreptitiously activating the Siri software to <a
+
href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
record users' conversations when they had not activated Siri</a>.
- This was not just occasional,</em></ins></span> it
- <span class="removed"><del><strong>is still true</strong></del></span>
<span class="inserted"><ins><em>was systematic practice.</p>
+ This was not just occasional, it was systematic practice.</p>
- <p>His job was to listen to these recordings,</em></ins></span> in
<span class="removed"><del><strong>iOS 7.)</p>
- </li>
-
- <li><p>The iThing also
- <a
-href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells</strong></del></span> <span class="inserted"><ins><em>a group that
made
- transcripts of them. He does not believes that</em></ins></span> Apple
<span class="removed"><del><strong>its geolocation</a> by default,
though</strong></del></span> <span class="inserted"><ins><em>has ceased this
+ <p>His job was to listen to these recordings, in a group that made
+ transcripts of them. He does not believes that Apple has ceased this
practice.</p>
- <p>The only reliable way to prevent this is, for the
program</em></ins></span> that <span
class="removed"><del><strong>can</strong></del></span>
- <span class="inserted"><ins><em>controls access to the microphone to
decide when the user has
- “activated” any service, to</em></ins></span> be
- <span class="removed"><del><strong>turned off.</p>
- </li>
-
- <li><p>Apple can,</strong></del></span> <span
class="inserted"><ins><em>free software,</em></ins></span> and <span
class="removed"><del><strong>regularly does,</strong></del></span> <span
class="inserted"><ins><em>the
+ <p>The only reliable way to prevent this is, for the program that
+ controls access to the microphone to decide when the user has
+ “activated” any service, to be free software, and the
operating system under it free as well. This way, users could make
sure Apple can't listen to them.</p>
</li>
@@ -868,264 +815,141 @@
<li id="M201910131">
<!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Safari occasionally</em></ins></span> <a <span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some</strong></del></span>
- <span
class="inserted"><ins><em>href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
- sends browsing</em></ins></span> data from <span
class="removed"><del><strong>iPhones for the state</a>.</p>
- </li>
-
- <li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either</strong></del></span> Apple <span
class="removed"><del><strong>helps the NSA snoop on all the
data</strong></del></span> <span
class="inserted"><ins><em>devices</em></ins></span> in <span
class="removed"><del><strong>an iThing,
- or it is totally incompetent.</a></p>
+ <p>Safari occasionally <a
+
href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
+ sends browsing data from Apple devices in China to the Tencent Safe
+ Browsing service</a>, to check URLs that possibly correspond to
+ “fraudulent” websites. Since Tencent collaborates
+ with the Chinese government, its Safe Browsing black list most certainly
+ contains the websites of political opponents. By linking the requests
+ originating from single IP addresses, the government can identify
+ dissenters in China and Hong Kong, thus endangering their lives.</p>
</li>
- <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features” of iOS seem</strong></del></span> <span
class="inserted"><ins><em>China</em></ins></span> to <span
class="removed"><del><strong>exist for no
- possible purpose other than surveillance</a>. Here
is</strong></del></span> the
- <span class="removed"><del><strong><a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
-</div>
-
-<ul>
- <li><p>According</strong></del></span> <span
class="inserted"><ins><em>Tencent Safe
- Browsing service</a>,</em></ins></span> to <span
class="removed"><del><strong>Edward Snowden,
- <a href="http://www.bbc.com/news/uk-34444233">agencies can take
over smartphones</a>
- by sending hidden text messages which enable them</strong></del></span>
<span class="inserted"><ins><em>check URLs that possibly
correspond</em></ins></span> to <span
class="removed"><del><strong>turn</strong></del></span>
- <span class="inserted"><ins><em>“fraudulent” websites. Since
Tencent collaborates
- with</em></ins></span> the <span class="removed"><del><strong>phones
- on and off, listen to</strong></del></span> <span
class="inserted"><ins><em>Chinese government, its Safe Browsing black list most
certainly
- contains</em></ins></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location
data</strong></del></span> <span class="inserted"><ins><em>websites of
political opponents. By linking the requests
- originating</em></ins></span> from <span class="inserted"><ins><em>single
IP addresses,</em></ins></span> the
- <span class="removed"><del><strong>GPS, take photographs, read text
messages, read call, location and web
- browsing history,</strong></del></span> <span
class="inserted"><ins><em>government can identify
- dissenters in China</em></ins></span> and <span
class="removed"><del><strong>read the contact list. This malware is designed to
- disguise itself from investigation.</p></strong></del></span>
<span class="inserted"><ins><em>Hong Kong, thus endangering their
lives.</p></em></ins></span>
- </li>
-
- <span class="removed"><del><strong><li><p>Samsung phones come
with
- <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201905280">
+ <li id="M201905280">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In spite of Apple's supposed commitment to
- privacy, iPhone apps contain trackers</em></ins></span> that <span
class="removed"><del><strong>users can't
delete</a>,</strong></del></span> <span class="inserted"><ins><em>are
busy at night <a
+ privacy, iPhone apps contain trackers that are busy at night <a
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
sending users' personal information to third parties</a>.</p>
<p>The article mentions specific examples: Microsoft OneDrive,
Intuitâs Mint, Nike, Spotify, The Washington Post, The Weather
- Channel (owned by IBM), the crime-alert service Citizen,
Yelp</em></ins></span>
- and <span class="removed"><del><strong>they</strong></del></span> <span
class="inserted"><ins><em>DoorDash. But it is likely that most nonfree apps
contain
- trackers. Some of these</em></ins></span> send <span
class="removed"><del><strong>so much</strong></del></span> <span
class="inserted"><ins><em>personally identifying</em></ins></span> data <span
class="removed"><del><strong>that their transmission is a
- substantial expense for users. Said transmission, not
wanted</strong></del></span> <span class="inserted"><ins><em>such as phone
- fingerprint, exact location, email address, phone number</em></ins></span>
or
- <span class="removed"><del><strong>requested by</strong></del></span>
<span class="inserted"><ins><em>even
- delivery address (in</em></ins></span> the <span
class="removed"><del><strong>user, clearly must constitute
spying</strong></del></span> <span
class="inserted"><ins><em>case</em></ins></span> of <span
class="removed"><del><strong>some
- kind.</p></li>
-
- <li><p>A Motorola phone
- <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
- listens for voice all</strong></del></span> <span
class="inserted"><ins><em>DoorDash). Once this information
- is collected by</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p></strong></del></span>
<span class="inserted"><ins><em>company, there is no telling what it will be
- used for.</p></em></ins></span>
+ Channel (owned by IBM), the crime-alert service Citizen, Yelp
+ and DoorDash. But it is likely that most nonfree apps contain
+ trackers. Some of these send personally identifying data such as phone
+ fingerprint, exact location, email address, phone number or even
+ delivery address (in the case of DoorDash). Once this information
+ is collected by the company, there is no telling what it will be
+ used for.</p>
</li>
- <span class="removed"><del><strong><li><p>Spyware in Android
phones (and Windows? laptops): The Wall
- Street Journal (in an article blocked from us by a paywall)
- reports that</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201711250">
+ <li id="M201711250">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The DMCA and the EU Copyright Directive make it</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"></strong></del></span>
- <span
class="inserted"><ins><em>href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
+ <p>The DMCA and the EU Copyright Directive make it <a
+ href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
illegal to study how iOS cr…apps spy on users</a>, because
- this would require circumventing</em></ins></span> the <span
class="removed"><del><strong>FBI can remotely activate</strong></del></span>
<span class="inserted"><ins><em>iOS DRM.</p>
+ this would require circumventing the iOS DRM.</p>
</li>
<li id="M201709210">
<!--#set var="DATE" value='<small
class="date-tag">2017-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>In</em></ins></span> the <span class="removed"><del><strong>GPS
and microphone in Android
- phones</strong></del></span> <span class="inserted"><ins><em>latest
iThings system,
- “turning off” WiFi</em></ins></span> and <span
class="removed"><del><strong>laptops</a>.
- (I suspect this means Windows laptops.) Here is</strong></del></span>
<span class="inserted"><ins><em>Bluetooth the obvious way</em></ins></span>
<a <span
class="removed"><del><strong>href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
+ <p>In the latest iThings system,
+ “turning off” WiFi and Bluetooth the obvious way <a
+
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
doesn't really turn them off</a>. A more advanced way really does
turn
them off—only until 5am. That's Apple for you—“We
- know you want to be spied on”.</p></em></ins></span>
+ know you want to be spied on”.</p>
</li>
- <span class="removed"><del><strong><li><p>Portable phones with
GPS will send their GPS location on
- remote command and users cannot stop them:</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201702150">
+ <li id="M201702150">
<!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Apple proposes</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
-
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
- (The US says it will eventually require all new portable
phones</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
- fingerprint-scanning touch screen</a>—which would mean no
way</em></ins></span>
- to <span class="inserted"><ins><em>use it without having your fingerprints
taken. Users would</em></ins></span> have <span
class="removed"><del><strong>GPS.)</p>
- </li>
-
- <li><p>The nonfree Snapchat app's principal purpose
is</strong></del></span>
- <span class="inserted"><ins><em>no way</em></ins></span> to <span
class="removed"><del><strong>restrict</strong></del></span> <span
class="inserted"><ins><em>tell whether</em></ins></span> the <span
class="removed"><del><strong>use of data</strong></del></span> <span
class="inserted"><ins><em>phone is snooping</em></ins></span> on <span
class="removed"><del><strong>the user's computer, but it does surveillance
- too:</strong></del></span> <span
class="inserted"><ins><em>them.</p>
+ <p>Apple proposes <a
+
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
+ fingerprint-scanning touch screen</a>—which would mean no way
+ to use it without having your fingerprints taken. Users would have
+ no way to tell whether the phone is snooping on them.</p>
</li>
<li id="M201611170">
<!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iPhones</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
- it tries</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
- lots of personal data</em></ins></span> to <span
class="inserted"><ins><em>Apple's servers</a>. Big Brother
can</em></ins></span> get <span class="removed"><del><strong>the user's list of
other people's phone
- numbers.</a></p></strong></del></span>
- <span class="inserted"><ins><em>them from
there.</p></em></ins></span>
+ <p>iPhones <a
+
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
+ lots of personal data to Apple's servers</a>. Big Brother can get
+ them from there.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-<div class="big-subsection">
- <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
-</div>
-
-<ul>
-
- <li><p>The Uber</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201609280">
+ <li id="M201609280">
<!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The iMessage</em></ins></span> app <span
class="removed"><del><strong>tracks</strong></del></span> <span
class="inserted"><ins><em>on iThings</em></ins></span> <a <span
class="removed"><del><strong>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
- movements before and after</strong></del></span>
- <span
class="inserted"><ins><em>href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
- a server every phone number that</em></ins></span> the <span
class="removed"><del><strong>ride</a>.</p>
-
- <p>This example illustrates how
“getting</strong></del></span> <span class="inserted"><ins><em>user types
into it</a>;</em></ins></span> the <span
class="removed"><del><strong>user's consent”</strong></del></span>
- <span class="inserted"><ins><em>server records these
numbers</em></ins></span> for <span class="removed"><del><strong>surveillance
is inadequate as a protection against massive
- surveillance.</p></strong></del></span> <span
class="inserted"><ins><em>at least 30 days.</p></em></ins></span>
+ <p>The iMessage app on iThings <a
+
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that the user types into it</a>; the
+ server records these numbers for at least 30 days.</p>
</li>
- <span class="removed"><del><strong><li><p>Google's new voice
messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201509240">
+ <li id="M201509240">
<!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>iThings automatically upload to Apple's servers</em></ins></span>
all <span class="removed"><del><strong>conversations</a>.</p>
- </li>
+ <p>iThings automatically upload to Apple's servers all the photos
+ and videos they make.</p>
- <li><p>Apps that include
- <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
- Symphony surveillance software snoop on what radio and TV programs
- are playing nearby</a>. Also on what users post on various sites
- such as Facebook, Google+</strong></del></span> <span
class="inserted"><ins><em>the photos</em></ins></span>
- and <span class="removed"><del><strong>Twitter.</p>
- </li>
-
- <li><p>Facebook's new Magic</strong></del></span> <span
class="inserted"><ins><em>videos they make.</p>
-
- <blockquote><p> iCloud</em></ins></span> Photo <span
class="removed"><del><strong>app
- <a
-href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
-scans your mobile phone's</strong></del></span> <span
class="inserted"><ins><em>Library stores every</em></ins></span> photo <span
class="removed"><del><strong>collections for known
faces</a>,</strong></del></span> and <span
class="removed"><del><strong>suggests</strong></del></span> <span
class="inserted"><ins><em>video</em></ins></span> you
- <span class="inserted"><ins><em>take, and keeps them up</em></ins></span>
to <span class="removed"><del><strong>share the picture</strong></del></span>
<span class="inserted"><ins><em>date on all your devices. Any
edits</em></ins></span> you <span class="removed"><del><strong>take according
to who
- is in the frame.</p>
-
- <p>This spyware feature seems to require online access to some
- known-faces database, which means the pictures</strong></del></span>
- <span class="inserted"><ins><em>make</em></ins></span> are <span
class="removed"><del><strong>likely to be
- sent across</strong></del></span> <span
class="inserted"><ins><em>automatically updated everywhere. […]
</p></blockquote>
+ <blockquote><p> iCloud Photo Library stores every photo and
video you
+ take, and keeps them up to date on all your devices. Any edits you
+ make are automatically updated everywhere. […]
</p></blockquote>
<p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
information</a> as accessed on 24 Sep 2015.) The iCloud feature is
- <a href="https://support.apple.com/en-us/HT202033">activated
by</em></ins></span> the <span class="removed"><del><strong>wire to Facebook's
servers and face-recognition
- algorithms.</p>
-
- <p>If so, none</strong></del></span>
- <span class="inserted"><ins><em>startup</em></ins></span> of <span
class="removed"><del><strong>Facebook users' pictures are private
- anymore, even if the user didn't “upload” them to the
service.</p>
- </li>
-
- <li><p>Like most “music screaming” disservices,
Spotify</strong></del></span> <span class="inserted"><ins><em>iOS</a>.
The term “cloud” means “please
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means “please
don't ask where.”</p>
- <p>There</em></ins></span> is <span
class="removed"><del><strong>based on proprietary malware (DRM and snooping).
In August
- 2015 it <a
-href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
- demanded users submit to increased snooping</a>, and some
- are starting</strong></del></span> <span class="inserted"><ins><em>a
way</em></ins></span> to <span class="removed"><del><strong>realize that it is
nasty.</p>
-
- <p>This article shows the</strong></del></span>
- <a
-<span
class="removed"><del><strong>href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
- twisted ways that they present snooping</strong></del></span> <span
class="inserted"><ins><em>href="https://support.apple.com/en-us/HT201104">
deactivate
- iCloud</a>, but it's active by default so it still
counts</em></ins></span> as a <span
class="removed"><del><strong>way</strong></del></span>
- <span class="inserted"><ins><em>surveillance functionality.</p>
+ <p>There is a way to
+ <a href="https://support.apple.com/en-us/HT201104"> deactivate
+ iCloud</a>, but it's active by default so it still counts as a
+ surveillance functionality.</p>
- <p>Unknown people apparently took advantage of
this</em></ins></span> to <span
class="removed"><del><strong>“serve” users
better</a>—never mind
- whether they want that. This is a typical example</strong></del></span>
<span class="inserted"><ins><em><a
+ <p>Unknown people apparently took advantage of this to <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
- nude photos</em></ins></span> of
- <span class="removed"><del><strong>the attitude</strong></del></span>
<span class="inserted"><ins><em>many celebrities</a>. They needed to
break Apple's
- security to get at them, but NSA can access any</em></ins></span> of <span
class="removed"><del><strong>the proprietary software industry towards
- those they have subjugated.</p>
-
- <p>Out, out, damned Spotify!</p></strong></del></span> <span
class="inserted"><ins><em>them through <a
-
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p></em></ins></span>
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security to get at them, but NSA can access any of them through <a
+
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Many proprietary
apps</strong></del></span>
- <span class="inserted"><ins><em><li id="M201409220">
+ <li id="M201409220">
<!--#set var="DATE" value='<small
class="date-tag">2014-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
- remotely extract some data from iPhones</em></ins></span> for <span
class="removed"><del><strong>mobile devices report which other
- apps</strong></del></span> the <span class="removed"><del><strong>user has
- installed.</strong></del></span> <span
class="inserted"><ins><em>state</a>.</p>
-
- <p>This may have improved with</em></ins></span> <a <span
class="removed"><del><strong>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
- is doing this in a way that at least is visible and
- optional</a>. Not</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
+ remotely extract some data from iPhones for the state</a>.</p>
+
+ <p>This may have improved with <a
+
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
- not</em></ins></span> as <span
class="removed"><del><strong>bad</strong></del></span> <span
class="inserted"><ins><em>much</em></ins></span> as <span
class="removed"><del><strong>what the others
do.</p></strong></del></span> <span class="inserted"><ins><em>Apple
claims</a>.</p></em></ins></span>
+ not as much as Apple claims</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>FTC says most mobile
apps</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201407230">
+ <li id="M201407230">
<!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
- Several “features” of iOS seem to exist</em></ins></span>
- for <span class="removed"><del><strong>children don't respect
privacy:</strong></del></span> <span class="inserted"><ins><em>no possible
purpose other than surveillance</a>. Here is the</em></ins></span> <a
<span
class="removed"><del><strong>href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
-
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
- <span
class="inserted"><ins><em>href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
- Technical presentation</a>.</p></em></ins></span>
+ Several “features” of iOS seem to exist
+ for no possible purpose other than surveillance</a>. Here is the
<a
+
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p>
</li>
- <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201401100">
+ <li id="M201401100">
<!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The</em></ins></span> <a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
- QR-code scanner apps</strong></del></span> <span
class="inserted"><ins><em>class="not-a-duplicate"
+ <p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
iBeacon</a> lets stores determine exactly where the iThing is, and
get other info too.</p>
@@ -1136,8 +960,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
- Either Apple helps the NSA</em></ins></span> snoop on <span
class="inserted"><ins><em>all</em></ins></span> the <span
class="removed"><del><strong>user</a>. This is</strong></del></span>
<span class="inserted"><ins><em>data</em></ins></span> in <span
class="removed"><del><strong>addition to
- the snooping done by the phone company, and
perhaps</strong></del></span> <span class="inserted"><ins><em>an iThing, or it
+ Either Apple helps the NSA snoop on all the data in an iThing, or it
is totally incompetent</a>.</p>
</li>
@@ -1146,28 +969,16 @@
--><!--#echo encoding="none" var="DATE" -->
<p>The iThing also <a
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
- tells Apple its geolocation</a></em></ins></span> by <span
class="removed"><del><strong>the OS in the
- phone.</p>
-
- <p>Don't</strong></del></span> <span
class="inserted"><ins><em>default, though that can</em></ins></span> be <span
class="removed"><del><strong>distracted by the question of whether the app
developers get
- users to say “I agree”. That</strong></del></span>
- <span class="inserted"><ins><em>turned off.</p>
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
</li>
<li id="M201210170">
<!--#set var="DATE" value='<small
class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>There</em></ins></span> is <span class="removed"><del><strong>no
excuse</strong></del></span> <span class="inserted"><ins><em>also a
feature</em></ins></span> for <span
class="removed"><del><strong>malware.</p>
- </li>
-
- <li><p>The Brightest Flashlight app</strong></del></span> <span
class="inserted"><ins><em>web sites to track users, which is</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
- sends user data, including geolocation, for use</strong></del></span>
- <span
class="inserted"><ins><em>href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
- enabled</em></ins></span> by <span
class="removed"><del><strong>companies.</a></p>
-
- <p>The FTC criticized this app because it asked the user to
- approve sending personal data to the app developer but did not
- ask</strong></del></span> <span
class="inserted"><ins><em>default</a>. (That article
talks</em></ins></span> about <span
class="removed"><del><strong>sending</strong></del></span> <span
class="inserted"><ins><em>iOS 6, but</em></ins></span> it <span
class="inserted"><ins><em>is
+ <p>There is also a feature for web sites to track users, which is
<a
+
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6, but it is
still true in iOS 7.)</p>
</li>
@@ -1175,84 +986,40 @@
<!--#set var="DATE" value='<small
class="date-tag">2012-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Users cannot make an Apple ID (<a
-
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary</em></ins></span>
- to <span class="removed"><del><strong>other companies. This shows the
- weakness of the reject-it-if-you-dislike-snooping
- “solution” to surveillance: why should</strong></del></span>
<span class="inserted"><ins><em>install even gratis apps</a>) without
giving</em></ins></span> a <span class="removed"><del><strong>flashlight
- app send any information</strong></del></span> <span
class="inserted"><ins><em>valid
- email address and receiving the verification code Apple
sends</em></ins></span>
- to <span class="removed"><del><strong>anyone? A free software flashlight
- app would not.</p></strong></del></span> <span
class="inserted"><ins><em>it.</p></em></ins></span>
+
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
+ to install even gratis apps</a>) without giving a valid
+ email address and receiving the verification code Apple sends
+ to it.</p>
</li>
</ul>
<div class="big-subsection">
- <h4 <span class="removed"><del><strong>id="SpywareInGames">Spyware in
Games</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInAndroid">Android
Telephones</h4></em></ins></span>
- <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInGames">#SpywareInGames</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInAndroid">#SpywareInAndroid</a>)</span></em></ins></span>
+ <h4 id="SpywareInAndroid">Android Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
</div>
-<span class="removed"><del><strong><ul>
- <li><p>nVidia's proprietary GeForce
Experience</strong></del></span>
-
-<span class="inserted"><ins><em><ul class="blurbs">
+<ul class="blurbs">
<li id="M202012070">
<!--#set var="DATE" value='<small
class="date-tag">2020-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Baidu apps were</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
- users identify themselves and then sends</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
- caught collecting sensitive</em></ins></span> personal <span
class="removed"><del><strong>data about them to
- nVidia servers</a>.</p>
- </li>
-
- <li><p>Angry Birds
- <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
- spies for companies, and the NSA takes advantage to spy through it
too</a>.
- Here's information on
- <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
- more spyware apps</a>.</p>
- <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
- More about NSA app spying</a>.</p>
- </li>
-</ul>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInToys">Spyware in Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
-</div>
-
-<ul>
-
- <li><p>A company</strong></del></span> <span
class="inserted"><ins><em>data</a></em></ins></span> that <span
class="removed"><del><strong>makes internet-controlled vibrators <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
- being sued</strong></del></span> <span class="inserted"><ins><em>can be
used</em></ins></span> for <span class="removed"><del><strong>collecting
lots</strong></del></span>
- <span class="inserted"><ins><em>lifetime tracking</em></ins></span> of
<span class="removed"><del><strong>personal information about
how</strong></del></span> <span class="inserted"><ins><em>users, and putting
them in danger. More than 1.4
- billion</em></ins></span> people <span class="removed"><del><strong>use
it</a>.</p>
-
- <p>The company's statement that it anonymizes the
data</strong></del></span> <span class="inserted"><ins><em>worldwide are
affected by these proprietary apps, and
+ <p>Baidu apps were <a
+
href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
+ caught collecting sensitive personal data</a> that can be used for
+ lifetime tracking of users, and putting them in danger. More than 1.4
+ billion people worldwide are affected by these proprietary apps, and
users' privacy is jeopardized by this surveillance tool. Data collected
- by Baidu</em></ins></span> may be
- <span class="removed"><del><strong>true, but it doesn't really matter.
If it sells the data</strong></del></span> <span
class="inserted"><ins><em>handed over</em></ins></span> to <span
class="removed"><del><strong>a
- data broker, the data broker can figure out who</strong></del></span>
the <span class="removed"><del><strong>user is.</p></strong></del></span>
<span class="inserted"><ins><em>Chinese government, possibly
- putting Chinese people in danger.</p></em></ins></span>
+ by Baidu may be handed over to the Chinese government, possibly
+ putting Chinese people in danger.</p>
</li>
- <span class="removed"><del><strong><li><p>A computerized
- vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">snoops
- on</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M202010120">
+ <li id="M202010120">
<!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Samsung is forcing</em></ins></span> its <span
class="inserted"><ins><em>smartphone</em></ins></span> users <span
class="removed"><del><strong>through the proprietary control
app</a>.</p>
-
- <p>The app reports the temperature of the vibrator minute by
- minute (thus, indirectly, whether it is surrounded
by</strong></del></span> <span class="inserted"><ins><em>in Hong Kong (and
Macau) <a
+ <p>Samsung is forcing its smartphone users in Hong Kong (and Macau)
<a
href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
- use</em></ins></span> a <span class="removed"><del><strong>person's
- body),</strong></del></span> <span class="inserted"><ins><em>public DNS
in Mainland China</a>, using software update released
- in September 2020, which causes many unease</em></ins></span> and <span
class="inserted"><ins><em>privacy concerns.</p>
+ use a public DNS in Mainland China</a>, using software update
released
+ in September 2020, which causes many unease and privacy concerns.</p>
</li>
<li id="M202004300">
@@ -1260,44 +1027,23 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Xiaomi phones <a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
- many actions</em></ins></span> the <span
class="removed"><del><strong>vibration frequency.</p>
-
- <p>Note the totally inadequate proposed
response:</strong></del></span> <span class="inserted"><ins><em>user
takes</a>: starting an app, looking at</em></ins></span> a <span
class="removed"><del><strong>labeling
- standard with which manufacturers would</strong></del></span> <span
class="inserted"><ins><em>folder,
+ many actions the user takes</a>: starting an app, looking at a
folder,
visiting a website, listening to a song. They send device identifying
information too.</p>
<p>Other nonfree programs snoop too. For instance, Spotify and
- other streaming dis-services</em></ins></span> make <span
class="removed"><del><strong>statements</strong></del></span> <span
class="inserted"><ins><em>a dossier</em></ins></span> about
- <span class="removed"><del><strong>their products, rather than free
software which users can check</strong></del></span> <span
class="inserted"><ins><em>each user,</em></ins></span> and <span
class="removed"><del><strong>change.</p>
- </li>
- <li><p>Barbie</strong></del></span> <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span>
- <span
class="inserted"><ins><em>href="/malware/proprietary-surveillance.html#M201508210">
they make
- users identify themselves</em></ins></span> to <span
class="removed"><del><strong>spy on children and
adults.</a>.</p></strong></del></span> <span
class="inserted"><ins><em>pay</a>. Out, out, damned Spotify!</p>
+ other streaming dis-services make a dossier about each user, and <a
+ href="/malware/proprietary-surveillance.html#M201508210"> they make
+ users identify themselves to pay</a>. Out, out, damned
Spotify!</p>
<p>Forbes exonerates the same wrongs when the culprits are not
Chinese,
- but we condemn this no matter who does it.</p></em></ins></span>
+ but we condemn this no matter who does it.</p>
</li>
-<span class="removed"><del><strong></ul>
-
-<!-- #SpywareAtLowLevel</strong></del></span>
-
- <span class="inserted"><ins><em><li id="M201812060">
+ <li id="M201812060">
<!--#set var="DATE" value='<small
class="date-tag">2018-12</small>'
- --><!--#echo encoding="none" var="DATE"</em></ins></span> -->
-<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
- <span class="inserted"><ins><em><p>Facebook's app got
“consent”</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each subsection -->
-
-<div class="big-section">
- <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
- <span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
-</div>
-<div style="clear: left;"></div>
-
-
-<div class="big-subsection">
- <h4 id="SpywareInBIOS">Spyware</strong></del></span> <span
class="inserted"><ins><em><a
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook's app got “consent” to <a
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
upload call logs automatically from Android phones</a> while
disguising
what the “consent” was for.</p>
@@ -1306,17 +1052,11 @@
<li id="M201811230">
<!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>An Android phone was observed to track location even
while</em></ins></span>
- in <span class="removed"><del><strong>BIOS</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
-</div>
-
-<ul>
-<li><p></strong></del></span> <span
class="inserted"><ins><em>airplane mode. It didn't send the location data while
in
- airplane mode. Instead,</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
-Lenovo stealthily installed crapware</strong></del></span>
- <span
class="inserted"><ins><em>href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
- it saved up the data,</em></ins></span> and <span
class="inserted"><ins><em>sent them all later</a>.</p>
+ <p>An Android phone was observed to track location even while
+ in airplane mode. It didn't send the location data while in
+ airplane mode. Instead, <a
+
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
+ it saved up the data, and sent them all later</a>.</p>
</li>
<li id="M201711210">
@@ -1333,7 +1073,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
- sold with</em></ins></span> spyware <span class="removed"><del><strong>via
BIOS</a></strong></del></span> <span class="inserted"><ins><em>sending
lots of data to China</a>.</p>
+ sold with spyware sending lots of data to China</a>.</p>
</li>
<li id="M201609140">
@@ -1365,7 +1105,7 @@
<!--#set var="DATE" value='<small
class="date-tag">2014-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="/proprietary/proprietary-back-doors.html#samsung">
- Samsung's back door</a> provides access to any
file</em></ins></span> on <span class="inserted"><ins><em>the system.</p>
+ Samsung's back door</a> provides access to any file on the
system.</p>
</li>
<li id="M201308010">
@@ -1375,8 +1115,7 @@
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
- and laptops</a> (presumably</em></ins></span> Windows <span
class="removed"><del><strong>installs.
-Note</strong></del></span> <span class="inserted"><ins><em>laptops). Here is
<a
+ and laptops</a> (presumably Windows laptops). Here is <a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
</li>
@@ -1385,7 +1124,7 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware is present in some Android devices when they are
sold. Some Motorola phones, made when this company was owned
- by Google, use a modified version of Android</em></ins></span> that <span
class="inserted"><ins><em><a
+ by Google, use a modified version of Android that <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
sends personal data to Motorola</a>.</p>
</li>
@@ -2510,7 +2249,7 @@
Mozilla's “Minimum Security Standards.” Insecure
design of the program running on some of these devices <a
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
- the user susceptible to be snooped and exploited by crackers as
+ the</em></ins></span> user <span class="removed"><del><strong>types into
it</a>;</strong></del></span> <span class="inserted"><ins><em>susceptible
to be snooped and exploited by crackers as
well</a>.</p>
</li>
@@ -2561,18 +2300,22 @@
lower retail prices.</p>
<p>What is supposed to make this spying acceptable, according to him,
- is that it is opt-in in newer models. But since the Vizio software is
+ is that it is opt-in in newer models. But since</em></ins></span> the
<span class="removed"><del><strong>server records these
numbers</strong></del></span> <span class="inserted"><ins><em>Vizio software is
nonfree, we don't know what is actually happening behind the scenes,
and there is no guarantee that all future updates will leave the
settings unchanged.</p>
- <p>If you already own a Vizio “smart” TV (or any
“smart” TV, for that
- matter), the easiest way to make sure it isn't spying on you is
+ <p>If you already own a Vizio “smart” TV (or any
“smart” TV,</em></ins></span> for <span
class="removed"><del><strong>at least 30
+ days.</p>
+ </li>
+
+ <li><p>Users cannot</strong></del></span> <span
class="inserted"><ins><em>that
+ matter), the easiest way to</em></ins></span> make <span
class="inserted"><ins><em>sure it isn't spying on you is
to disconnect it from the Internet, and use a terrestrial antenna
instead. Unfortunately, this is not always possible. Another option,
if you are technically oriented, is to get your own router (which can
- be an old computer running completely free software), and set up a
- firewall to block connections to Vizio's servers. Or, as a last resort,
+ be</em></ins></span> an <span class="removed"><del><strong>Apple ID <a
href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary</strong></del></span>
<span class="inserted"><ins><em>old computer running completely free
software), and set up a
+ firewall to block connections</em></ins></span> to <span
class="inserted"><ins><em>Vizio's servers. Or, as a last resort,
you can replace your TV with another model.</p>
</li>
@@ -2581,35 +2324,47 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Some “Smart” TVs automatically <a
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
- load downgrades that install a surveillance app</a>.</p>
+ load downgrades that</em></ins></span> install <span
class="removed"><del><strong>even gratis apps)</a>
+ without giving</strong></del></span> a <span
class="removed"><del><strong>valid email address and
receiving</strong></del></span> <span class="inserted"><ins><em>surveillance
app</a>.</p>
- <p>We link to the article for the facts it presents. It
+ <p>We link to</em></ins></span> the <span
class="removed"><del><strong>code Apple
+ sends</strong></del></span> <span class="inserted"><ins><em>article for
the facts it presents. It
is too bad that the article finishes by advocating the
- moral weakness of surrendering to Netflix. The Netflix app <a
+ moral weakness of surrendering</em></ins></span> to <span
class="removed"><del><strong>it.</p></strong></del></span> <span
class="inserted"><ins><em>Netflix. The Netflix app <a
href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
- malware too</a>.</p>
+ malware too</a>.</p></em></ins></span>
</li>
- <li id="M201702060">
+ <span class="removed"><del><strong><li><p>Around 47% of the most
popular iOS apps</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201702060">
<!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Vizio “smart” <a
-
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
- report everything that is viewed on them, and not just broadcasts and
+ <p>Vizio “smart”</em></ins></span> <a <span
class="removed"><del><strong>href="http://jots.pub/a/2015103001/index.php">share
personal,
+ behavioral</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them,</em></ins></span> and <span
class="removed"><del><strong>location
information</a></strong></del></span> <span class="inserted"><ins><em>not
just broadcasts and
cable</a>. Even if the image is coming from the user's own computer,
- the TV reports what it is. The existence of a way to disable the
- surveillance, even if it were not hidden as it was in these TVs,
+ the TV reports what it is. The existence</em></ins></span> of <span
class="removed"><del><strong>their users with third parties.</p>
+ </li>
+
+ <li><p>iThings automatically upload</strong></del></span> <span
class="inserted"><ins><em>a way</em></ins></span> to <span
class="removed"><del><strong>Apple's servers all</strong></del></span> <span
class="inserted"><ins><em>disable</em></ins></span> the <span
class="removed"><del><strong>photos</strong></del></span>
+ <span class="inserted"><ins><em>surveillance, even if it were not hidden
as it was in these TVs,
does not legitimize the surveillance.</p>
</li>
<li id="M201511130">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some web and TV advertisements play inaudible
+ <p>Some web</em></ins></span> and
+ <span class="removed"><del><strong>videos</strong></del></span> <span
class="inserted"><ins><em>TV advertisements play inaudible
sounds to be picked up by proprietary malware running
- on other devices in range so as to determine that they
- are nearby. Once your Internet devices are paired with
- your TV, advertisers can correlate ads with Web activity, and other <a
+ on other devices in range so as to determine that</em></ins></span> they
<span class="removed"><del><strong>make.</p>
+
+ <blockquote><p>
+ iCloud Photo Library stores every photo</strong></del></span>
+ <span class="inserted"><ins><em>are nearby. Once your Internet devices
are paired with
+ your TV, advertisers can correlate ads with Web
activity,</em></ins></span> and <span class="removed"><del><strong>video you
take,</strong></del></span> <span class="inserted"><ins><em>other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
cross-device tracking</a>.</p>
</li>
@@ -2620,25 +2375,36 @@
<p>Vizio goes a step further than other TV
manufacturers in spying on their users: their <a
href="https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
- “smart” TVs analyze your viewing habits in detail and
- link them your IP address</a> so that advertisers can track you
- across devices.</p>
+ “smart” TVs analyze your viewing habits in
detail</em></ins></span> and <span
class="removed"><del><strong>keeps</strong></del></span>
+ <span class="inserted"><ins><em>link</em></ins></span> them <span
class="removed"><del><strong>up to date on all</strong></del></span> your <span
class="removed"><del><strong>devices.
+ Any edits</strong></del></span> <span class="inserted"><ins><em>IP
address</a> so that advertisers can track</em></ins></span> you <span
class="removed"><del><strong>make are automatically updated everywhere. [...]
+ </p></blockquote>
+
+ <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a> as accessed on 24 Sep 2015.) The iCloud
feature</strong></del></span>
+ <span class="inserted"><ins><em>across devices.</p>
+
+ <p>It</em></ins></span> is
+ <span class="removed"><del><strong><a
href="https://support.apple.com/en-us/HT202033">activated</strong></del></span>
<span class="inserted"><ins><em>possible to turn this off, but having it
enabled</em></ins></span> by <span class="removed"><del><strong>the
+ startup of iOS</a>. The term “cloud” means
+ “please don't ask where.”</p>
- <p>It is possible to turn this off, but having it enabled by default
- is an injustice already.</p>
+ <p>There</strong></del></span> <span
class="inserted"><ins><em>default</em></ins></span>
+ is <span class="removed"><del><strong>a way</strong></del></span> <span
class="inserted"><ins><em>an injustice already.</p>
</li>
<li id="M201511020">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Tivo's alliance with Viacom adds 2.3 million households
- to the 600 millions social media profiles the company
+ <p>Tivo's alliance with Viacom adds 2.3 million
households</em></ins></span>
+ to <span class="inserted"><ins><em>the 600 millions social media profiles
the company
already monitors. Tivo customers are unaware they're
being watched by advertisers. By combining TV viewing
- information with online social media participation, Tivo can now <a
- href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+ information with online social media participation, Tivo can
now</em></ins></span> <a <span
class="removed"><del><strong>href="https://support.apple.com/en-us/HT201104">
+ deactivate iCloud</a>, but it's active</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
correlate TV advertisement with online purchases</a>, exposing all
- users to new combined surveillance by default.</p>
+ users to new combined surveillance</em></ins></span> by <span
class="removed"><del><strong>default so</strong></del></span> <span
class="inserted"><ins><em>default.</p>
</li>
<li id="M201507240">
@@ -2646,7 +2412,10 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” TVs recognize and <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
- what people are watching</a>, even if it isn't a TV
channel.</p>
+ what people are watching</a>, even if</em></ins></span> it <span
class="removed"><del><strong>still counts as</strong></del></span> <span
class="inserted"><ins><em>isn't</em></ins></span> a
+ <span class="removed"><del><strong>surveillance functionality.</p>
+
+ <p>Unknown</strong></del></span> <span class="inserted"><ins><em>TV
channel.</p>
</li>
<li id="M201505290">
@@ -2654,42 +2423,65 @@
--><!--#echo encoding="none" var="DATE" -->
<p>Verizon cable TV <a
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
- snoops on what programs people watch, and even what they wanted to
- record</a>.</p>
+ snoops on what programs</em></ins></span> people <span
class="removed"><del><strong>apparently took advantage of
this</strong></del></span> <span class="inserted"><ins><em>watch, and even what
they wanted</em></ins></span> to
+ <span class="inserted"><ins><em>record</a>.</p>
</li>
<li id="M201504300">
<!--#set var="DATE" value='<small
class="date-tag">2015-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Vizio <a
-
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
- used a firmware “upgrade” to make its TVs snoop on what
+ <p>Vizio</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+ used a firmware “upgrade”</em></ins></span> to <span
class="removed"><del><strong>get at them, but NSA can access any of them through
+ <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
+ </p></li>
+
+ <li><p>Spyware in iThings:
+ the</strong></del></span> <span class="inserted"><ins><em>make its TVs
snoop on what
users watch</a>. The TVs did not do that when first sold.</p>
</li>
<li id="M201502090">
<!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Samsung “Smart” TV <a
-
href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
- transmits users' voice on the internet to another company,
Nuance</a>.
- Nuance can save it and would then have to give it to the US or some
- other government.</p>
+ <p>The Samsung “Smart” TV</em></ins></span> <a <span
class="removed"><del><strong>href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly
where</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
+ transmits users' voice on</em></ins></span> the <span
class="removed"><del><strong>iThing is,</strong></del></span> <span
class="inserted"><ins><em>internet to another company, Nuance</a>.
+ Nuance can save it</em></ins></span> and <span
class="removed"><del><strong>get</strong></del></span> <span
class="inserted"><ins><em>would then have to give it to the US or
some</em></ins></span>
+ other <span class="removed"><del><strong>info too.</p>
+ </li>
+
+ <li><p>There</strong></del></span> <span
class="inserted"><ins><em>government.</p>
+
+ <p>Speech recognition</em></ins></span> is <span
class="removed"><del><strong>also a feature for web sites</strong></del></span>
<span class="inserted"><ins><em>not</em></ins></span> to <span
class="removed"><del><strong>track users, which is
+ <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6,
but</strong></del></span> <span class="inserted"><ins><em>be trusted
unless</em></ins></span> it is <span class="removed"><del><strong>still
true</strong></del></span> <span class="inserted"><ins><em>done by free
+ software</em></ins></span> in <span class="removed"><del><strong>iOS
7.)</p>
+ </li>
- <p>Speech recognition is not to be trusted unless it is done by free
- software in your own computer.</p>
+ <li><p>The iThing also
+ <a
+href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple</strong></del></span> <span class="inserted"><ins><em>your
own computer.</p>
- <p>In its privacy policy, Samsung explicitly confirms that <a
+ <p>In</em></ins></span> its <span
class="removed"><del><strong>geolocation</a> by default,
though</strong></del></span> <span class="inserted"><ins><em>privacy policy,
Samsung explicitly confirms</em></ins></span> that <span
class="removed"><del><strong>can</strong></del></span> <span
class="inserted"><ins><em><a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
- data containing sensitive information will be transmitted to third
- parties</a>.</p>
+ data containing sensitive information will</em></ins></span> be
+ <span class="removed"><del><strong>turned
off.</p></strong></del></span> <span
class="inserted"><ins><em>transmitted to third
+ parties</a>.</p></em></ins></span>
</li>
- <li id="M201411090">
+ <span class="removed"><del><strong><li><p>Apple can, and
regularly does,</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201411090">
<!--#set var="DATE" value='<small
class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Amazon “Smart” TV is <a
-
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ <p>The Amazon “Smart” TV is</em></ins></span> <a
<span
class="removed"><del><strong>href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
@@ -2704,34 +2496,42 @@
better.</p>
<p>This shows that laws requiring products to get users' formal
- consent before collecting personal data are totally inadequate.
- And what happens if a user declines consent? Probably the TV will
+ consent before collecting personal</em></ins></span> data <span
class="removed"><del><strong>from iPhones for</strong></del></span> <span
class="inserted"><ins><em>are totally inadequate.
+ And what happens if a user declines consent? Probably</em></ins></span>
the <span
class="removed"><del><strong>state</a>.</p></strong></del></span>
<span class="inserted"><ins><em>TV will
say, “Without your consent to tracking, the TV will not
work.”</p>
<p>Proper laws would say that TVs are not allowed to report what the
- user watches—no exceptions!</p>
+ user watches—no exceptions!</p></em></ins></span>
</li>
- <li id="M201405200">
+ <span class="removed"><del><strong><li><p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201405200">
<!--#set var="DATE" value='<small
class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in LG “smart” TVs <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
- reports what the user watches, and the switch to turn this off has
+ reports what</em></ins></span> the <span class="removed"><del><strong>NSA
snoop</strong></del></span> <span class="inserted"><ins><em>user watches, and
the switch to turn this off has
no effect</a>. (The fact that the transmission reports a 404 error
really means nothing; the server could save that data anyway.)</p>
<p>Even worse, it <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
- snoops on other devices on the user's local network</a>.</p>
+ snoops on other devices</em></ins></span> on <span
class="removed"><del><strong>all</strong></del></span> the <span
class="removed"><del><strong>data in an iThing,
+ or</strong></del></span> <span class="inserted"><ins><em>user's local
network</a>.</p>
+
+ <p>LG later said</em></ins></span> it <span
class="removed"><del><strong>is totally incompetent.</a></p>
+ </li>
- <p>LG later said it had installed a patch to stop this, but any
+ <li><p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features”</strong></del></span> <span
class="inserted"><ins><em>had installed a patch to stop this, but any
product could spy this way.</p>
<p>Meanwhile, LG TVs <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
- do lots of spying anyway</a>.</p>
+ do lots</em></ins></span> of <span class="removed"><del><strong>iOS
seem</strong></del></span> <span class="inserted"><ins><em>spying
anyway</a>.</p>
</li>
<li id="M201212170">
@@ -2739,101 +2539,160 @@
--><!--#echo encoding="none" var="DATE" -->
<p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
- Crackers found a way to break security on a “smart”
TV</a>
- and use its camera to watch the people who are watching TV.</p>
+ Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>exist for no
+ possible purpose other than surveillance</a>. Here
is</strong></del></span> <span class="inserted"><ins><em>break security on a
“smart” TV</a>
+ and use its camera to watch</em></ins></span> the
+ <span class="removed"><del><strong><a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p></strong></del></span> <span
class="inserted"><ins><em>people who are watching
TV.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInCameras">Cameras</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
+ <h4 <span
class="removed"><del><strong>id="SpywareInTelephones">Spyware in
Telephones</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInCameras">Cameras</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInTelephones">#SpywareInTelephones</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInCameras">#SpywareInCameras</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+ <li><p>According to Edward Snowden,</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201901100">
<!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Amazon Ring “security” devices <a
-
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
- send the video they capture to Amazon servers</a>, which save it
+ <p>Amazon Ring “security” devices</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.bbc.com/news/uk-34444233">agencies
can take over smartphones</a>
+ by sending hidden text messages which enable them to
turn</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
+ send</em></ins></span> the <span class="removed"><del><strong>phones
+ on and off, listen</strong></del></span> <span
class="inserted"><ins><em>video they capture</em></ins></span> to <span
class="inserted"><ins><em>Amazon servers</a>, which save it
long-term.</p>
- <p>In many cases, the video shows everyone that comes near, or merely
- passes by, the user's front door.</p>
+ <p>In many cases,</em></ins></span> the <span
class="removed"><del><strong>microphone, retrieve geo-location data
from</strong></del></span> <span class="inserted"><ins><em>video shows everyone
that comes near, or merely
+ passes by,</em></ins></span> the
+ <span class="removed"><del><strong>GPS, take photographs, read text
messages, read call, location and web
+ browsing history, and read</strong></del></span> <span
class="inserted"><ins><em>user's front door.</p>
<p>The article focuses on how Ring used to let individual employees
look
- at the videos freely. It appears Amazon has tried to prevent that
- secondary abuse, but the primary abuse—that Amazon gets the
+ at</em></ins></span> the <span class="removed"><del><strong>contact list.
This malware is designed</strong></del></span> <span
class="inserted"><ins><em>videos freely. It appears Amazon has
tried</em></ins></span> to
+ <span class="removed"><del><strong>disguise itself from
investigation.</p>
+ </li>
+
+ <li><p>Samsung phones come with
+ <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>,
+ and they send so much data</strong></del></span> <span
class="inserted"><ins><em>prevent</em></ins></span> that <span
class="removed"><del><strong>their transmission is a
+ substantial expense for users. Said transmission, not wanted or
+ requested by</strong></del></span>
+ <span class="inserted"><ins><em>secondary abuse, but</em></ins></span> the
<span class="removed"><del><strong>user, clearly must constitute spying of some
+ kind.</p></li>
+
+ <li><p>A Motorola phone
+ <a
href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice</strong></del></span> <span
class="inserted"><ins><em>primary abuse—that Amazon gets the
video—Amazon expects society to surrender to.</p>
</li>
<li id="M201810300">
<!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Nearly all “home security cameras” <a
+ <p>Nearly</em></ins></span> all <span
class="inserted"><ins><em>“home security cameras” <a
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
- give the manufacturer an unencrypted copy of everything they
- see</a>. “Home insecurity camera” would be a better
+ give</em></ins></span> the <span
class="removed"><del><strong>time</a>.</p>
+ </li>
+
+ <li><p>Spyware in Android phones (and Windows? laptops): The Wall
+ Street Journal (in</strong></del></span> <span
class="inserted"><ins><em>manufacturer</em></ins></span> an <span
class="removed"><del><strong>article blocked from us by</strong></del></span>
<span class="inserted"><ins><em>unencrypted copy of everything they
+ see</a>. “Home insecurity camera” would
be</em></ins></span> a <span class="removed"><del><strong>paywall)
+ reports that
+ <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and
microphone</strong></del></span> <span class="inserted"><ins><em>better
name!</p>
<p>When Consumer Reports tested them, it suggested that these
- manufacturers promise not to look at what's in the videos. That's not
- security for your home. Security means making sure they don't get to
- see through your camera.</p>
+ manufacturers promise not to look at what's</em></ins></span> in <span
class="removed"><del><strong>Android
+ phones and laptops</a>.
+ (I suspect this</strong></del></span> <span
class="inserted"><ins><em>the videos. That's not
+ security for your home. Security</em></ins></span> means <span
class="removed"><del><strong>Windows laptops.) Here is
+ <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p></strong></del></span> <span
class="inserted"><ins><em>making sure they don't get to
+ see through your camera.</p></em></ins></span>
</li>
- <li id="M201603220">
+ <span class="removed"><del><strong><li><p>Portable phones with
GPS will send their GPS location on
+ remote command and users cannot stop them:</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201603220">
<!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Over 70 brands of network-connected surveillance cameras have
<a
-
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
- security bugs that allow anyone to watch through them</a>.</p>
+ <p>Over 70 brands of network-connected surveillance cameras
have</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require all new portable
phones</strong></del></span>
+ <span
class="inserted"><ins><em>href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone</em></ins></span> to <span
class="removed"><del><strong>have GPS.)</p></strong></del></span> <span
class="inserted"><ins><em>watch through
them</a>.</p></em></ins></span>
</li>
- <li id="M201511250">
+ <span class="removed"><del><strong><li><p>The nonfree Snapchat
app's principal purpose</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201511250">
<!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Nest Cam “smart” camera is <a
+ <p>The Nest Cam “smart” camera</em></ins></span> is
<span class="removed"><del><strong>to restrict
+ the use of data on</strong></del></span> <span
class="inserted"><ins><em><a
href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
- even when the “owner” switches it “off.”</p>
+ even when</em></ins></span> the <span class="removed"><del><strong>user's
computer, but</strong></del></span> <span
class="inserted"><ins><em>“owner” switches</em></ins></span> it
<span class="removed"><del><strong>does surveillance
+ too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"></strong></del></span>
<span class="inserted"><ins><em>“off.”</p>
- <p>A “smart” device means the manufacturer is using it
- to outsmart you.</p>
+ <p>A “smart” device means the manufacturer is
using</em></ins></span> it <span
class="removed"><del><strong>tries</strong></del></span>
+ to <span class="removed"><del><strong>get the user's list of other
people's phone
+ numbers.</a></p></strong></del></span> <span
class="inserted"><ins><em>outsmart you.</p></em></ins></span>
</li>
</ul>
<div class="big-subsection">
- <h4 id="SpywareInToys">Toys</h4>
- <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+ <h4 <span
class="removed"><del><strong>id="SpywareInMobileApps">Spyware in Mobile
Applications</h4></strong></del></span> <span
class="inserted"><ins><em>id="SpywareInToys">Toys</h4></em></ins></span>
+ <span class="anchor-reference-id">(<a <span
class="removed"><del><strong>href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span></strong></del></span>
<span
class="inserted"><ins><em>href="#SpywareInToys">#SpywareInToys</a>)</span></em></ins></span>
</div>
-<ul class="blurbs">
+<span class="removed"><del><strong><ul>
+
+ <li><p>The Uber app tracks</strong></del></span>
+
+<span class="inserted"><ins><em><ul class="blurbs">
<li id="M201711244">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The Furby Connect has a <a
-
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
- universal back door</a>. If the product as shipped doesn't act as a
- listening device, remote changes to the code could surely convert it
- into one.</p>
+ <p>The Furby Connect has a</em></ins></span> <a <span
class="removed"><del><strong>href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after the ride</a>.</p>
+
+ <p>This example illustrates how
“getting</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
+ universal back door</a>. If</em></ins></span> the <span
class="removed"><del><strong>user's consent”
+ for surveillance is inadequate</strong></del></span> <span
class="inserted"><ins><em>product as shipped doesn't act</em></ins></span> as a
<span class="removed"><del><strong>protection against massive
+ surveillance.</p></strong></del></span>
+ <span class="inserted"><ins><em>listening device, remote changes to the
code could surely convert it
+ into one.</p></em></ins></span>
</li>
- <li id="M201711100">
+ <span class="removed"><del><strong><li><p>Google's new voice
messaging app</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201711100">
<!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>A remote-control sex toy was found to make <a
-
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
- recordings of the conversation between two users</a>.</p>
+ <p>A remote-control sex toy was found to make</em></ins></span>
<a <span
class="removed"><del><strong>href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of the conversation between two
users</a>.</p></em></ins></span>
</li>
- <li id="M201703140">
+ <span class="removed"><del><strong><li><p>Apps that
include</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201703140">
<!--#set var="DATE" value='<small
class="date-tag">2017-03</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>A computerized vibrator <a
-
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
- was snooping on its users through the proprietary control
app</a>.</p>
+ <p>A computerized vibrator</em></ins></span> <a <span
class="removed"><del><strong>href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio and TV programs
+ are playing nearby</a>. Also</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping</em></ins></span> on <span
class="removed"><del><strong>what</strong></del></span> <span
class="inserted"><ins><em>its users through the proprietary control
app</a>.</p>
<p>The app was reporting the temperature of the vibrator minute by
minute (thus, indirectly, whether it was surrounded by a person's
@@ -2841,22 +2700,32 @@
<p>Note the totally inadequate proposed response: a labeling
standard with which manufacturers would make statements about their
- products, rather than free software which users could have checked
- and changed.</p>
+ products, rather than free software which</em></ins></span> users <span
class="removed"><del><strong>post on various sites
+ such as Facebook, Google+</strong></del></span> <span
class="inserted"><ins><em>could have checked</em></ins></span>
+ and <span class="removed"><del><strong>Twitter.</p>
+ </li>
+
+ <li><p>Facebook's new Magic Photo app</strong></del></span>
<span class="inserted"><ins><em>changed.</p>
- <p>The company that made the vibrator <a
-
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
- was sued for collecting lots of personal information about how people
+ <p>The company that made the vibrator</em></ins></span> <a
+<span
class="removed"><del><strong>href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
+scans your mobile phone's photo collections</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
+ was sued</em></ins></span> for <span class="removed"><del><strong>known
faces</a>,
+ and suggests you</strong></del></span> <span
class="inserted"><ins><em>collecting lots of personal information about how
people
used it</a>.</p>
<p>The company's statement that it was anonymizing the data may be
- true, but it doesn't really matter. If it had sold the data to a data
- broker, the data broker would have been able to figure out who the
- user was.</p>
+ true, but it doesn't really matter. If it had sold the
data</em></ins></span> to <span
class="removed"><del><strong>share</strong></del></span> <span
class="inserted"><ins><em>a data
+ broker,</em></ins></span> the <span class="removed"><del><strong>picture
you take according</strong></del></span> <span class="inserted"><ins><em>data
broker would have been able</em></ins></span> to <span
class="inserted"><ins><em>figure out</em></ins></span> who
+ <span class="removed"><del><strong>is in</strong></del></span> the <span
class="removed"><del><strong>frame.</p>
+
+ <p>This spyware feature seems</strong></del></span>
+ <span class="inserted"><ins><em>user was.</p>
<p>Following this lawsuit, <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
- the company has been ordered to pay a total of C$4m</a> to its
+ the company has been ordered</em></ins></span> to <span
class="removed"><del><strong>require online access</strong></del></span> <span
class="inserted"><ins><em>pay a total of C$4m</a> to its
customers.</p>
</li>
@@ -2865,35 +2734,45 @@
--><!--#echo encoding="none" var="DATE" -->
<p>“CloudPets” toys with microphones <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
- leak childrens' conversations to the manufacturer</a>. Guess what?
<a
+ leak childrens' conversations</em></ins></span> to <span
class="removed"><del><strong>some
+ known-faces database, which means</strong></del></span> the <span
class="removed"><del><strong>pictures are likely</strong></del></span> <span
class="inserted"><ins><em>manufacturer</a>. Guess what? <a
href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
- Crackers found a way to access the data</a> collected by the
+ Crackers found a way</em></ins></span> to <span
class="removed"><del><strong>be
+ sent across</strong></del></span> <span
class="inserted"><ins><em>access</em></ins></span> the <span
class="removed"><del><strong>wire</strong></del></span> <span
class="inserted"><ins><em>data</a> collected by the
manufacturer's snooping.</p>
- <p>That the manufacturer and the FBI could listen to these
+ <p>That the manufacturer and the FBI could listen</em></ins></span>
to <span class="removed"><del><strong>Facebook's servers</strong></del></span>
<span class="inserted"><ins><em>these
conversations was unacceptable by itself.</p>
</li>
<li id="M201612060">
<!--#set var="DATE" value='<small
class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The “smart” toys My Friend Cayla and i-Que transmit
<a
+ <p>The “smart” toys My Friend Cayla</em></ins></span>
and <span class="removed"><del><strong>face-recognition
+ algorithms.</p>
+
+ <p>If so, none of Facebook users' pictures are private
+ anymore, even if</strong></del></span> <span
class="inserted"><ins><em>i-Que transmit <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
conversations to Nuance Communications</a>, a speech recognition
- company based in the U.S.</p>
+ company based in</em></ins></span> the <span
class="removed"><del><strong>user didn't “upload”
them</strong></del></span> <span class="inserted"><ins><em>U.S.</p>
<p>Those toys also contain major security vulnerabilities; crackers
can remotely control the toys with a mobile phone. This would enable
- crackers to listen in on a child's speech, and even speak into the
- toys themselves.</p>
+ crackers</em></ins></span> to <span class="inserted"><ins><em>listen in on
a child's speech, and even speak into</em></ins></span> the <span
class="removed"><del><strong>service.</p></strong></del></span>
+ <span class="inserted"><ins><em>toys
themselves.</p></em></ins></span>
</li>
- <li id="M201502180">
+ <span class="removed"><del><strong><li><p>Like most “music
screaming” disservices, Spotify
+ is based</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201502180">
<!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Barbie <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
- going to spy on children and adults</a>.</p>
+ going to spy</em></ins></span> on <span
class="removed"><del><strong>proprietary malware (DRM</strong></del></span>
<span class="inserted"><ins><em>children</em></ins></span> and <span
class="removed"><del><strong>snooping). In August
+ 2015 it</strong></del></span> <span
class="inserted"><ins><em>adults</a>.</p>
</li>
</ul>
@@ -2908,8 +2787,10 @@
<!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>While you're using a DJI drone
- to snoop on other people, DJI is in many cases <a
-
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
+ to snoop on other people, DJI is in many cases</em></ins></span> <a
+<span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p>
</li>
</ul>
@@ -2924,10 +2805,16 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many employers are using nonfree
- software, including videoconference software, to <a
+ software, including videoconference software,</em></ins></span> to <span
class="removed"><del><strong>increased
snooping</a>,</strong></del></span> <span class="inserted"><ins><em><a
href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
- surveil and monitor staff working at home</a>. If the program reports
- whether you are “active,” that is in effect a malicious
+ surveil</em></ins></span> and <span
class="removed"><del><strong>some</strong></del></span> <span
class="inserted"><ins><em>monitor staff working at home</a>. If the
program reports
+ whether you</em></ins></span> are <span
class="removed"><del><strong>starting to realize</strong></del></span> <span
class="inserted"><ins><em>“active,”</em></ins></span> that <span
class="removed"><del><strong>it</strong></del></span> is <span
class="removed"><del><strong>nasty.</p>
+
+ <p>This article shows the <a
+href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as</strong></del></span> <span
class="inserted"><ins><em>in effect</em></ins></span> a <span
class="removed"><del><strong>way
+ to “serve” users better</a>—never mind
+ whether they want that. This</strong></del></span> <span
class="inserted"><ins><em>malicious
surveillance feature.</p>
</li>
@@ -2935,30 +2822,52 @@
<!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Nest <a
-
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
- is taking over ADT</a>. Google sent out a software
- update to its speaker devices using their back door <a
- href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
- listens for things like smoke alarms</a> and then notifies your phone
- that an alarm is happening. This means the devices now listen for more
- than just their wake words. Google says the software update was sent
+
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/"></em></ins></span>
+ is <span class="inserted"><ins><em>taking over ADT</a>. Google sent
out</em></ins></span> a <span class="removed"><del><strong>typical example of
+ the attitude of the proprietary</strong></del></span> software <span
class="removed"><del><strong>industry towards
+ those they have subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p>
+ </li>
+ <li><p>Many proprietary apps for mobile</strong></del></span>
+ <span class="inserted"><ins><em>update to its speaker</em></ins></span>
devices <span class="removed"><del><strong>report which other
+ apps the user has
+ installed.</strong></del></span> <span class="inserted"><ins><em>using
their back door</em></ins></span> <a <span
class="removed"><del><strong>href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.protocol.com/google-smart-speaker-alarm-adt"></em></ins></span>
that <span class="removed"><del><strong>at least is
visible</strong></del></span>
+ <span class="inserted"><ins><em>listens for things like smoke
alarms</a></em></ins></span> and
+ <span class="removed"><del><strong>optional</a>. Not as bad as
what</strong></del></span> <span class="inserted"><ins><em>then notifies your
phone
+ that an alarm is happening. This means</em></ins></span> the <span
class="removed"><del><strong>others do.</p>
+ </li>
+
+ <li><p>FTC</strong></del></span> <span
class="inserted"><ins><em>devices now listen for more
+ than just their wake words. Google</em></ins></span> says <span
class="removed"><del><strong>most mobile apps</strong></del></span> <span
class="inserted"><ins><em>the software update was sent
out prematurely and on accident and Google was planning on disclosing
- this new feature and offering it to customers who pay for it.</p>
+ this new feature and offering it to customers who pay</em></ins></span>
for <span class="removed"><del><strong>children don't respect privacy:
+ <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p></strong></del></span>
<span class="inserted"><ins><em>it.</p></em></ins></span>
</li>
- <li id="M202006300">
+ <span class="removed"><del><strong><li><p>Widely
used</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M202006300">
<!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>“Bossware” is malware that bosses <a
-
href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
+ <p>“Bossware” is malware that bosses</em></ins></span>
<a <span
class="removed"><del><strong>href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
coerce workers into installing in their own computers</a>, so the
- bosses can spy on them.</p>
+ bosses can spy</em></ins></span> on <span
class="inserted"><ins><em>them.</p>
- <p>This shows why requiring the user's “consent” is not
+ <p>This shows why requiring</em></ins></span> the <span
class="removed"><del><strong>user</a>. This</strong></del></span> <span
class="inserted"><ins><em>user's “consent”</em></ins></span> is
<span class="removed"><del><strong>in addition</strong></del></span> <span
class="inserted"><ins><em>not
an adequate basis for protecting digital privacy. The boss can coerce
- most workers into consenting to almost anything, even probable exposure
+ most workers into consenting</em></ins></span> to
+ <span class="removed"><del><strong>the snooping done by the phone
company,</strong></del></span> <span class="inserted"><ins><em>almost anything,
even probable exposure
to contagious disease that can be fatal. Software like this should
- be illegal and bosses that demand it should be prosecuted for it.</p>
+ be illegal</em></ins></span> and <span
class="removed"><del><strong>perhaps by the OS in the
+ phone.</p>
+
+ <p>Don't</strong></del></span> <span
class="inserted"><ins><em>bosses that demand it should</em></ins></span> be
<span class="removed"><del><strong>distracted by</strong></del></span> <span
class="inserted"><ins><em>prosecuted for it.</p>
</li>
<li id="M201911190">
@@ -2967,42 +2876,64 @@
<p>Internet-tethered Amazon Ring had
a security vulnerability that enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
- access the user's wifi password</a>, and snoop on the household
+ access</em></ins></span> the <span
class="removed"><del><strong>question</strong></del></span> <span
class="inserted"><ins><em>user's wifi password</a>, and snoop on the
household
through connected surveillance devices.</p>
- <p>Knowledge of the wifi password would not be sufficient to carry
+ <p>Knowledge</em></ins></span> of <span
class="removed"><del><strong>whether</strong></del></span> the <span
class="removed"><del><strong>app developers get
+ users</strong></del></span> <span class="inserted"><ins><em>wifi
password would not be sufficient</em></ins></span> to <span
class="removed"><del><strong>say “I agree”. That is no
excuse</strong></del></span> <span class="inserted"><ins><em>carry
out any significant surveillance if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
- manufacturers for snooping.</p>
+ manufacturers</em></ins></span> for <span
class="removed"><del><strong>malware.</p></strong></del></span> <span
class="inserted"><ins><em>snooping.</p></em></ins></span>
</li>
- <li id="M201907210">
+ <span class="removed"><del><strong><li><p>The Brightest
Flashlight app</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201907210">
<!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Google “Assistant” records users' conversations <a
-
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
- when it is not supposed to listen</a>. Thus, when one of Google's
+ <p>Google “Assistant” records users'
conversations</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by
companies.</a></p>
+
+ <p>The FTC criticized this app because</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
+ when</em></ins></span> it <span class="removed"><del><strong>asked the
user</strong></del></span> <span class="inserted"><ins><em>is not
supposed</em></ins></span> to
+ <span class="removed"><del><strong>approve sending personal
data</strong></del></span> <span class="inserted"><ins><em>listen</a>.
Thus, when one of Google's
subcontractors discloses a thousand confidential voice recordings,
users were easily identified from these recordings.</p>
<p>Since Google “Assistant” uses proprietary software,
there is no
- way to see or control what it records or sends.</p>
+ way</em></ins></span> to <span class="removed"><del><strong>the app
developer but did not
+ ask about sending</strong></del></span> <span
class="inserted"><ins><em>see or control what</em></ins></span> it <span
class="inserted"><ins><em>records or sends.</p>
- <p>Rather than trying to better control the use of recordings, Google
- should not record or listen to the person's voice. It should only
- get commands that the user wants to send to some Google service.</p>
+ <p>Rather than trying</em></ins></span> to <span
class="removed"><del><strong>other companies. This shows</strong></del></span>
<span class="inserted"><ins><em>better control</em></ins></span> the
+ <span class="removed"><del><strong>weakness</strong></del></span> <span
class="inserted"><ins><em>use</em></ins></span> of <span
class="removed"><del><strong>the reject-it-if-you-dislike-snooping
+ “solution”</strong></del></span> <span
class="inserted"><ins><em>recordings, Google
+ should not record or listen</em></ins></span> to <span
class="removed"><del><strong>surveillance: why</strong></del></span> <span
class="inserted"><ins><em>the person's voice. It</em></ins></span> should
<span class="removed"><del><strong>a flashlight
+ app</strong></del></span> <span class="inserted"><ins><em>only
+ get commands that the user wants to</em></ins></span> send <span
class="removed"><del><strong>any information</strong></del></span> to <span
class="removed"><del><strong>anyone? A free software flashlight
+ app would not.</p></strong></del></span> <span
class="inserted"><ins><em>some Google service.</p></em></ins></span>
</li>
+<span class="removed"><del><strong></ul>
- <li id="M201905061">
+
+<div class="big-subsection">
+ <h4 id="SpywareInGames">Spyware in Games</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+</div>
+
+<ul>
+ <li><p>nVidia's proprietary GeForce Experience <a
href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201905061">
<!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Amazon Alexa collects a lot more information from users
- than is necessary for correct functioning (time, location,
- recordings made without a legitimate prompt), and sends
- it to Amazon's servers, which store it indefinitely. Even
+ <p>Amazon Alexa collects a lot more information
from</em></ins></span> users <span class="removed"><del><strong>identify
themselves</strong></del></span>
+ <span class="inserted"><ins><em>than is necessary for correct functioning
(time, location,
+ recordings made without a legitimate prompt),</em></ins></span> and <span
class="removed"><del><strong>then</strong></del></span> sends <span
class="removed"><del><strong>personal</strong></del></span>
+ <span class="inserted"><ins><em>it to Amazon's servers, which store it
indefinitely. Even
worse, Amazon forwards it to third-party companies. Thus,
- even if users request deletion of their data from Amazon's servers, <a
+ even if users request deletion of their</em></ins></span> data <span
class="removed"><del><strong>about them</strong></del></span> <span
class="inserted"><ins><em>from Amazon's servers, <a
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
the data remain on other servers</a>, where they can be accessed by
advertising companies and government agencies. In other words,
@@ -3012,79 +2943,160 @@
<p>Data collected by devices such as the Nest thermostat, the Philips
Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
speakers are likewise stored longer than necessary on the servers
- the devices are tethered to. Moreover, they are made available to
- Alexa. As a result, Amazon has a very precise picture of users' life
+ the devices are tethered to. Moreover, they are made
available</em></ins></span> to
+ <span class="removed"><del><strong>nVidia
servers</a>.</p></strong></del></span>
+ <span class="inserted"><ins><em>Alexa. As a result, Amazon has a very
precise picture of users' life
at home, not only in the present, but in the past (and, who knows,
- in the future too?)</p>
+ in the future too?)</p></em></ins></span>
</li>
- <li id="M201904240">
+ <span class="removed"><del><strong><li><p>Angry
Birds</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201904240">
<!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Some of users' commands to the Alexa service are <a
-
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
- recorded for Amazon employees to listen to</a>. The Google and Apple
+ <p>Some of users' commands to the Alexa service
are</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
+ recorded</em></ins></span> for <span
class="removed"><del><strong>companies,</strong></del></span> <span
class="inserted"><ins><em>Amazon employees to listen to</a>. The
Google</em></ins></span> and <span class="inserted"><ins><em>Apple
voice assistants do similar things.</p>
- <p>A fraction of the Alexa service staff even has access to <a
-
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
- location and other personal data</a>.</p>
-
- <p>Since the client program is nonfree, and data processing is done
- “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
- the cloud</a>” (a soothing way of saying “We won't
+ <p>A fraction of</em></ins></span> the <span
class="removed"><del><strong>NSA takes advantage</strong></del></span> <span
class="inserted"><ins><em>Alexa service staff even has access</em></ins></span>
to <span class="removed"><del><strong>spy through it too</a>.
+ Here's information on
+ <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more spyware apps</a>.</p>
+ <p><a
href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInToys">Spyware in Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+</div>
+
+<ul>
+
+ <li><p>A company that makes internet-controlled
vibrators</strong></del></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is
+ being sued for collecting lots of</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
+ location and other</em></ins></span> personal <span
class="removed"><del><strong>information about how
+ people use it</a>.</p>
+
+ <p>The company's statement that it
anonymizes</strong></del></span> <span
class="inserted"><ins><em>data</a>.</p>
+
+ <p>Since</em></ins></span> the <span
class="inserted"><ins><em>client program is nonfree, and</em></ins></span> data
<span class="removed"><del><strong>may be
+ true, but it doesn't really matter. If it sells</strong></del></span>
<span class="inserted"><ins><em>processing is done
+ “<a
href="/philosophy/words-to-avoid.html#CloudComputing">in</em></ins></span>
+ the <span class="removed"><del><strong>data</strong></del></span> <span
class="inserted"><ins><em>cloud</a>” (a soothing way of saying
“We won't
tell you how and where it's done”), users have no way
- to know what happens to the recordings unless human eavesdroppers <a
+ to know what happens</em></ins></span> to <span
class="removed"><del><strong>a
+ data broker, the data broker can figure out who</strong></del></span>
the <span class="removed"><del><strong>user is.</p></strong></del></span>
<span class="inserted"><ins><em>recordings unless human eavesdroppers <a
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
- break their non-disclosure agreements</a>.</p>
+ break their non-disclosure
agreements</a>.</p></em></ins></span>
</li>
- <li id="M201902080">
+ <span class="removed"><del><strong><li><p>A computerized
+ vibrator</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201902080">
<!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>The HP <a
- href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
+ <p>The HP</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">snoops
+ on its users through</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
“ink subscription” cartridges have DRM that constantly
- communicates with HP servers</a> to make sure the user is still
- paying for the subscription, and hasn't printed more pages than were
+ communicates with HP servers</a> to make sure</em></ins></span> the
<span class="removed"><del><strong>proprietary control app</a>.</p>
+
+ <p>The app reports</strong></del></span> <span
class="inserted"><ins><em>user is still
+ paying for</em></ins></span> the <span
class="removed"><del><strong>temperature of</strong></del></span> <span
class="inserted"><ins><em>subscription, and hasn't printed more pages than were
paid for.</p>
- <p>Even though the ink subscription program may be cheaper in some
- specific cases, it spies on users, and involves totally unacceptable
- restrictions in</em></ins></span> the <span
class="removed"><del><strong>specific sabotage method Lenovo used did not affect
-GNU/Linux; also,</strong></del></span> <span class="inserted"><ins><em>use of
ink cartridges that would otherwise be in
+ <p>Even though</em></ins></span> the <span
class="removed"><del><strong>vibrator minute by
+ minute (thus, indirectly, whether</strong></del></span> <span
class="inserted"><ins><em>ink subscription program may be cheaper in some
+ specific cases,</em></ins></span> it <span class="removed"><del><strong>is
surrounded by a person's
+ body),</strong></del></span> <span class="inserted"><ins><em>spies on
users,</em></ins></span> and <span class="inserted"><ins><em>involves totally
unacceptable
+ restrictions in</em></ins></span> the <span
class="removed"><del><strong>vibration frequency.</p>
+
+ <p>Note</strong></del></span> <span class="inserted"><ins><em>use
of ink cartridges that would otherwise be in
working order.</p>
</li>
<li id="M201808120">
<!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
- <p>Crackers found</em></ins></span> a <span
class="removed"><del><strong>“clean” Windows install is not really
-clean since</strong></del></span> <span class="inserted"><ins><em>way to break
the security of an Amazon device,
- and</em></ins></span> <a <span
class="removed"><del><strong>href="/proprietary/malware-microsoft.html">Microsoft
-puts</strong></del></span> <span
class="inserted"><ins><em>href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
- turn it into a listening device</a> for them.</p>
+ <p>Crackers found a way to break</em></ins></span> the <span
class="removed"><del><strong>totally inadequate proposed
response:</strong></del></span> <span class="inserted"><ins><em>security of an
Amazon device,
+ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn it into</em></ins></span> a <span
class="removed"><del><strong>labeling
+ standard with which manufacturers</strong></del></span> <span
class="inserted"><ins><em>listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
easier for Amazon. And if some government such as China or the US
- told Amazon to do this, or cease to sell the product</em></ins></span> in
<span class="removed"><del><strong>its own malware</a>.
-</p></li>
-</ul>
-
-<!-- #SpywareAtWork -->
-<!-- WEBMASTERS: make sure</strong></del></span> <span
class="inserted"><ins><em>that country,
- do you think Amazon would have the moral fiber</em></ins></span> to <span
class="removed"><del><strong>place new items on top under each
subsection</strong></del></span> <span class="inserted"><ins><em>say
no?</p>
-
- <p><small>(These crackers are probably hackers too, but please
<a
- href="https://stallman.org/articles/on-hacking.html"> don't use
- “hacking” to mean “breaking
security”</a>.)</small></p>
+ told Amazon to do this, or cease to sell the product in that country,
+ do you think Amazon</em></ins></span> would <span
class="removed"><del><strong>make statements about
+ their products, rather than free software which users can check
+ and change.</p>
+ </li>
+ <li><p>Barbie</strong></del></span> <span
class="inserted"><ins><em>have the moral fiber to say no?</p>
+
+ <p><small>(These crackers are probably hackers too, but
please</em></ins></span> <a <span
class="removed"><del><strong>href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going</strong></del></span>
+ <span
class="inserted"><ins><em>href="https://stallman.org/articles/on-hacking.html">
don't use
+ “hacking”</em></ins></span> to <span
class="removed"><del><strong>spy</strong></del></span> <span
class="inserted"><ins><em>mean “breaking
security”</a>.)</small></p>
</li>
<li id="M201804140">
<!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A medical insurance company <a
+
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
+ offers a gratis electronic toothbrush that snoops</em></ins></span> on
<span class="removed"><del><strong>children and
adults.</a>.</p></strong></del></span> <span
class="inserted"><ins><em>its user by
+ sending usage data back over the
Internet</a>.</p></em></ins></span>
+ </li>
+<span class="removed"><del><strong></ul>
+
+
+<!-- #SpywareAtLowLevel</strong></del></span>
+
+ <span class="inserted"><ins><em><li id="M201706204">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-06</small>'
--><!--#echo encoding="none" var="DATE"</em></ins></span> -->
+<span class="removed"><del><strong><!-- WEBMASTERS: make
sure</strong></del></span>
+ <span class="inserted"><ins><em><p>Lots of “smart”
products are designed <a
+
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
+ listen</em></ins></span> to <span class="removed"><del><strong>place new
items on top under each subsection -->
-<span class="removed"><del><strong><div class="big-section">
+<div class="big-section">
+ <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInBIOS">Spyware</strong></del></span> <span
class="inserted"><ins><em>everyone</em></ins></span> in <span
class="removed"><del><strong>BIOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
+</div>
+
+<ul>
+<li><p>
+<a
href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows
installs.
+Note that</strong></del></span> the <span
class="removed"><del><strong>specific sabotage method Lenovo used
did</strong></del></span> <span class="inserted"><ins><em>house, all the
time</a>.</p>
+
+ <p>Today's technological practice does</em></ins></span> not <span
class="removed"><del><strong>affect
+GNU/Linux; also,</strong></del></span> <span class="inserted"><ins><em>include
any way of making</em></ins></span>
+ a <span class="removed"><del><strong>“clean” Windows install
is not really
+clean since <a href="/proprietary/malware-microsoft.html">Microsoft
+puts in its own malware</a>.
+</p></li>
+</ul>
+
+<!-- #SpywareAtWork -->
+<!-- WEBMASTERS: make sure to place new items</strong></del></span> <span
class="inserted"><ins><em>device that can obey your voice commands without
potentially spying</em></ins></span>
+ on <span class="removed"><del><strong>top under each subsection -->
+
+<div class="big-section">
<h3 id="SpywareAtWork">Spyware at Work</h3>
<span class="anchor-reference-id">(<a
href="#SpywareAtWork">#SpywareAtWork</a>)</span>
</div>
@@ -3092,32 +3104,16 @@
<ul>
<li><p>Investigation
- Shows</strong></del></span>
- <span class="inserted"><ins><em><p>A medical insurance
company</em></ins></span> <a <span
class="removed"><del><strong>href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
- <p>Specifically, it can collect</strong></del></span>
- <span
class="inserted"><ins><em>href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
- offers a gratis electronic toothbrush that snoops on its user by
- sending usage data back over</em></ins></span> the <span
class="removed"><del><strong>emails</strong></del></span> <span
class="inserted"><ins><em>Internet</a>.</p>
- </li>
-
- <li id="M201706204">
- <!--#set var="DATE" value='<small
class="date-tag">2017-06</small>'
- --><!--#echo encoding="none" var="DATE" -->
- <p>Lots</em></ins></span> of <span
class="removed"><del><strong>members</strong></del></span> <span
class="inserted"><ins><em>“smart” products are designed <a
-
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
- listen to everyone in the house, all the time</a>.</p>
-
- <p>Today's technological practice does not include any
way</em></ins></span> of <span class="removed"><del><strong>Parliament
- this way, because they pass</strong></del></span> <span
class="inserted"><ins><em>making
- a device that can obey your voice commands without potentially spying
- on you. Even if</em></ins></span> it <span
class="removed"><del><strong>through Microsoft.</p></li>
+ <p>Specifically,</strong></del></span> <span
class="inserted"><ins><em>you. Even if</em></ins></span> it <span
class="removed"><del><strong>can collect the emails of members of Parliament
+ this way, because they pass</strong></del></span> <span
class="inserted"><ins><em>is air-gapped,</em></ins></span> it <span
class="removed"><del><strong>through Microsoft.</p></li>
<li><p>Spyware in Cisco TNP IP phones:
<a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
-
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>is air-gapped, it could be saving up records
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p></strong></del></span>
<span class="inserted"><ins><em>could be saving up records
about you for later examination.</p></em></ins></span>
</li>
<span class="removed"><del><strong></ul>
@@ -4091,7 +4087,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2021/02/06 14:33:05 $
+$Date: 2021/02/06 16:03:04 $
<!-- timestamp end -->
</p>
</div>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www philosophy/basic-freedoms.it.html philosoph...,
GNUN <=