[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-google.pt-br.html propr...
From: |
GNUN |
Subject: |
www/proprietary malware-google.pt-br.html propr... |
Date: |
Tue, 7 Dec 2021 14:30:34 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 21/12/07 14:30:34
Modified files:
proprietary : malware-google.pt-br.html
proprietary-surveillance.pt-br.html
Added files:
proprietary/po : malware-google.pt-br-diff.html
proprietary-surveillance.pt-br-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-google.pt-br.html?cvsroot=www&r1=1.7&r2=1.8
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-surveillance.pt-br.html?cvsroot=www&r1=1.3&r2=1.4
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-google.pt-br-diff.html?cvsroot=www&rev=1.1
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/proprietary-surveillance.pt-br-diff.html?cvsroot=www&rev=1.1
Patches:
Index: malware-google.pt-br.html
===================================================================
RCS file: /web/www/www/proprietary/malware-google.pt-br.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- malware-google.pt-br.html 6 Sep 2021 01:03:48 -0000 1.7
+++ malware-google.pt-br.html 7 Dec 2021 19:30:30 -0000 1.8
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE" value="/proprietary/malware-google.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/malware-google.pt-br.po">
+ https://www.gnu.org/proprietary/po/malware-google.pt-br.po</a>'
+ --><!--#set var="ORIGINAL_FILE" value="/proprietary/malware-google.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/malware-google.pt-br-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2021-10-08" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/malware-google.en.html" -->
<!--#include virtual="/server/header.pt-br.html" -->
<!-- Parent-Version: 1.96 -->
@@ -34,6 +39,7 @@
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
+<!--#include virtual="/server/outdated.pt-br.html" -->
<!--#include virtual="/server/top-addendum.pt-br.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
@@ -961,7 +967,7 @@
<p class="unprintable"><!-- timestamp start -->
Ãltima atualização:
-$Date: 2021/09/06 01:03:48 $
+$Date: 2021/12/07 19:30:30 $
<!-- timestamp end -->
</p>
Index: proprietary-surveillance.pt-br.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-surveillance.pt-br.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- proprietary-surveillance.pt-br.html 25 Jul 2021 14:31:53 -0000 1.3
+++ proprietary-surveillance.pt-br.html 7 Dec 2021 19:30:30 -0000 1.4
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE"
value="/proprietary/proprietary-surveillance.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/proprietary-surveillance.pt-br.po">
+ https://www.gnu.org/proprietary/po/proprietary-surveillance.pt-br.po</a>'
+ --><!--#set var="ORIGINAL_FILE"
value="/proprietary/proprietary-surveillance.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/proprietary-surveillance.pt-br-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2021-10-08" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/proprietary-surveillance.en.html" -->
<!--#include virtual="/server/header.pt-br.html" -->
<!-- Parent-Version: 1.96 -->
@@ -52,6 +57,7 @@
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
+<!--#include virtual="/server/outdated.pt-br.html" -->
<!--#include virtual="/server/top-addendum.pt-br.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
@@ -4285,7 +4291,7 @@
<p class="unprintable"><!-- timestamp start -->
Ãltima atualização:
-$Date: 2021/07/25 14:31:53 $
+$Date: 2021/12/07 19:30:30 $
<!-- timestamp end -->
</p>
Index: po/malware-google.pt-br-diff.html
===================================================================
RCS file: po/malware-google.pt-br-diff.html
diff -N po/malware-google.pt-br-diff.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ po/malware-google.pt-br-diff.html 7 Dec 2021 19:30:32 -0000 1.1
@@ -0,0 +1,811 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!-- Generated by GNUN -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>/proprietary/malware-google.html-diff</title>
+<style type="text/css">
+span.removed { background-color: #f22; color: #000; }
+span.inserted { background-color: #2f2; color: #000; }
+</style></head>
+<body><pre>
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.96 -->
+<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Please do not edit <ul class="blurbs">!
+ Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
+ See explanations in /proprietary/workshop/README.md.
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-->
+<title>Google's Software Is Malware
+- GNU Project - Free Software Foundation</title>
+<link rel="stylesheet" type="text/css" href="/side-menu.css"
media="screen,print" />
+ <!--#include virtual="/proprietary/po/malware-google.translist" -->
+<!--#include virtual="/server/banner.html" -->
+<div class="nav">
+<a id="side-menu-button" class="switch" href="#navlinks">
+ <img id="side-menu-icon" height="32"
+ src="/graphics/icons/side-menu.png"
+ title="Section contents"
+ alt=" [Section contents] " />
+</a>
+
+<p class="breadcrumb">
+ <a href="/"><img src="/graphics/icons/home.png" height="24"
+ alt="GNU Home" title="GNU Home" /></a> /
+ <a href="/proprietary/proprietary.html">Malware</a> /
+ By company /
+</p>
+</div>
+<!--GNUN: OUT-OF-DATE NOTICE-->
+<!--#include virtual="/server/top-addendum.html" -->
+<div style="clear: both"></div>
+<div id="last-div" class="reduced-width">
+<h2>Google's Software is Malware</h2>
+
+<div class="infobox">
+<hr class="full-width" />
+<p>Nonfree (proprietary) software is very often malware (designed to
+mistreat the user). Nonfree software is controlled by its developers,
+which puts them in a position of power over the users; <a
+href="/philosophy/free-software-even-more-important.html">that is the
+basic injustice</a>. The developers and manufacturers often exercise
+that power to the detriment of the users they ought to serve.</p>
+
+<p>This typically takes the form of malicious functionalities.</p>
+<hr class="full-width" />
+</div>
+
+<div class="article">
+<div class="important">
+<p>If you know of an example that ought to be in this page but isn't
+here, please write
+to <a
href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
+to inform us. Please include the URL of a trustworthy reference or two
+to serve as specific substantiation.</p>
+</div>
+
+<div id="TOC" class="toc-inline">
+<h3>Types of Google malware</h3>
+<ul>
+ <li><a href="#back-doors">Back doors</a></li>
+ <li><a href="#censorship">Censorship</a></li>
+<!--<li><a
href="#deception">Deception</a></li>-->
+ <li><a href="#drm">DRM</a></li>
+ <li><a href="#insecurity">Insecurity</a></li>
+ <li><a href="#interference">Interference</a></li>
+<!--<li><a href="#jails">Jails</a></li>-->
+ <li><a href="#sabotage">Sabotage</a></li>
+ <li><a href="#surveillance">Surveillance</a></li>
+ <li><a href="#tyrants">Tyrants</a></li>
+</ul>
+</div>
+
+<h3 id="back-doors">Back Doors</h3>
+
+<ul class="blurbs">
+ <li id="M202004130">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The <a
href="https://www.google.com/mobile/android/market-tos.html">
+ Google Play Terms of Service</a> insist that the user of Android
accept
+ the presence of universal back doors in apps released by Google.</p>
+
+ <p>This does not tell us whether any of Google's apps currently
+ contains a universal back door, but that is a secondary question.
+ In moral terms, demanding that people accept in advance certain bad
+ treatment is equivalent to actually doing it. Whatever condemnation
+ the latter deserves, the former deserves the same.</p>
+ </li>
+
+ <li id="M201908220">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>ChromeBooks are programmed for obsolescence:
+ ChromeOS has a universal back door that is used for updates and <a
+
href="https://www.theregister.co.uk/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/">
+ ceases to operate at a predefined date</a>. From then on, there
+ appears to be no support whatsoever for the computer.</p>
+
+ <p>In other words, when you stop getting screwed by the back door,
+ you start getting screwed by the obsolescence.</p>
+ </li>
+
+ <li id="M201809140">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Android has a <a
+
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
+ back door for remotely changing “user”
settings</a>.</p>
+
+ <p>The article suggests it might be a universal back door, but this
+ isn't clear.</p>
+ </li>
+
+ <li id="M201202280">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>ChromeOS has a universal back
+ door. At least, Google says it does—in <a
+ href="https://www.google.com/intl/en/chromebook/termsofservice.html">
+ section 4 of the EULA</a>.</p>
+ </li>
+
+ <li id="M201103070">
+ <!--#set var="DATE" value='<small
class="date-tag">2011-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In Android, <a
+
href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html">
+ Google has a back door to remotely delete apps</a>. (It was in a
+ program called GTalkService, which seems since then to have been
+ merged into Google Play.)</p>
+
+ <p>Google can also <a
+
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
+ forcibly and remotely install apps</a> through GTalkService. This is
+ not equivalent to a universal back door, but permits various dirty
+ tricks.</p>
+
+ <p>Although Google's <em>exercise</em> of this power has
not been
+ malicious so far, the point is that nobody should have such power,
+ which could also be used maliciously. You might well decide to
+ let a security service remotely <em>deactivate</em> programs
that
+ it considers malicious. But there is no excuse for allowing it to
+ <em>delete</em> the programs, and you should have the right to
decide
+ who (if anyone) to trust in this way.</p>
+ </li>
+</ul>
+
+
+<h3 id="censorship">Censorship</h3>
+
+<ul class="blurbs">
+ <li id="M201703160">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google <a
+
href="http://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts">
+ offers censorship software</a>, ostensibly for parents to put into
+ their children's computers.</p>
+ </li>
+
+ <li id="M201701180">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>On Windows and MacOS, Chrome <a
+
href="https://sites.google.com/a/chromium.org/dev/developers/extensions-deployment-faq">
+ disables extensions</a> that are not hosted in the Chrome Web
+ Store.</p>
+
+ <p>For example, an extension was <a
+
href="https://web.archive.org/web/20170120094917/https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">
+ banned from the Chrome Web Store, and permanently disabled</a> on
+ more than 40,000 computers.</p>
+ </li>
+
+ <li id="M201602030">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">
+ Google censored installation of Samsung's ad-blocker</a> on Android
+ phones, saying that blocking ads is “interference” with
+ the sites that advertise (and surveil users through ads).</p>
+
+ <p>The ad-blocker is proprietary software, just like the program
+ (Google Play) that Google used to deny access to install it. Using
+ a nonfree program gives the owner power over you, and Google has
+ exercised that power.</p>
+
+ <p>Google's censorship, unlike that of Apple, is not total: Android
+ allows users to install apps in other ways. You can install free
+ programs from f-droid.org.</p>
+ </li>
+</ul>
+
+
+<h3 id="drm">DRM</h3>
+
+<p>Digital restrictions management, or “DRM,” refers to
+functionalities designed to restrict what users can do with the data
+in their computers.</p>
+
+<ul class="blurbs">
+ <li id="M201705150">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google now allows Android
+ apps to detect whether a device has been rooted, <a
+
href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and
+ refuse to install if so</a>. The Netflix app uses this ability to
+ enforce DRM by refusing to install on rooted Android devices.</p>
+
+ <p>Update: Google <i>intentionally</i> changed Android
so that apps <a
+
href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can
+ detect rooted devices and refuse to run on them</a>. The Netflix app
+ is proprietary malware, and one shouldn't use it. However, that does
+ not make what Google has done any less wrong.</p>
+ </li>
+
+ <li id="M201701300">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Chrome <a
+
href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements
+ DRM</a>. So does Chromium, through nonfree software that is
effectively
+ part of it.</p>
+
+ <p><a
+
href="https://bugs.chromium.org/p/chromium/issues/detail_ezt?id=686430">More
+ information</a>.</p>
+ </li>
+
+ <li id="M201102250">
+ <!--#set var="DATE" value='<small
class="date-tag">2011-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Android <a
+
href="https://developer.android.com/reference/android/drm/package-summary.html">
+ contains facilities specifically to support DRM</a>.</p>
+ </li>
+</ul>
+
+
+<h3 id="insecurity">Insecurity</h3>
+
+<p>These bugs are/were not intentional, so unlike the rest of the file
+ they do not count as malware. We mention them to refute the
+ supposition that prestigious proprietary software doesn't have grave
+ bugs.</p>
+
+<ul class="blurbs">
+ <li id="M202107180">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones">
+ The pegasus spyware used vulnerabilities on proprietary smartphone
+ operating systems</a> to impose surveillance on people. It can record
+ people's calls, copy their messages, and secretly film them, using a
+ security vulnerability. There's also <a
+
href="https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf">
+ a technical analysis of this spyware</a> available in PDF
format.</p>
+
+ <p>A free operating system would've let people to fix the bugs for
+ themselves but now infected people will be compelled to wait for
corporations to
+ fix the problems.</p>
+
+ <p><small>Please note that the article
+ wrongly refers to crackers as “<a
+
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
+ </li>
+
+ <li id="M202008110">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>TikTok <a
+
href="https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html">
+ exploited an Android vulnerability</a> to obtain user MAC
+ addresses.</p>
+ </li>
+
+ <li id="M201907080">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many Android apps can track
+ users' movements even when the user says <a
+
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
+ not to allow them access to locations</a>.</p>
+
+ <p>This involves an apparently unintentional weakness in Android,
+ exploited intentionally by malicious apps.</p>
+ </li>
+
+ <li id="M201311120">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There are <a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p>
+ </li>
+</ul>
+
+
+<h3 id="interference">Interference</h3>
+
+<p>This section gives examples of Google software harassing or annoying
+the user, or causing trouble for the user. These actions are like
+sabotage but the word “sabotage” is too strong for them.</p>
+
+<ul class="blurbs">
+ <li id="M202106190">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/">Google
+ automatically installed an app on many proprietary Android
phones</a>. The app
+ might or might not do malicious things but the power Google has over
proprietary
+ Android phones is dangerous.</p>
+ </li>
+
+ <li id="M201901230">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google is modifying Chromium so that <a
+
href="https://tech.slashdot.org/story/19/01/23/0048202/google-proposes-changes-to-chromium-browser-that-will-break-content-blocking-extensions-including-various-ad-blockers">
+ extensions won't be able to alter or block whatever the page
+ contains</a>. Users could conceivably reverse the change in a fork
+ of Chromium, but surely Chrome (nonfree) will have the same change,
+ and users can't fix it there.</p>
+ </li>
+</ul>
+
+
+<h3 id="sabotage">Sabotage</h3>
+
+<p>The wrongs in this section are not precisely malware, since they do
+not involve making the program that runs in a way that hurts the user.
+But they are a lot like malware, since they are technical Google
+actions that harm the users of specific Google software.</p>
+
+<ul class="blurbs">
+ <li id="M202011060">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A new app published by Google <a
+
href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets
+ banks and creditors deactivate people's Android devices</a> if they
+ fail to make payments. If someone's device gets deactivated, it will
+ be limited to basic functionality, such as emergency calling and
+ access to settings.</p>
+ </li>
+
+ <li id="M201604050">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Revolv is a device that managed “smart home”
+ operations: switching lights, operate motion sensors, regulating
+ temperature, etc. Its proprietary software depends on a remote server
+ to do these tasks. On May 15th, 2016, Google/Alphabet <a
+
href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">intentionally
+ broke it by shutting down the server</a>.</p>
+
+ <p>If it were free software, users would have the ability to make it
+ work again, differently, and then have a freedom-respecting home
+ instead of a “smart” home. Don't let proprietary software
+ control your devices and turn them into $300 out-of-warranty
+ bricks. Insist on self-contained computers that run free
software!</p>
+ </li>
+
+ <li id="M201511244">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google has long had <a
+
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
+ back door to remotely unlock an Android device</a>, unless its disk
+ is encrypted (possible since Android 5.0 Lollipop, but still not
+ quite the default).</p>
+ </li>
+</ul>
+
+
+<h3 id="surveillance">Surveillance</h3>
+
+<ul class="blurbs">
+ <li <span class="inserted"><ins><em>id="M202109210">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google's proprietary Chrome web browser <a
+
href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/">
+ added a surveillance API (idle detection API)</a> which lets
+ websites ask Chrome to report when a user with a web page open is
+ idle.</p>
+ </li>
+
+ <li</em></ins></span> id="M202102160">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google <a
+
href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed
+ over personal data of Indian protesters and activists to Indian
+ police</a> which led to their arrest. The cops requested the IP
+ address and the location where a document was created and with that
+ information, they identified protesters and activists.</p>
+ </li>
+
+ <li id="M202008030">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Nest <a
+
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
+ is taking over ADT</a>. Google sent out a software
+ update to its speaker devices using their back door <a
+ href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
+ listens for things like smoke alarms</a> and then notifies your phone
+ that an alarm is happening. This means the devices now listen for more
+ than just their wake words. Google says the software update was sent
+ out prematurely and on accident and Google was planning on disclosing
+ this new feature and offering it to customers who pay for it.</p>
+ </li>
+
+ <li id="M202004301">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a
+
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
+ collecting user's personal and identifiable data</a> including how
long
+ a call lasts, who's participating in the call, and the IP addresses
+ of everyone taking part. From experience, this can even harm users
+ physically if those companies hand over data to governments.</p>
+ </li>
+
+ <li id="M202004131">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google, Apple, and Microsoft (and probably some other companies)
+ <a
href="https://www.lifewire.com/wifi-positioning-system-1683343">are
+ collecting people's access points and GPS coordinates (which can
+ identify people's precise location) even if their GPS is turned
+ off</a>, without the person's consent, using proprietary software
+ implemented in person's smartphone. Though merely asking for permission
+ would not necessarily legitimize this.</p>
+ </li>
+
+ <li id="M201907210">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google “Assistant” records users' conversations <a
+
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
+ when it is not supposed to listen</a>. Thus, when one of Google's
+ subcontractors discloses a thousand confidential voice recordings,
+ users were easily identified from these recordings.</p>
+
+ <p>Since Google “Assistant” uses proprietary software,
there is no
+ way to see or control what it records or sends.</p>
+
+ <p>Rather than trying to better control the use of recordings, Google
+ should not record or listen to the person's voice. It should only
+ get commands that the user wants to send to some Google service.</p>
+ </li>
+
+ <li id="M201906220">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome is an <a
+
href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
+ instrument of surveillance</a>. It lets thousands of trackers invade
+ users' computers and report the sites they visit to advertising and
+ data companies, first of all to Google. Moreover, if users have a
+ Gmail account, Chrome automatically logs them in to the browser for
+ more convenient profiling. On Android, Chrome also reports their
+ location to Google.</p>
+
+ <p>The best way to escape surveillance is to switch to <a
+ href="/software/icecat/">IceCat</a>, a modified version of Firefox
+ with several changes to protect users' privacy.</p>
+ </li>
+
+ <li id="M201904130">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google tracks the movements of Android phones and iPhones
+ running Google apps, and sometimes <a
+
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
+ saves the data for years</a>.</p>
+
+ <p>Nonfree software in the phone has to be responsible for sending
+ the location data to Google.</p>
+ </li>
+
+ <li id="M201902040">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google invites people to <a
+
href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
+ let Google monitor their phone use, and all internet use in their
+ homes, for an extravagant payment of $20</a>.</p>
+
+ <p>This is not a malicious functionality of a program with some other
+ purpose; this is the software's sole purpose, and Google says so. But
+ Google says it in a way that encourages most people to ignore the
+ details. That, we believe, makes it fitting to list here.</p>
+ </li>
+
+ <li id="M201811230">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>An Android phone was observed to track location even while
+ in airplane mode. It didn't send the location data while in
+ airplane mode. Instead, <a
+
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
+ it saved up the data, and sent them all later</a>.</p>
+ </li>
+
+ <li id="M201809121">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tiny Lab Productions, along with online ad businesses run
+ by Google, Twitter and three other companies are facing a lawsuit <a
+
href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for
+ violating people's privacy by collecting their data from mobile games
+ and handing over these data to other
companies/advertisers</a>.</p>
+ </li>
+
+ <li id="M201808131">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google
+ will track people even if people turn off location history</a>, using
+ Google Maps, weather updates, and browser searches. Google basically
+ uses any app activity to track people.</p>
+ </li>
+
+ <li id="M201808130">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Since the beginning of 2017, <a
+
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">Android
+ phones have been collecting the addresses of nearby cellular
+ towers</a>, even when location services are disabled, and sending
+ that data back to Google.</p>
+ </li>
+
+ <li id="M201808030">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some Google apps on Android <a
+
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
+ record the user's location even when users disable “location
+ tracking”</a>.</p>
+
+ <p>There are other ways to turn off the other kinds of location
+ tracking, but most users will be tricked by the misleading
control.</p>
+ </li>
+
+ <li id="M201711210">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Android tracks location for Google <a
+
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ even when “location services” are turned off, even when
+ the phone has no SIM card</a>.</p>
+ </li>
+
+ <li id="M201704131">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Low-priced Chromebooks for schools are <a
+ href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
+ collecting far more data on students than is necessary, and store
+ it indefinitely</a>. Parents and students complain about the lack
+ of transparency on the part of both the educational services and the
+ schools, the difficulty of opting out of these services, and the lack
+ of proper privacy policies, among other things.</p>
+
+ <p>But complaining is not sufficient. Parents, students and teachers
+ should realize that the software Google uses to spy on students is
+ nonfree, so they can't verify what it really does. The only remedy is
+ to persuade school officials to <a
href="/education/edu-schools.html">
+ exclusively use free software</a> for both education and school
+ administration. If the school is run locally, parents and teachers
+ can mandate their representatives at the School Board to refuse the
+ budget unless the school initiates a switch to free software. If
+ education is run nation-wide, they need to persuade legislators
+ (e.g., through free software organizations, political parties,
+ etc.) to migrate the public schools to free software.</p>
+ </li>
+
+ <li id="M201609210">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google's new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p>
+ </li>
+
+ <li id="M201609140">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Play (a component of Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking. This is
+ yet another example of nonfree software pretending to obey the user,
+ when it's actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p>
+ </li>
+
+ <li id="M201507280">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome makes it easy for an extension to do <a
+
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do
so.</p>
+ </li>
+
+ <li id="M201506180">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome includes a module that <a
+
href="https://www.privateinternetaccess.com/blog/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ activates microphones and transmits audio to its
servers</a>.</p>
+ </li>
+
+ <li id="M201407170">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="nest-thermometers">Nest thermometers send <a
+ href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
+ data about the user</a>.</p>
+ </li>
+
+ <li id="M201308040">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome <a
+ href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
+ spies on browser history, affiliations</a>, and other installed
+ software.</p>
+ </li>
+
+ <li id="M201308010">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware in Android phones (and Windows? laptops): The Wall Street
+ Journal (in an article blocked from us by a paywall) reports that <a
+
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android phones
+ and laptops</a> (presumably Windows laptops). Here is <a
+ href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li id="M201307280">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware is present in some Android devices when they are
+ sold. Some Motorola phones, made when this company was owned
+ by Google, use a modified version of Android that <a
+
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ sends personal data to Motorola</a>.</p>
+ </li>
+
+ <li id="M201307250">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A Motorola phone <a
+
href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
+ </li>
+
+ <li id="M201302150">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Play intentionally sends app developers <a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
+
+ <p>Merely asking the “consent” of users is not enough to
+ legitimize actions like this. At this point, most users have stopped
+ reading the “Terms and Conditions” that spell out what
+ they are “consenting” to. Google should clearly and
+ honestly identify the information it collects on users, instead of
+ hiding it in an obscurely worded EULA.</p>
+
+ <p>However, to truly protect people's privacy, we must prevent Google
+ and other companies from getting this personal information in the
+ first place!</p>
+ </li>
+
+ <li id="M201208210">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many web sites report all their visitors
+ to Google by using the Google Analytics service, which <a
+
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was
visited</a>.</p>
+ </li>
+
+ <li id="M200809060">
+ <!--#set var="DATE" value='<small
class="date-tag">2008-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome contains a key logger that <a
+
href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/">
+ sends Google every URL typed in</a>, one key at a time.</p>
+ </li>
+</ul>
+
+
+<h3 id="tyrants">Tyrants</h3>
+
+<p>Tyrants are systems that reject any operating system not
+“authorized” by the manufacturer.</p>
+
+<ul class="blurbs">
+ <li id="M201304080">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Motorola, then owned by Google, made <a
+
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
+ Android phones that are tyrants</a> (though someone found a way to
+ crack the restriction).</p>
+ </li>
+</ul>
+</div>
+
+</div>
+<!--#include virtual="/proprietary/proprietary-menu.html" -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer" role="contentinfo">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a
href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:web-translators@gnu.org">
+ <web-translators@gnu.org></a>.</p>
+
+ <p>For information on coordinating and contributing translations
of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and contributing translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2017-2021 Free Software Foundation, Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by/4.0/">Creative
+Commons Attribution 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2021/12/07 19:30:32 $
+<!-- timestamp end -->
+</p>
+</div>
+</div><!-- for class="inner", starts in the banner include -->
+</body>
+</html>
+</pre></body></html>
Index: po/proprietary-surveillance.pt-br-diff.html
===================================================================
RCS file: po/proprietary-surveillance.pt-br-diff.html
diff -N po/proprietary-surveillance.pt-br-diff.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ po/proprietary-surveillance.pt-br-diff.html 7 Dec 2021 19:30:34 -0000
1.1
@@ -0,0 +1,3584 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!-- Generated by GNUN -->
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>/proprietary/proprietary-surveillance.html-diff</title>
+<style type="text/css">
+span.removed { background-color: #f22; color: #000; }
+span.inserted { background-color: #2f2; color: #000; }
+</style></head>
+<body><pre>
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.96 -->
+<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
+<!--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Please do not edit <ul class="blurbs">!
+ Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
+ See explanations in /proprietary/workshop/README.md.
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-->
+<title>Proprietary Surveillance - GNU Project - Free Software
Foundation</title>
+<link rel="stylesheet" type="text/css" href="/side-menu.css"
media="screen,print" />
+<style type="text/css" media="screen,print"><!--
+.pict {
+ width: 18em;
+ margin: 2em auto;
+}
+.pict p {
+ font-size: .9em;
+}
+@media (min-width: 46em) {
+ .pict {
+ width: 18em;
+ float: right;
+ margin: .3em 0 1em 2em;
+ }
+}
+--></style>
+<!-- GNUN: localize URL /graphics/dog.small.jpg -->
+<!--#include virtual="/proprietary/po/proprietary-surveillance.translist"
-->
+<!--#include virtual="/server/banner.html" -->
+<div class="nav">
+<a id="side-menu-button" class="switch" href="#navlinks">
+ <img id="side-menu-icon" height="32"
+ src="/graphics/icons/side-menu.png"
+ title="Section contents"
+ alt=" [Section contents] " />
+</a>
+
+<p class="breadcrumb">
+ <a href="/"><img src="/graphics/icons/home.png" height="24"
+ alt="GNU Home" title="GNU Home" /></a> /
+ <a href="/proprietary/proprietary.html">Malware</a> /
+ By type /
+</p>
+</div>
+<!--GNUN: OUT-OF-DATE NOTICE-->
+<!--#include virtual="/server/top-addendum.html" -->
+<div style="clear: both"></div>
+<div id="last-div" class="reduced-width">
+<h2>Proprietary Surveillance</h2>
+
+<div class="infobox">
+<hr class="full-width" />
+<p>Nonfree (proprietary) software is very often malware (designed to
+mistreat the user). Nonfree software is controlled by its developers,
+which puts them in a position of power over the users; <a
+href="/philosophy/free-software-even-more-important.html">that is the
+basic injustice</a>. The developers and manufacturers often exercise
+that power to the detriment of the users they ought to serve.</p>
+
+<p>This typically takes the form of malicious functionalities.</p>
+<hr class="full-width" />
+</div>
+
+<div id="surveillance" class="pict">
+<a href="/graphics/dog.html">
+<img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the
three ads that popped up on his computer screen..." /></a>
+<p>“How did they find out I'm a dog?”</p>
+</div>
+
+<div class="article">
+<p>A common malicious functionality is to snoop on the user. This page
+records <strong>clearly established cases of proprietary software that
+spies on or tracks users</strong>. Manufacturers even refuse
+to <a
href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say
+whether they snoop on users for the state</a>.</p>
+
+<p>All appliances and applications that are tethered to a specific
+server are snoopers by nature. We do not list them here because they
+have their own page: <a
+href="/proprietary/proprietary-tethers.html#about-page">Proprietary
+ Tethers</a>.</p>
+
+<p>There is a similar site named <a
href="https://spyware.neocities.org">Spyware Watchdog</a> that
classifies spyware programs, so that users can be more aware that they are
installing spyware.</p>
+
+<div class="important" style="clear: both">
+<p>If you know of an example that ought to be in this page but isn't
+here, please write
+to <a
href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
+to inform us. Please include the URL of a trustworthy reference or two
+to serve as specific substantiation.</p>
+</div>
+
+<div id="TOC" class="toc-inline">
+ <h3 id="TableOfContents">Table of Contents</h3>
+ <h4><a href="#Introduction">Introduction</a></h4>
+ <h4><a href="#OSSpyware">Spyware in Laptops and
Desktops</a></h4>
+ <ul>
+ <li><a href="#SpywareInWindows">Windows</a></li>
+ <li><a href="#SpywareInMacOS">MacOS</a></li>
+ <li><a href="#SpywareInBIOS">BIOS</a></li>
+ </ul>
+ <h4><a href="#SpywareOnMobiles">Spyware on
Mobiles</a></h4>
+ <ul>
+ <li><a href="#SpywareInTelephones">All “Smart”
Phones</a></li>
+ <li><a href="#SpywareIniThings">iThings</a></li>
+ <li><a href="#SpywareInAndroid">Android
Telephones</a></li>
+ <li><a
href="#SpywareInElectronicReaders">E-Readers</a></li>
+ </ul>
+ <h4><a href="#SpywareInApplications">Spyware in
Applications</a></h4>
+ <ul>
+ <li><a href="#SpywareInDesktopApps">Desktop
Apps</a></li>
+ <li><a href="#SpywareInMobileApps">Mobile
Apps</a></li>
+ <li><a href="#SpywareInSkype">Skype</a></li>
+ <li><a href="#SpywareInGames">Games</a></li>
+ </ul>
+ <h4><a href="#SpywareInEquipment">Spyware in Connected
Equipment</a></h4>
+ <ul>
+ <li><a href="#SpywareInTVSets">TV Sets</a></li>
+ <li><a href="#SpywareInCameras">Cameras</a></li>
+ <li><a href="#SpywareInToys">Toys</a></li>
+ <li><a href="#SpywareInDrones">Drones</a></li>
+ <li><a href="#SpywareAtHome">Other
Appliances</a></li>
+ <li><a href="#SpywareOnWearables">Wearables</a>
+ <ul>
+ <li><a href="#SpywareOnSmartWatches">“Smart”
Watches</a></li>
+ </ul>
+ </li>
+ <li><a
href="#SpywareInVehicles">Vehicles</a></li>
+ <li><a href="#SpywareInVR">Virtual
Reality</a></li>
+ </ul>
+ <h4><a href="#SpywareOnTheWeb">Spyware on the
Web</a></h4>
+ <ul>
+ <li><a href="#SpywareInChrome">Chrome</a></li>
+ <li><a
href="#SpywareInJavaScript">JavaScript</a></li>
+ <li><a href="#SpywareInFlash">Flash</a></li>
+ </ul>
+ <h4><a href="#SpywareInNetworks">Spyware in
Networks</a></h4>
+</div>
+
+<div class="big-section">
+ <h3 id="Introduction">Introduction</h3>
+</div>
+<div style="clear: left;"></div>
+
+<p>For decades, the Free Software movement has been denouncing the
+abusive surveillance machine of
+<a href="/proprietary/proprietary.html">proprietary software</a>
+companies such as
+<a href="/proprietary/malware-microsoft.html">Microsoft</a>
+and
+<a href="/proprietary/malware-apple.html">Apple</a>.
+
+In the recent years, this tendency to watch people has spread across
+industries, not only in the software business, but also in the
+hardware. Moreover, it also spread dramatically away from the
+keyboard, in the mobile computing industry, in the office, at home, in
+transportation systems, and in the classroom.</p>
+
+<h4 id="AggregateInfoCollection">Aggregate or anonymized data</h4>
+
+<p>Many companies, in their privacy policy, have a clause that claims
+they share aggregate, non-personally identifiable information with
+third parties/partners. Such claims are worthless, for several
+reasons:</p>
+
+<ul>
+ <li>They could change the policy at any time.</li>
+ <li>They can twist the words by distributing an
“aggregate” of
+ “anonymized” data which can be reidentified and attributed
to
+ individuals.</li>
+ <li>The raw data they don't normally distribute can be taken by
+ data breaches.</li>
+ <li>The raw data they don't normally distribute can be taken by
+ subpoena.</li>
+</ul>
+
+<p>Therefore, we must not be distracted by companies' statements of
+what they will <em>do</em> with the data they collect. The wrong
is that
+they collect it at all.</p>
+
+<h4 id="LatestAdditions">Latest additions</h4>
+
+<p>Entries in each category are in reverse chronological order, based
+on the dates of publication of linked articles.
+The latest additions are listed on the <a
+href="/proprietary/proprietary.html#latest">main page</a> of the
+Malware section.</p>
+
+
+
+<div class="big-section">
+ <h3 id="OSSpyware">Spyware in Laptops and Desktops</h3>
+ <span class="anchor-reference-id">(<a
href="#OSSpyware">#OSSpyware</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInWindows">Windows</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInWindows">#SpywareInWindows</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201912160">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft is <a
+
href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
+ users to create an account on their network</a> to be able to install
+ and use the Windows operating system, which is malware. The account can
+ be used for surveillance and/or violating people's rights in many ways,
+ such as turning their purchased software to a subscription
product.</p>
+ </li>
+
+ <li id="M201712110">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>HP's proprietary operating system <a
+ href="http://www.bbc.com/news/technology-42309371">includes a
+ proprietary keyboard driver with a key logger in it</a>.</p>
+ </li>
+
+ <li id="M201710134">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Windows 10 telemetry program sends information to Microsoft about
+ the user's computer and their use of the computer.</p>
+
+ <p>Furthermore, for users who installed the
+ fourth stable build of Windows 10, called the
+ “Creators Update,” Windows maximized the surveillance <a
+
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
+ by force setting the telemetry mode to
“Full”</a>.</p>
+
+ <p>The <a
+
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
+ “Full” telemetry mode</a> allows Microsoft Windows
+ engineers to access, among other things, registry keys <a
+
href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)">
+ which can contain sensitive information like administrator's login
+ password</a>.</p>
+ </li>
+
+ <li id="M201702020">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>DRM-restricted files can be used to <a
+
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
+ identify people browsing through Tor</a>. The vulnerability exists
+ only if you use Windows.</p>
+ </li>
+
+ <li id="M201611240">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>By default, Windows 10 <a
+
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
+ debugging information to Microsoft, including core dumps</a>.
Microsoft
+ now distributes them to another company.</p>
+ </li>
+
+ <li id="M201608170.1">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In order to increase Windows 10's install base, Microsoft <a
class="not-a-duplicate"
+
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
+ blatantly disregards user choice and privacy</a>.</p>
+ </li>
+
+ <li id="M201603170">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
+ Windows 10 comes with 13 screens of snooping options</a>, all enabled
+ by default, and turning them off would be daunting to most users.</p>
+ </li>
+
+ <li id="M201601050">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>It appears <a
+
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
+ Windows 10 sends data to Microsoft about what applications are
+ running</a>.</p>
+ </li>
+
+ <li id="M201512280">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft has <a
+
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
+ backdoored its disk encryption</a>.</p>
+ </li>
+
+ <li id="M201511264">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A downgrade to Windows 10 deleted surveillance-detection
+ applications. Then another downgrade inserted a general spying
+ program. Users noticed this and complained, so Microsoft renamed it <a
+
href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
+ to give users the impression it was gone</a>.</p>
+
+ <p>To use proprietary software is to invite such treatment.</p>
+ </li>
+
+ <li id="M201508180">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
+ Intel devices will be able to listen for speech all the time, even
+ when “off.”</a></p>
+ </li>
+
+ <li id="M201508130">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
+ Windows 10 sends identifiable information to Microsoft</a>, even if
+ a user turns off its Bing search and Cortana features, and activates
+ the privacy-protection settings.</p>
+ </li>
+
+ <li id="M201507300">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Windows 10 <a
+
href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
+ ships with default settings that show no regard for the privacy of
+ its users</a>, giving Microsoft the “right” to snoop on
+ the users' files, text input, voice input, location info, contacts,
+ calendar records and web browsing history, as well as automatically
+ connecting the machines to open hotspots and showing targeted
ads.</p>
+
+ <p>We can suppose Microsoft looks at users' files for the US
government
+ on demand, though the “privacy policy” does not explicitly
+ say so. Will it look at users' files for the Chinese government
+ on demand?</p>
+ </li>
+
+ <li id="M201506170">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft uses Windows 10's “privacy policy”
+ to overtly impose a “right” to look at
+ users' files at any time. Windows 10 full disk encryption <a
+
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
+ gives Microsoft a key</a>.</p>
+
+ <p>Thus, Windows is overt malware in regard to surveillance, as in
+ other issues.</p>
+
+ <p>The unique “advertising ID” for each user enables
+ other companies to track the browsing of each specific user.</p>
+
+ <p>It's as if Microsoft has deliberately chosen to make Windows 10
+ maximally evil on every dimension; to make a grab for total power
+ over anyone that doesn't drop Windows now.</p>
+ </li>
+
+ <li id="M201410040">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>It only gets worse with time. <a
+
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
+ Windows 10 requires users to give permission for total snooping</a>,
+ including their files, their commands, their text input, and their
+ voice input.</p>
+ </li>
+
+ <li id="M201401150">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="baidu-ime"><a
+
href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
+ Baidu's Japanese-input and Chinese-input apps spy on
users</a>.</p>
+ </li>
+
+ <li id="M201307080">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware in older versions of Windows: <a
+
href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
+ Windows Update snoops on the user</a>. <a
+
href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
+ Windows 8.1 snoops on local searches</a>. And there's a <a
+ href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
+ key in Windows</a>, whose functions we don't know.</p>
+ </li>
+</ul>
+
+
+<p>Microsoft's snooping on users did not start with Windows 10.
+ There's a lot more <a href="/proprietary/malware-microsoft.html">
+ Microsoft malware</a>.</p>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInMacOS">MacOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202011120">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple has <a
+
href="https://sneak.berlin/20201112/your-computer-isnt-yours">implemented
+ a malware in its computers that imposes surveillance</a> on users
+ and reports users' computing to Apple.</p>
+
+ <p>The reports are even unencrypted and they've been leaking this
+ data for two years already. This malware is reporting to Apple what
+ user opens what program at what time. It also gives Apple
+ power to sabotage users' computing.</p>
+ </li>
+
+ <li id="M201809070">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Adware Doctor, an ad blocker for MacOS, <a
+
href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
+ the user's browsing history</a>.</p>
+ </li>
+
+ <li id="M201411040">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple has made various <a
+
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
+ MacOS programs send files to Apple servers without asking
+ permission</a>. This exposes the files to Big Brother and perhaps
+ to other snoops.</p>
+
+ <p>It also demonstrates how you can't trust proprietary software,
+ because even if today's version doesn't have a malicious functionality,
+ tomorrow's version might add it. The developer won't remove the
+ malfeature unless many users push back hard, and the users can't
+ remove it themselves.</p>
+ </li>
+
+ <li id="M201410300">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p> MacOS automatically <a
+
href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
+ sends to Apple servers unsaved documents being edited</a>. The
+ things you have not decided to save are <a
+
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
+ even more sensitive</a> than the things you have stored in
files.</p>
+ </li>
+
+ <li id="M201410220">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple admits the <a
+
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
+ spying in a search facility</a>, but there's a lot <a
+ href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping
+ that Apple has not talked about</a>.</p>
+ </li>
+
+ <li id="M201410200">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Various operations in <a
+
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
+ the latest MacOS send reports to Apple</a> servers.</p>
+ </li>
+
+ <li id="M201401100.1">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ Spotlight search</a> sends users' search terms to Apple.</p>
+ </li>
+</ul>
+
+
+<p>There's a lot more <a href="#SpywareIniThings">iThing
spyware</a>, and
+<a href="/proprietary/malware-apple.html">Apple
malware</a>.</p>
+
+
+<div class="big-subsection">
+ <span id="SpywareAtLowLevel"></span>
+ <h4 id="SpywareInBIOS">BIOS</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201509220">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
+ Lenovo stealthily installed crapware and spyware via
+ BIOS</a> on Windows installs. Note that the specific
+ sabotage method Lenovo used did not affect GNU/Linux; also, a
+ “clean” Windows install is not really clean since <a
+ href="/proprietary/malware-microsoft.html">Microsoft puts in its
+ own malware</a>.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInTelephones">All “Smart” Phones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li <span class="inserted"><ins><em>id="M202106250">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.elsalvador.com/eldiariodehoy/app-chivo-bitcoin-pone-en-riesgo-datos-personales-de-usuarios/852310/2021/">El
+ Salvador Dictatorship's Chivo wallet is spyware</a>, it's a
+ proprietary program that breaks users' freedom and spies on people;
+ demands personal data such as the national ID number and does face
+ recognition, and it is bad security for its data. It also asks for
+ almost every malware permission in people's smartphones.</p>
+
+ <p>The article criticizes it for faults in “data
+ protection”, though <a
+ href="/philosophy/surveillance-vs-democracy.html">“data
protection”
+ is the wrong approach to privacy anyway</a>.</p>
+ </li>
+
+ <li</em></ins></span> id="M202106170">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost
+ all proprietary health apps harvest users' data</a>, including
+ sensitive health information, tracking identifiers, and cookies to
+ track user activities. Some of these applications are tracking users
+ across different platforms.</p>
+ </li>
+
+ <li id="M202102200">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The proprietary program Clubhouse
+ is malware and a privacy disaster. Clubhouse <a
+
href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects
+ people's personal data such as recordings of people's
+ conversations</a>, and, as a secondary problem, does not encrypt
them,
+ which shows a bad security part of the issue.</p>
+
+ <p>A user's unique Clubhouse ID number and chatroom ID are
transmitted
+ in plaintext, and Agora (the company behind the app) would likely
+ have access to users' raw audio, potentially providing access to
+ the Chinese government.</p>
+
+ <p>Even with good security of data transmission, collecting personal
+ data of people is wrong and a violation of people's privacy
rights.</p>
+ </li>
+
+ <li id="M202101080">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>As of 2021, WhatsApp (one of Facebook's subsidiaries) is <a
+
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
+ its users to hand over sensitive personal data</a> to its parent
+ company. This increases Facebook's power over users, and further
+ jeopardizes people's privacy and security.</p>
+
+ <p>Instead of WhatsApp you can use <a
+ href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>, which is
+ free software and will not collect your data.</p>
+ </li>
+
+ <li id="M202006260">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Most apps are malware, but
+ Trump's campaign app, like Modi's campaign app, is <a
+
href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
+ especially nasty malware, helping companies snoop on users as well
+ as snooping on them itself</a>.</p>
+
+ <p>The article says that Biden's app has a less manipulative overall
+ approach, but that does not tell us whether it has functionalities we
+ consider malicious, such as sending data the user has not explicitly
+ asked to send.</p>
+ </li>
+
+ <li id="M201809121">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tiny Lab Productions, along with online ad businesses run
+ by Google, Twitter and three other companies are facing a lawsuit <a
+
href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for
+ violating people's privacy by collecting their data from mobile games
+ and handing over these data to other
companies/advertisers</a>.</p>
+ </li>
+
+ <li id="M201601110">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The natural extension of monitoring
+ people through “their” phones is <a
+
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
+ proprietary software to make sure they can't “fool”
+ the monitoring</a>.</p>
+ </li>
+
+ <li id="M201510050">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>According to Edward Snowden, <a
+ href="http://www.bbc.com/news/uk-34444233">agencies can take over
+ smartphones</a> by sending hidden text messages which enable
+ them to turn the phones on and off, listen to the microphone,
+ retrieve geo-location data from the GPS, take photographs, read
+ text messages, read call, location and web browsing history, and
+ read the contact list. This malware is designed to disguise itself
+ from investigation.</p>
+ </li>
+
+ <li id="M201311120">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones,
+ Android, and BlackBerry</a>. While there is not much
+ detail here, it seems that this does not operate via
+ the universal back door that we know nearly all portable
+ phones have. It may involve exploiting various bugs. There are <a
+
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p>
+ </li>
+
+ <li id="M201307000">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Portable phones with GPS <a
+
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+ will send their GPS location on remote command, and users cannot stop
+ them</a>. (The US says it will eventually require all new portable
phones
+ to have GPS.)</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareIniThings">iThings</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareIniThings">#SpywareIniThings</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202105240">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple
+ is moving its Chinese customers' iCloud data to a datacenter controlled
+ by the Chinese government</a>. Apple is already storing the
encryption
+ keys on these servers, obeying Chinese authority, making all Chinese
+ user data available to the government.</p>
+ </li>
+
+ <li id="M202009183">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook <a
+
href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
+ on Instagram</a> users by surreptitously turning on the device's
+ camera.</p>
+ </li>
+
+ <li id="M202004200">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple whistleblower Thomas Le Bonniec reports that Apple
+ made a practice of surreptitiously activating the Siri software to <a
+
href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
+ record users' conversations when they had not activated Siri</a>.
+ This was not just occasional, it was systematic practice.</p>
+
+ <p>His job was to listen to these recordings, in a group that made
+ transcripts of them. He does not believes that Apple has ceased this
+ practice.</p>
+
+ <p>The only reliable way to prevent this is, for the program that
+ controls access to the microphone to decide when the user has
+ “activated” any service, to be free software, and the
+ operating system under it free as well. This way, users could make
+ sure Apple can't listen to them.</p>
+ </li>
+
+ <li id="M201910131">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Safari occasionally <a
+
href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
+ sends browsing data from Apple devices in China to the Tencent Safe
+ Browsing service</a>, to check URLs that possibly correspond to
+ “fraudulent” websites. Since Tencent collaborates
+ with the Chinese government, its Safe Browsing black list most certainly
+ contains the websites of political opponents. By linking the requests
+ originating from single IP addresses, the government can identify
+ dissenters in China and Hong Kong, thus endangering their lives.</p>
+ </li>
+
+ <li id="M201905280">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In spite of Apple's supposed commitment to
+ privacy, iPhone apps contain trackers that are busy at night <a
+
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
+ sending users' personal information to third parties</a>.</p>
+
+ <p>The article mentions specific examples: Microsoft OneDrive,
+ Intuit's Mint, Nike, Spotify, The Washington Post, The Weather
+ Channel (owned by IBM), the crime-alert service Citizen, Yelp
+ and DoorDash. But it is likely that most nonfree apps contain
+ trackers. Some of these send personally identifying data such as phone
+ fingerprint, exact location, email address, phone number or even
+ delivery address (in the case of DoorDash). Once this information
+ is collected by the company, there is no telling what it will be
+ used for.</p>
+ </li>
+
+ <li id="M201711250">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The DMCA and the EU Copyright Directive make it <a
+ href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
+ illegal to study how iOS cr…apps spy on users</a>, because
+ this would require circumventing the iOS DRM.</p>
+ </li>
+
+ <li id="M201709210">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In the latest iThings system,
+ “turning off” WiFi and Bluetooth the obvious way <a
+
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
+ doesn't really turn them off</a>. A more advanced way really does
turn
+ them off—only until 5am. That's Apple for you—“We
+ know you want to be spied on”.</p>
+ </li>
+
+ <li id="M201702150">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple proposes <a
+
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
+ fingerprint-scanning touch screen</a>—which would mean no way
+ to use it without having your fingerprints taken. Users would have
+ no way to tell whether the phone is snooping on them.</p>
+ </li>
+
+ <li id="M201611170">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>iPhones <a
+
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
+ lots of personal data to Apple's servers</a>. Big Brother can get
+ them from there.</p>
+ </li>
+
+ <li id="M201609280">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The iMessage app on iThings <a
+
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
+ a server every phone number that the user types into it</a>; the
+ server records these numbers for at least 30 days.</p>
+ </li>
+
+ <li id="M201509240">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>iThings automatically upload to Apple's servers all the photos
+ and videos they make.</p>
+
+ <blockquote><p> iCloud Photo Library stores every photo and
video you
+ take, and keeps them up to date on all your devices. Any edits you
+ make are automatically updated everywhere. […]
</p></blockquote>
+
+ <p>(From <a
href="https://www.apple.com/icloud/photos/">Apple's iCloud
+ information</a> as accessed on 24 Sep 2015.) The iCloud feature is
+ <a href="https://support.apple.com/en-us/HT202033">activated by the
+ startup of iOS</a>. The term “cloud” means “please
+ don't ask where.”</p>
+
+ <p>There is a way to
+ <a href="https://support.apple.com/en-us/HT201104"> deactivate
+ iCloud</a>, but it's active by default so it still counts as a
+ surveillance functionality.</p>
+
+ <p>Unknown people apparently took advantage of this to <a
+
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
+ nude photos of many celebrities</a>. They needed to break Apple's
+ security to get at them, but NSA can access any of them through <a
+
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
+ </li>
+
+ <li id="M201409220">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apple can, and regularly does, <a
+
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
+ remotely extract some data from iPhones for the state</a>.</p>
+
+ <p>This may have improved with <a
+
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
+ iOS 8 security improvements</a>; but <a
+ href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
+ not as much as Apple claims</a>.</p>
+ </li>
+
+ <li id="M201407230">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
+ Several “features” of iOS seem to exist
+ for no possible purpose other than surveillance</a>. Here is the
<a
+
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
+ Technical presentation</a>.</p>
+ </li>
+
+ <li id="M201401100">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The <a class="not-a-duplicate"
+
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
+ iBeacon</a> lets stores determine exactly where the iThing is, and
+ get other info too.</p>
+ </li>
+
+ <li id="M201312300">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
+ Either Apple helps the NSA snoop on all the data in an iThing, or it
+ is totally incompetent</a>.</p>
+ </li>
+
+ <li id="M201308080">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The iThing also <a
+
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
+ tells Apple its geolocation</a> by default, though that can be
+ turned off.</p>
+ </li>
+
+ <li id="M201210170">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>There is also a feature for web sites to track users, which is
<a
+
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
+ enabled by default</a>. (That article talks about iOS 6, but it is
+ still true in iOS 7.)</p>
+ </li>
+
+ <li id="M201204280">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Users cannot make an Apple ID (<a
+
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
+ to install even gratis apps</a>) without giving a valid
+ email address and receiving the verification code Apple sends
+ to it.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInAndroid">Android Telephones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202012070">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Baidu apps were <a
+
href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
+ caught collecting sensitive personal data</a> that can be used for
+ lifetime tracking of users, and putting them in danger. More than 1.4
+ billion people worldwide are affected by these proprietary apps, and
+ users' privacy is jeopardized by this surveillance tool. Data collected
+ by Baidu may be handed over to the Chinese government, possibly
+ putting Chinese people in danger.</p>
+ </li>
+
+ <li id="M202010120">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Samsung is forcing its smartphone users in Hong Kong (and Macau)
<a
+
href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
+ use a public DNS in Mainland China</a>, using software update
released
+ in September 2020, which causes many unease and privacy concerns.</p>
+ </li>
+
+ <li id="M202004300">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Xiaomi phones <a
+
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
+ many actions the user takes</a>: starting an app, looking at a
folder,
+ visiting a website, listening to a song. They send device identifying
+ information too.</p>
+
+ <p>Other nonfree programs snoop too. For instance, Spotify and
+ other streaming dis-services make a dossier about each user, and <a
+ href="/malware/proprietary-surveillance.html#M201508210"> they make
+ users identify themselves to pay</a>. Out, out, damned
Spotify!</p>
+
+ <p>Forbes exonerates the same wrongs when the culprits are not
Chinese,
+ but we condemn this no matter who does it.</p>
+ </li>
+
+ <li id="M201812060">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook's app got “consent” to <a
+
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
+ upload call logs automatically from Android phones</a> while
disguising
+ what the “consent” was for.</p>
+ </li>
+
+ <li id="M201811230">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>An Android phone was observed to track location even while
+ in airplane mode. It didn't send the location data while in
+ airplane mode. Instead, <a
+
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
+ it saved up the data, and sent them all later</a>.</p>
+ </li>
+
+ <li id="M201711210">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Android tracks location for Google <a
+
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
+ even when “location services” are turned off, even when
+ the phone has no SIM card</a>.</p>
+ </li>
+
+ <li id="M201611150">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some portable phones <a
+
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
+ sold with spyware sending lots of data to China</a>.</p>
+ </li>
+
+ <li id="M201609140">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Play (a component of Android) <a
+
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
+ tracks the users' movements without their permission</a>.</p>
+
+ <p>Even if you disable Google Maps and location tracking, you must
+ disable Google Play itself to completely stop the tracking. This is
+ yet another example of nonfree software pretending to obey the user,
+ when it's actually doing something else. Such a thing would be almost
+ unthinkable with free software.</p>
+ </li>
+
+ <li id="M201507030">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Samsung phones come with <a
+
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
+ that users can't delete</a>, and they send so much data that their
+ transmission is a substantial expense for users. Said transmission,
+ not wanted or requested by the user, clearly must constitute spying
+ of some kind.</p>
+ </li>
+
+ <li id="M201403120">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access to any file on the
system.</p>
+ </li>
+
+ <li id="M201308010">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware in Android phones (and Windows? laptops): The Wall Street
+ Journal (in an article blocked from us by a paywall) reports that <a
+
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android phones
+ and laptops</a> (presumably Windows laptops). Here is <a
+ href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li id="M201307280">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware is present in some Android devices when they are
+ sold. Some Motorola phones, made when this company was owned
+ by Google, use a modified version of Android that <a
+
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ sends personal data to Motorola</a>.</p>
+ </li>
+
+ <li id="M201307250">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A Motorola phone <a
+
href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
+ listens for voice all the time</a>.</p>
+ </li>
+
+ <li id="M201302150">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Play intentionally sends app developers <a
+
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
+ the personal details of users that install the app</a>.</p>
+
+ <p>Merely asking the “consent” of users is not enough to
+ legitimize actions like this. At this point, most users have stopped
+ reading the “Terms and Conditions” that spell out what
+ they are “consenting” to. Google should clearly and
+ honestly identify the information it collects on users, instead of
+ hiding it in an obscurely worded EULA.</p>
+
+ <p>However, to truly protect people's privacy, we must prevent Google
+ and other companies from getting this personal information in the
+ first place!</p>
+ </li>
+
+ <li id="M201111170">
+ <!--#set var="DATE" value='<small
class="date-tag">2011-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some manufacturers add a <a
+
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier IQ</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInElectronicReaders">E-Readers</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201603080">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>E-books can contain JavaScript code, and <a
+
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
+ sometimes this code snoops on readers</a>.</p>
+ </li>
+
+ <li id="M201410080">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Adobe made “Digital Editions,”
+ the e-reader used by most US libraries, <a
+
href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
+ send lots of data to Adobe</a>. Adobe's “excuse”: it's
+ needed to check DRM!</p>
+ </li>
+
+ <li id="M201212030">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware in many e-readers—not only the Kindle: <a
+ href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
+ report even which page the user reads at what time</a>.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareInApplications">Spyware in Applications</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareInApplications">#SpywareInApplications</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<div class="big-subsection">
+ <h4 id="SpywareInDesktopApps">Desktop Apps</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202011260">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft's Office 365 suite enables employers <a
+
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
+ snoop on each employee</a>. After
+ a public outburst, Microsoft stated that <a
+
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
+ would remove this capability</a>. Let's hope so.</p>
+ </li>
+
+ <li id="M201912190">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some Avast and AVG extensions
+ for Firefox and Chrome were found to <a
+
href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
+ snoop on users' detailed browsing habits</a>. Mozilla and Google
+ removed the problematic extensions from their stores, but this shows
+ once more how unsafe nonfree software can be. Tools that are supposed
+ to protect a proprietary system are, instead, infecting it with
+ additional malware (the system itself being the original
malware).</p>
+ </li>
+
+ <li id="M201811020">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Foundry's graphics software <a
+
href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
+ reports information to identify who is running it</a>. The result is
+ often a legal threat demanding a lot of money.</p>
+
+ <p>The fact that this is used for repression of forbidden sharing
+ makes it even more vicious.</p>
+
+ <p>This illustrates that making unauthorized copies of nonfree
software
+ is not a cure for the injustice of nonfree software. It may avoid
+ paying for the nasty thing, but cannot make it less nasty.</p>
+ </li>
+</ul>
+
+<div class="big-subsection">
+ <h4 id="SpywareInMobileApps">Mobile Apps</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li <span class="inserted"><ins><em>id="M202111090">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A building in LA, with a supermarket in it, <a
+
href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands
+ customers load a particular app to pay for parking in the parking
+ lot</a>, and accept pervasive surveillance. They also have the
+ option of entering their license plate numbers in a kiosk. That is
+ an injustice, too.</p>
+ </li>
+
+ <li</em></ins></span> id="M202106030">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok
+ apps collect biometric identifiers and biometric information from
+ users' smartphones</a>. The company behind it does whatever it wants
+ and collects whatever data it can.</p>
+ </li>
+
+ <li id="M202104060">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The <a
+
href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire
+ app saves people's wedding photos forever and hands over data
+ to others</a>, giving users no control over their personal
+ information/data. The app also sometimes shows old photos and
+ memories to users, without giving them any control over this
+ either.</p>
+ </li>
+
+ <li id="M202102010">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many cr…apps, developed by various
+ companies for various organizations, do <a
+
href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
+ location tracking unknown to those companies and those
+ organizations</a>. It's actually some widely used libraries that do
+ the tracking.</p>
+
+ <p>What's unusual here is that proprietary software developer A
tricks
+ proprietary software developers B1 … B50 into making platforms for
+ A to mistreat the end user.</p>
+ </li>
+
+ <li id="M202003260">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Apple iOS version of Zoom <a
+
href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
+ sending users' data to Facebook</a> even if the user doesn't have
+ a Facebook account. According to the article, Zoom and Facebook
+ don't even mention this surveillance on their privacy policy page,
+ making this an obvious violation of people's privacy even in their
+ own terms.</p>
+ </li>
+
+ <li id="M202003010">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Alipay Health Code app
+ estimates whether the user has Covid-19 and <a
+
href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
+ tells the cops directly</a>.</p>
+ </li>
+
+ <li id="M202001290">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Amazon Ring app does <a
+
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
+ surveillance for other companies as well as for Amazon</a>.</p>
+ </li>
+
+ <li id="M201912220">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The ToToc messaging app seems to be a <a
+
href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
+ spying tool for the government of the United Arab Emirates</a>.
+ Any nonfree program could be doing this, and that is a good
+ reason to use free software instead.</p>
+
+ <p><small>Note: this article uses the word “free”
in
+ the sense of “gratis.”</small></p>
+ </li>
+
+ <li id="M201912090">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>iMonsters and Android phones,
+ when used for work, give employers powerful <a
+
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
+ snooping and sabotage capabilities</a> if they install their own
+ software on the device. Many employers demand to do this. For the
+ employee, this is simply nonfree software, as fundamentally unjust
+ and as dangerous as any other nonfree software.</p>
+ </li>
+
+ <li id="M201910130">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Chinese Communist Party's “Study
+ the Great Nation” app requires users to grant it <a
+
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
+ access to the phone's microphone, photos, text messages, contacts, and
+ internet history</a>, and the Android version was found to contain a
+ back-door allowing developers to run any code they wish in the users'
+ phone, as “superusers.” Downloading and using this
+ app is mandatory at some workplaces.</p>
+
+ <p>Note: The <a
+
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
+ Washington Post version of the article</a> (partly obfuscated, but
+ readable after copy-pasting in a text editor) includes a clarification
+ saying that the tests were only performed on the Android version
+ of the app, and that, according to Apple, “this kind of
+ ‘superuser’ surveillance could not be conducted on
+ Apple's operating system.”</p>
+ </li>
+
+ <li id="M201909091">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Facebook app <a
+
href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
+ tracks users even when it is turned off</a>, after tricking them
+ into giving the app broad permissions in order to use one of its
+ functionalities.</p>
+ </li>
+
+ <li id="M201909090">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some nonfree period-tracking apps including MIA Fem and Maya <a
+
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
+ send intimate details of users' lives to Facebook</a>.</p>
+ </li>
+
+ <li id="M201909060">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Keeping track of who downloads a proprietary
+ program is a form of surveillance. There is a
+ proprietary program for adjusting a certain telescopic rifle sight. <a
+
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
+ A US prosecutor has demanded the list of all the 10,000 or more people
+ who have installed it</a>.</p>
+
+ <p>With a free program there would not be a list of who has installed
+ it.</p>
+ </li>
+
+ <li id="M201907081">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many unscrupulous mobile-app developers keep finding ways to <a
+
href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
+ bypass user's settings</a>, regulations, and privacy-enhancing
features
+ of the operating system, in order to gather as much private data as
+ they possibly can.</p>
+
+ <p>Thus, we can't trust rules against spying. What we can trust is
+ having control over the software we run.</p>
+ </li>
+
+ <li id="M201907080">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many Android apps can track
+ users' movements even when the user says <a
+
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
+ not to allow them access to locations</a>.</p>
+
+ <p>This involves an apparently unintentional weakness in Android,
+ exploited intentionally by malicious apps.</p>
+ </li>
+
+ <li id="M201905300">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Femm “fertility” app is secretly a <a
+
href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
+ tool for propaganda</a> by natalist Christians. It spreads distrust
+ for contraception.</p>
+
+ <p>It snoops on users, too, as you must expect from nonfree
+ programs.</p>
+ </li>
+
+ <li id="M201905060">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>BlizzCon 2019 imposed a <a
+
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
+ requirement to run a proprietary phone app</a> to be allowed into
+ the event.</p>
+
+ <p>This app is a spyware that can snoop on a lot of
+ sensitive data, including user's location and contact list, and has <a
+
href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
+ near-complete control</a> over the phone.</p>
+ </li>
+
+ <li id="M201904131">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Data collected by menstrual and pregnancy monitoring apps is
often <a
+
href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
+ available to employers and insurance companies</a>. Even though the
+ data is “anonymized and aggregated,” it can easily be
+ traced back to the woman who uses the app.</p>
+
+ <p>This has harmful implications for women's rights to equal
employment
+ and freedom to make their own pregnancy choices. Don't use
+ these apps, even if someone offers you a reward to do so. A
+ free-software app that does more or less the same thing without
+ spying on you is available from <a
+ href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
+
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
+ a new one is being developed</a>.</p>
+ </li>
+
+ <li id="M201904130">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google tracks the movements of Android phones and iPhones
+ running Google apps, and sometimes <a
+
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
+ saves the data for years</a>.</p>
+
+ <p>Nonfree software in the phone has to be responsible for sending
+ the location data to Google.</p>
+ </li>
+
+ <li id="M201903251">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many Android phones come with a huge number of <a
+ <span
class="removed"><del><strong>href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html"></em></ins></span>
+ preinstalled nonfree apps that have access to sensitive data without
+ users' knowledge</a>. These hidden apps may either call home with
+ the data, or pass it on to user-installed apps that have access to
+ the network but no direct access to the data. This results in massive
+ surveillance on which the user has absolutely no control.</p>
+ </li>
+
+ <li id="M201903201">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A study of 24 “health” apps found that 19 of them
<a
+
href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
+ send sensitive personal data to third parties</a>, which can use it
+ for invasive advertising or discriminating against people in poor
+ medical condition.</p>
+
+ <p>Whenever user “consent” is sought, it is buried in
+ lengthy terms of service that are difficult to understand. In any case,
+ “consent” is not sufficient to legitimize snooping.</p>
+ </li>
+
+ <li id="M201902230">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook offered a convenient proprietary
+ library for building mobile apps, which also <a
+ href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
+ sent personal data to Facebook</a>. Lots of companies built apps that
+ way and released them, apparently not realizing that all the personal
+ data they collected would go to Facebook as well.</p>
+
+ <p>It shows that no one can trust a nonfree program, not even the
+ developers of other nonfree programs.</p>
+ </li>
+
+ <li id="M201902140">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The AppCensus database gives information on <a
+ href="https://www.appcensus.mobi"> how Android apps use and
+ misuse users' personal data</a>. As of March 2019, nearly
+ 78,000 have been analyzed, of which 24,000 (31%) transmit the <a
+ href="/proprietary/proprietary-surveillance.html#M201812290">
+ Advertising ID</a> to other companies, and <a
+ href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
+ 18,000 (23% of the total) link this ID to hardware identifiers</a>,
+ so that users cannot escape tracking by resetting it.</p>
+
+ <p>Collecting hardware identifiers is in apparent violation of
+ Google's policies. But it seems that Google wasn't aware of it,
+ and, once informed, was in no hurry to take action. This proves
+ that the policies of a development platform are ineffective at
+ preventing nonfree software developers from including malware in
+ their programs.</p>
+ </li>
+
+ <li id="M201902060">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many nonfree apps have a surveillance feature for <a
+
href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
+ recording all the users' actions</a> in interacting with the
app.</p>
+ </li>
+
+ <li id="M201902041.1">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Twenty nine “beauty camera” apps that used to
+ be on Google Play had one or more malicious functionalities, such as <a
+
href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
+ stealing users' photos</a> instead of “beautifying” them,
+ pushing unwanted and often malicious ads on users, and redirecting
+ them to phishing sites that stole their credentials. Furthermore,
+ the user interface of most of them was designed to make uninstallation
+ difficult.</p>
+
+ <p>Users should of course uninstall these dangerous apps if they
+ haven't yet, but they should also stay away from nonfree apps in
+ general. <em>All</em> nonfree apps carry a potential risk
because
+ there is no easy way of knowing what they really do.</p>
+ </li>
+
+ <li id="M201902010">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>An investigation of the 150 most popular
+ gratis VPN apps in Google Play found that <a
+ href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
+ 25% fail to protect their users' privacy</a> due to DNS leaks. In
+ addition, 85% feature intrusive permissions or functions in their
+ source code—often used for invasive advertising—that could
+ potentially also be used to spy on users. Other technical flaws were
+ found as well.</p>
+
+ <p>Moreover, a previous investigation had found that <a
+ href="https://www.top10vpn.com/free-vpn-app-investigation/">half of
+ the top 10 gratis VPN apps have lousy privacy policies</a>.</p>
+
+ <p><small>(It is unfortunate that these articles talk about
“free
+ apps.” These apps are gratis, but they are <em>not</em>
<a
+ href="/philosophy/free-sw.html">free
software</a>.)</small></p>
+ </li>
+
+ <li id="M201901050">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Weather Channel app <a
+
href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
+ stored users' locations to the company's server</a>. The company is
+ being sued, demanding that it notify the users of what it will do
+ with the data.</p>
+
+ <p>We think that lawsuit is about a side issue. What the company does
+ with the data is a secondary issue. The principal wrong here is that
+ the company gets that data at all.</p>
+
+ <p><a
+
href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
+ Other weather apps</a>, including Accuweather and WeatherBug, are
+ tracking people's locations.</p>
+ </li>
+
+ <li id="M201812290">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Around 40% of gratis Android apps <a
+
href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
+ report on the user's actions to Facebook</a>.</p>
+
+ <p>Often they send the machine's “advertising ID,” so
that
+ Facebook can correlate the data it obtains from the same machine via
+ various apps. Some of them send Facebook detailed information about
+ the user's activities in the app; others only say that the user is
+ using that app, but that alone is often quite informative.</p>
+
+ <p>This spying occurs regardless of whether the user has a Facebook
+ account.</p>
+ </li>
+
+ <li id="M201810244">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some Android apps <a
+
href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
+ track the phones of users that have deleted them</a>.</p>
+ </li>
+
+ <li id="M201808030">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some Google apps on Android <a
+
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
+ record the user's location even when users disable “location
+ tracking”</a>.</p>
+
+ <p>There are other ways to turn off the other kinds of location
+ tracking, but most users will be tricked by the misleading
control.</p>
+ </li>
+
+ <li id="M201806110">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Spanish football streaming app <a
+
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
+ the user's movements and listens through the
microphone</a>.</p>
+
+ <p>This makes them act as spies for licensing enforcement.</p>
+
+ <p>We expect it implements DRM, too—that there is no way to
save
+ a recording. But we can't be sure from the article.</p>
+
+ <p>If you learn to care much less about sports, you will benefit in
+ many ways. This is one more.</p>
+ </li>
+
+ <li id="M201804160">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>More than <a
+
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
+ of the 5,855 Android apps studied by researchers were found to snoop
+ and collect information about its users</a>. 40% of the apps were
+ found to insecurely snitch on its users. Furthermore, they could
+ detect only some methods of snooping, in these proprietary apps whose
+ source code they cannot look at. The other apps might be snooping
+ in other ways.</p>
+
+ <p>This is evidence that proprietary apps generally work against
+ their users. To protect their privacy and freedom, Android users
+ need to get rid of the proprietary software—both proprietary
+ Android by <a href="https://replicant.us">switching to
Replicant</a>,
+ and the proprietary apps by getting apps from the free software
+ only <a href="https://f-droid.org/">F-Droid store</a> that
<a
+ href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
+ the user if an app contains anti-features</a>.</p>
+ </li>
+
+ <li id="M201804020">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Grindr collects information about <a
+
href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
+ which users are HIV-positive, then provides the information to
+ companies</a>.</p>
+
+ <p>Grindr should not have so much information about its users.
+ It could be designed so that users communicate such info to each
+ other but not to the server's database.</p>
+ </li>
+
+ <li id="M201803050">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The moviepass app and dis-service
+ spy on users even more than users expected. It <a
+
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
+ where they travel before and after going to a movie</a>.</p>
+
+ <p>Don't be tracked—pay cash!</p>
+ </li>
+
+ <li <span class="inserted"><ins><em>id="M201802280">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spotify app <a
+
href="https://www.sec.gov/Archives/edgar/data/1639920/000119312518063434/d494294df1.htm">harvests
+ users' data to personally identify and know people</a> through music,
+ their mood, mindset, activities, and tastes. There are over 150
+ billion events logged daily on the program which contains users'
+ data and personal information.</p>
+ </li>
+
+ <li</em></ins></span> id="M201711240">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tracking software in popular Android apps
+ is pervasive and sometimes very clever. Some trackers can <a
+
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
+ follow a user's movements around a physical store by noticing WiFi
+ networks</a>.</p>
+ </li>
+
+ <li id="M201708270">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Sarahah app <a
+
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
+ uploads all phone numbers and email addresses</a> in user's address
+ book to developer's server.</p>
+
+ <p><small>(Note that this article misuses the words
+ “<a href="/philosophy/free-sw.html">free
software</a>”
+ referring to zero price.)</small></p>
+ </li>
+
+ <li id="M201707270">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>20 dishonest Android apps recorded <a
+
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
+ calls and sent them and text messages and emails to
snoopers</a>.</p>
+
+ <p>Google did not intend to make these apps spy; on the contrary, it
+ worked in various ways to prevent that, and deleted these apps after
+ discovering what they did. So we cannot blame Google specifically
+ for the snooping of these apps.</p>
+
+ <p>On the other hand, Google redistributes nonfree Android apps, and
+ therefore shares in the responsibility for the injustice of their being
+ nonfree. It also distributes its own nonfree apps, such as Google Play,
+ <a href="/philosophy/free-software-even-more-important.html">which
+ are malicious</a>.</p>
+
+ <p>Could Google have done a better job of preventing apps from
+ cheating? There is no systematic way for Google, or Android users,
+ to inspect executable proprietary apps to see what they do.</p>
+
+ <p>Google could demand the source code for these apps, and study
+ the source code somehow to determine whether they mistreat users in
+ various ways. If it did a good job of this, it could more or less
+ prevent such snooping, except when the app developers are clever
+ enough to outsmart the checking.</p>
+
+ <p>But since Google itself develops malicious apps, we cannot trust
+ Google to protect us. We must demand release of source code to the
+ public, so we can depend on each other.</p>
+ </li>
+
+ <li id="M201705230">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apps for BART <a
+
href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">
+ snoop on users</a>.</p>
+
+ <p>With free software apps, users could <em>make
sure</em> that they
+ don't snoop.</p>
+
+ <p>With proprietary apps, one can only hope that they
don't.</p>
+ </li>
+
+ <li id="M201705040">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A study found 234 Android apps that track users by <a
+
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
+ to ultrasound from beacons placed in stores or played by TV
+ programs</a>.</p>
+ </li>
+
+ <li id="M201704260">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Faceapp appears to do lots of surveillance, judging by <a
+
href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
+ how much access it demands to personal data in the
device</a>.</p>
+ </li>
+
+ <li id="M201704190">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Users are suing Bose for <a
+
href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
+ distributing a spyware app for its headphones</a>. Specifically,
+ the app would record the names of the audio files users listen to
+ along with the headphone's unique serial number.</p>
+
+ <p>The suit accuses that this was done without the users' consent.
+ If the fine print of the app said that users gave consent for this,
+ would that make it acceptable? No way! It should be flat out <a
+ href="/philosophy/surveillance-vs-democracy.html"> illegal to design
+ the app to snoop at all</a>.</p>
+ </li>
+
+ <li id="M201704074">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Pairs of Android apps can collude
+ to transmit users' personal data to servers. <a
+
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
+ study found tens of thousands of pairs that collude</a>.</p>
+ </li>
+
+ <li id="M201703300">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Verizon <a
+
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
+ announced an opt-in proprietary search app that it will</a>
pre-install
+ on some of its phones. The app will give Verizon the same information
+ about the users' searches that Google normally gets when they use
+ its search engine.</p>
+
+ <p>Currently, the app is <a
+
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
+ being pre-installed on only one phone</a>, and the user must
+ explicitly opt-in before the app takes effect. However, the app
+ remains spyware—an “optional” piece of spyware is
+ still spyware.</p>
+ </li>
+
+ <li id="M201701210">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Meitu photo-editing app <a
+
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+ user data to a Chinese company</a>.</p>
+ </li>
+
+ <li id="M201611280">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Uber app tracks <a
+
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
+ movements before and after the ride</a>.</p>
+
+ <p>This example illustrates how “getting the user's
+ consent” for surveillance is inadequate as a protection against
+ massive surveillance.</p>
+ </li>
+
+ <li id="M201611160">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A <a
+
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
+ research paper</a> that investigated the privacy and security of
+ 283 Android VPN apps concluded that “in spite of the promises
+ for privacy, security, and anonymity given by the majority of VPN
+ apps—millions of users may be unawarely subject to poor security
+ guarantees and abusive practices inflicted by VPN apps.”</p>
+
+ <p>Following is a non-exhaustive list, taken from the research paper,
+ of some proprietary VPN apps that track users and infringe their
+ privacy:</p>
+
+ <dl class="compact">
+ <dt>SurfEasy</dt>
+ <dd>Includes tracking libraries such as NativeX and Appflood,
+ meant to track users and show them targeted ads.</dd>
+
+ <dt>sFly Network Booster</dt>
+ <dd>Requests the <code>READ_SMS</code> and
<code>SEND_SMS</code>
+ permissions upon installation, meaning it has full access to users'
+ text messages.</dd>
+
+ <dt>DroidVPN and TigerVPN</dt>
+ <dd>Requests the <code>READ_LOGS</code> permission to
read logs
+ for other apps and also core system logs. TigerVPN developers have
+ confirmed this.</dd>
+
+ <dt>HideMyAss</dt>
+ <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
+ may turn them over to the UK government if requested.</dd>
+
+ <dt>VPN Services HotspotShield</dt>
+ <dd>Injects JavaScript code into the HTML pages returned to the
+ users. The stated purpose of the JS injection is to display ads. Uses
+ roughly five tracking libraries. Also, it redirects the user's
+ traffic through valueclick.com (an advertising website).</dd>
+
+ <dt>WiFi Protector VPN</dt>
+ <dd>Injects JavaScript code into HTML pages, and also uses roughly
+ five tracking libraries. Developers of this app have confirmed that
+ the non-premium version of the app does JavaScript injection for
+ tracking the user and displaying ads.</dd>
+ </dl>
+ </li>
+
+ <li id="M201609210">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google's new voice messaging app <a
+
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
+ all conversations</a>.</p>
+ </li>
+
+ <li id="M201606050">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook's new Magic Photo app <a
+
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
+ scans your mobile phone's photo collections for known faces</a>,
+ and suggests you circulate the picture you take according to who is
+ in the frame.</p>
+
+ <p>This spyware feature seems to require online access to some
+ known-faces database, which means the pictures are likely to be
+ sent across the wire to Facebook's servers and face-recognition
+ algorithms.</p>
+
+ <p>If so, none of Facebook users' pictures are private anymore,
+ even if the user didn't “upload” them to the service.</p>
+ </li>
+
+ <li id="M201605310">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Facebook's app listens all the time, <a
+
href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-listen-what-they-re-saying-claims-professor-a7057526.html">to
+ snoop on what people are listening to or watching</a>. In addition,
+ it may be analyzing people's conversations to serve them with targeted
+ advertisements.</p>
+ </li>
+
+ <li id="M201604250">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A pregnancy test controller application not only can <a
+
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
+ spy on many sorts of data in the phone, and in server accounts,
+ it can alter them too</a>.</p>
+ </li>
+
+ <li id="M201601130">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Apps that include <a
+
href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio and TV programs
+ are playing nearby</a>. Also on what users post on various sites
+ such as Facebook, Google+ and Twitter.</p>
+ </li>
+
+ <li id="M201511190">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>“Cryptic communication,”
+ unrelated to the app's functionality, was <a
+
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android apps</a>.</p>
+
+ <p>The article should not have described these apps as
+ “free”—they are not free software. The clear way
+ to say “zero price” is “gratis.”</p>
+
+ <p>The article takes for granted that the usual analytics tools are
+ legitimate, but is that valid? Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools
+ that snoop are just as wrong as any other snooping.</p>
+ </li>
+
+ <li id="M201510300">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>More than 73% and 47% of mobile applications, for Android and iOS
+ respectively <a href="https://techscience.org/a/2015103001/">hand
over
+ personal, behavioral and location information</a> of their users to
+ third parties.</p>
+ </li>
+
+ <li id="M201508210">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Like most “music screaming” disservices, Spotify is
+ based on proprietary malware (DRM and snooping). In August 2015 it <a
+
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
+ demanded users submit to increased snooping</a>, and some are
starting
+ to realize that it is nasty.</p>
+
+ <p>This article shows the <a
+
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
+ twisted ways that they present snooping as a way to “serve”
+ users better</a>—never mind whether they want that. This is a
+ typical example of the attitude of the proprietary software industry
+ towards those they have subjugated.</p>
+
+ <p>Out, out, damned Spotify!</p>
+ </li>
+
+ <li id="M201506264">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf">
+ A study in 2015</a> found that 90% of the top-ranked gratis
proprietary
+ Android apps contained recognizable tracking libraries. For the paid
+ proprietary apps, it was only 60%.</p>
+
+ <p>The article confusingly describes gratis apps as
+ “free”, but most of them are not in fact <a
+ href="/philosophy/free-sw.html">free software</a>. It also uses
the
+ ugly word “monetize”. A good replacement for that word
+ is “exploit”; nearly always that will fit perfectly.</p>
+ </li>
+
+ <li id="M201505060">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Gratis Android apps (but not <a
+ href="/philosophy/free-sw.html">free software</a>) connect to 100
<a
+
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
+ and advertising</a> URLs, on the average.</p>
+ </li>
+
+ <li id="M201504060">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Widely used <a
+
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on the user</a>. This is in addition to
+ the snooping done by the phone company, and perhaps by the OS in
+ the phone.</p>
+
+ <p>Don't be distracted by the question of whether the app developers
+ get users to say “I agree”. That is no excuse for
+ malware.</p>
+ </li>
+
+ <li id="M201411260">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many proprietary apps for mobile devices
+ report which other apps the user has installed. <a
+ href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way that at least is visible and optional</a>. Not
+ as bad as what the others do.</p>
+ </li>
+
+ <li id="M201401150.1">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Simeji keyboard is a smartphone version of Baidu's <a
+ href="/proprietary/proprietary-surveillance.html#baidu-ime">spying
<abbr
+ title="Input Method Editor">IME</abbr></a>.</p>
+ </li>
+
+ <li id="M201312270">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The nonfree Snapchat app's principal purpose is to restrict the
+ use of data on the user's computer, but it does surveillance too: <a
+
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
+ it tries to get the user's list of other people's phone
+ numbers</a>.</p>
+ </li>
+
+ <li id="M201312060">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Brightest Flashlight app <a
+
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
+ sends user data, including geolocation, for use by
companies</a>.</p>
+
+ <p>The FTC criticized this app because it asked the user to
+ approve sending personal data to the app developer but did not ask
+ about sending it to other companies. This shows the weakness of
+ the reject-it-if-you-dislike-snooping “solution” to
+ surveillance: why should a flashlight app send any information to
+ anyone? A free software flashlight app would not.</p>
+ </li>
+
+ <li id="M201212100">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>FTC says most mobile apps for children don't respect privacy:
<a
+
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
+
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInSkype">Skype</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInSkype">#SpywareInSkype</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201908151">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Skype refuses to say whether it can <a
+
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
+ on calls</a>.</p>
+
+ <p>That almost certainly means it can do so.</p>
+ </li>
+
+ <li id="M201307110">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Skype contains <a
+
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
+ Microsoft changed Skype <a
+
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
+ specifically for spying</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInGames">Games</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInGames">#SpywareInGames</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202010221">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft is imposing its
+ surveillance on the game of Minecraft by <a
+
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
+ every player to open an account on Microsoft's network</a>. Microsoft
+ has bought the game and will merge all accounts into its network,
+ which will give them access to people's data.</p>
+
+ <p>Minecraft players <a
+ href="https://directory.fsf.org/wiki/Minetest">can play
Minetest</a>
+ instead. The essential advantage of Minetest is that it is free
+ software, meaning it respects the user's computer freedom. As a bonus,
+ it offers more options.</p>
+ </li>
+
+ <li id="M201908210">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft recorded users of Xboxes and had <a
+
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
+ human workers listen to the recordings</a>.</p>
+
+ <p>Morally, we see no difference between having human workers listen
and
+ having speech-recognition systems listen. Both intrude on
privacy.</p>
+ </li>
+
+ <li id="M201806240">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Red Shell is a spyware that
+ is found in many proprietary games. It <a
+
href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
+ tracks data on users' computers and sends it to third
parties</a>.</p>
+ </li>
+
+ <li id="M201804144">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>ArenaNet surreptitiously installed a spyware
+ program along with an update to the massive
+ multiplayer game Guild Wars 2. The spyware allowed ArenaNet <a
+
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
+ to snoop on all open processes running on its user's
computer</a>.</p>
+ </li>
+
+ <li id="M201711070">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The driver for a certain gaming keyboard <a
+
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
+ information to China</a>.</p>
+ </li>
+
+ <li id="M201512290">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many <a
+
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
+ video game consoles snoop on their users and report to the
+ internet</a>—even what their users weigh.</p>
+
+ <p>A game console is a computer, and you can't trust a computer with
+ a nonfree operating system.</p>
+ </li>
+
+ <li id="M201509160">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Modern gratis game cr…apps <a
+
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
+ collect a wide range of data about their users and their users'
+ friends and associates</a>.</p>
+
+ <p>Even nastier, they do it through ad networks that merge the data
+ collected by various cr…apps and sites made by different
+ companies.</p>
+
+ <p>They use this data to manipulate people to buy things, and hunt
for
+ “whales” who can be led to spend a lot of money. They also
+ use a back door to manipulate the game play for specific players.</p>
+
+ <p>While the article describes gratis games, games that cost money
+ can use the same tactics.</p>
+ </li>
+
+ <li id="M201401280">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Angry Birds <a
+
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
+ spies for companies, and the NSA takes advantage
+ to spy through it too</a>. Here's information on <a
+
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
+ more spyware apps</a>.</p>
+
+ <p><a
+
href="https://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
+ More about NSA app spying</a>.</p>
+ </li>
+
+ <li id="M200510200">
+ <!--#set var="DATE" value='<small
class="date-tag">2005-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Blizzard Warden is a hidden
+ “cheating-prevention” program that <a
+ href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
+ spies on every process running on a gamer's computer and sniffs a
+ good deal of personal data</a>, including lots of activities which
+ have nothing to do with cheating.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul class="blurbs">
+ <li id="M202101050">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Most Internet connected devices in Mozilla's <a
+
href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
+ Not Included”</a> list <a
+
href="https://foundation.mozilla.org/privacynotincluded/arlo-video-doorbell">are
+ designed to snoop on users</a> even if they meet
+ Mozilla's “Minimum Security Standards.” Insecure
+ design of the program running on some of these devices <a
+
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
+ the user susceptible to be snooped and exploited by crackers as
+ well</a>.</p>
+ </li>
+
+ <li id="M201708280">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The bad security in many Internet of Stings devices allows <a
+
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
+ to snoop on the people that use them</a>.</p>
+
+ <p>Don't be a sucker—reject all the stings.</p>
+
+ <p><small>(It is unfortunate that the article uses the term
<a
+
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInTVSets">TV Sets</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
+</div>
+
+<p>Emo Phillips made a joke: The other day a woman came up to me and
+said, “Didn't I see you on television?” I said, “I
+don't know. You can't see out the other way.” Evidently that was
+before Amazon “smart” TVs.</p>
+
+<ul class="blurbs">
+ <li id="M202010282">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>TV manufacturers are turning to produce only
+ “Smart” TV sets (which include spyware) that <a
+ href="https://frame.work/blog/in-defense-of-dumb-tvs">it's now very
+ hard to find a TV that doesn't spy on you</a>.</p>
+
+ <p>It appears that those manufacturers business model is not to
produce
+ TV and sell them for money, but to collect your personal data and
+ (possibly) hand over them to others for benefit.</p>
+ </li>
+
+ <li id="M202006250">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>TV manufacturers are able to <a
+
href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
+ every second of what the user is watching</a>. This is illegal due to
+ the Video Privacy Protection Act of 1988, but they're circumventing
+ it through EULAs.</p>
+ </li>
+
+ <li id="M201901070">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Vizio TVs <a
+
href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
+ collect “whatever the TV sees,”</a> in the own words of
the company's
+ CTO, and this data is sold to third parties. This is in return for
+ “better service” (meaning more intrusive ads?) and slightly
+ lower retail prices.</p>
+
+ <p>What is supposed to make this spying acceptable, according to him,
+ is that it is opt-in in newer models. But since the Vizio software is
+ nonfree, we don't know what is actually happening behind the scenes,
+ and there is no guarantee that all future updates will leave the
+ settings unchanged.</p>
+
+ <p>If you already own a Vizio “smart” TV (or any
“smart” TV, for that
+ matter), the easiest way to make sure it isn't spying on you is
+ to disconnect it from the Internet, and use a terrestrial antenna
+ instead. Unfortunately, this is not always possible. Another option,
+ if you are technically oriented, is to get your own router (which can
+ be an old computer running completely free software), and set up a
+ firewall to block connections to Vizio's servers. Or, as a last resort,
+ you can replace your TV with another model.</p>
+ </li>
+
+ <li id="M201804010">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some “Smart” TVs automatically <a
+
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
+ load downgrades that install a surveillance app</a>.</p>
+
+ <p>We link to the article for the facts it presents. It
+ is too bad that the article finishes by advocating the
+ moral weakness of surrendering to Netflix. The Netflix app <a
+ href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
+ malware too</a>.</p>
+ </li>
+
+ <li id="M201702060">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Vizio “smart” <a
+
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
+ report everything that is viewed on them, and not just broadcasts and
+ cable</a>. Even if the image is coming from the user's own computer,
+ the TV reports what it is. The existence of a way to disable the
+ surveillance, even if it were not hidden as it was in these TVs,
+ does not legitimize the surveillance.</p>
+ </li>
+
+ <li id="M201511130">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some web and TV advertisements play inaudible
+ sounds to be picked up by proprietary malware running
+ on other devices in range so as to determine that they
+ are nearby. Once your Internet devices are paired with
+ your TV, advertisers can correlate ads with Web activity, and other <a
+
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
+ cross-device tracking</a>.</p>
+ </li>
+
+ <li id="M201511060">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Vizio goes a step further than other TV
+ manufacturers in spying on their users: their <a
+
href="https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
+ “smart” TVs analyze your viewing habits in detail and
+ link them your IP address</a> so that advertisers can track you
+ across devices.</p>
+
+ <p>It is possible to turn this off, but having it enabled by default
+ is an injustice already.</p>
+ </li>
+
+ <li id="M201511020">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tivo's alliance with Viacom adds 2.3 million households
+ to the 600 millions social media profiles the company
+ already monitors. Tivo customers are unaware they're
+ being watched by advertisers. By combining TV viewing
+ information with online social media participation, Tivo can now <a
+ href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
+ correlate TV advertisement with online purchases</a>, exposing all
+ users to new combined surveillance by default.</p>
+ </li>
+
+ <li id="M201507240">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Vizio “smart” TVs recognize and <a
+ href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
+ what people are watching</a>, even if it isn't a TV
channel.</p>
+ </li>
+
+ <li id="M201505290">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Verizon cable TV <a
+
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
+ snoops on what programs people watch, and even what they wanted to
+ record</a>.</p>
+ </li>
+
+ <li id="M201504300">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Vizio <a
+
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
+ used a firmware “upgrade” to make its TVs snoop on what
+ users watch</a>. The TVs did not do that when first sold.</p>
+ </li>
+
+ <li id="M201502090">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Samsung “Smart” TV <a
+ <span
class="removed"><del><strong>href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm"></strong></del></span>
+ <span
class="inserted"><ins><em>href="https://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm"></em></ins></span>
+ transmits users' voice on the internet to another company,
Nuance</a>.
+ Nuance can save it and would then have to give it to the US or some
+ other government.</p>
+
+ <p>Speech recognition is not to be trusted unless it is done by free
+ software in your own computer.</p>
+
+ <p>In its privacy policy, Samsung explicitly confirms that <a
+
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
+ data containing sensitive information will be transmitted to third
+ parties</a>.</p>
+ </li>
+
+ <li id="M201411090">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Amazon “Smart” TV is <a
+
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
+ snooping all the time</a>.</p>
+ </li>
+
+ <li id="M201409290">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>More or less all “smart” TVs <a
+
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
+ on their users</a>.</p>
+
+ <p>The report was as of 2014, but we don't expect this has got
+ better.</p>
+
+ <p>This shows that laws requiring products to get users' formal
+ consent before collecting personal data are totally inadequate.
+ And what happens if a user declines consent? Probably the TV will
+ say, “Without your consent to tracking, the TV will not
+ work.”</p>
+
+ <p>Proper laws would say that TVs are not allowed to report what the
+ user watches—no exceptions!</p>
+ </li>
+
+ <li id="M201405200">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Spyware in LG “smart” TVs <a
+
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
+ reports what the user watches, and the switch to turn this off has
+ no effect</a>. (The fact that the transmission reports a 404 error
+ really means nothing; the server could save that data anyway.)</p>
+
+ <p>Even worse, it <a
+
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
+ snoops on other devices on the user's local network</a>.</p>
+
+ <p>LG later said it had installed a patch to stop this, but any
+ product could spy this way.</p>
+
+ <p>Meanwhile, LG TVs <a
+
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
+ do lots of spying anyway</a>.</p>
+ </li>
+
+ <li id="M201212170">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="break-security-smarttv"><a
+
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
+ Crackers found a way to break security on a “smart”
TV</a>
+ and use its camera to watch the people who are watching TV.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInCameras">Cameras</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInCameras">#SpywareInCameras</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201901100">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Amazon Ring “security” devices <a
+
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
+ send the video they capture to Amazon servers</a>, which save it
+ long-term.</p>
+
+ <p>In many cases, the video shows everyone that comes near, or merely
+ passes by, the user's front door.</p>
+
+ <p>The article focuses on how Ring used to let individual employees
look
+ at the videos freely. It appears Amazon has tried to prevent that
+ secondary abuse, but the primary abuse—that Amazon gets the
+ video—Amazon expects society to surrender to.</p>
+ </li>
+
+ <li id="M201810300">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Nearly all “home security cameras” <a
+
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
+ give the manufacturer an unencrypted copy of everything they
+ see</a>. “Home insecurity camera” would be a better
+ name!</p>
+
+ <p>When Consumer Reports tested them, it suggested that these
+ manufacturers promise not to look at what's in the videos. That's not
+ security for your home. Security means making sure they don't get to
+ see through your camera.</p>
+ </li>
+
+ <li id="M201603220">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Over 70 brands of network-connected surveillance cameras have
<a
+
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
+ security bugs that allow anyone to watch through them</a>.</p>
+ </li>
+
+ <li id="M201511250">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Nest Cam “smart” camera is <a
+ href="http://www.bbc.com/news/technology-34922712">always
watching</a>,
+ even when the “owner” switches it “off.”</p>
+
+ <p>A “smart” device means the manufacturer is using it
+ to outsmart you.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInToys">Toys</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInToys">#SpywareInToys</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201711244">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Furby Connect has a <a
+
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
+ universal back door</a>. If the product as shipped doesn't act as a
+ listening device, remote changes to the code could surely convert it
+ into one.</p>
+ </li>
+
+ <li id="M201711100">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A remote-control sex toy was found to make <a
+
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
+ recordings of the conversation between two users</a>.</p>
+ </li>
+
+ <li id="M201703140">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A computerized vibrator <a
+
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
+ was snooping on its users through the proprietary control
app</a>.</p>
+
+ <p>The app was reporting the temperature of the vibrator minute by
+ minute (thus, indirectly, whether it was surrounded by a person's
+ body), as well as the vibration frequency.</p>
+
+ <p>Note the totally inadequate proposed response: a labeling
+ standard with which manufacturers would make statements about their
+ products, rather than free software which users could have checked
+ and changed.</p>
+
+ <p>The company that made the vibrator <a
+
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
+ was sued for collecting lots of personal information about how people
+ used it</a>.</p>
+
+ <p>The company's statement that it was anonymizing the data may be
+ true, but it doesn't really matter. If it had sold the data to a data
+ broker, the data broker would have been able to figure out who the
+ user was.</p>
+
+ <p>Following this lawsuit, <a
+
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
+ the company has been ordered to pay a total of C$4m</a> to its
+ customers.</p>
+ </li>
+
+ <li id="M201702280">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>“CloudPets” toys with microphones <a
+
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
+ leak childrens' conversations to the manufacturer</a>. Guess what?
<a
+
href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
+ Crackers found a way to access the data</a> collected by the
+ manufacturer's snooping.</p>
+
+ <p>That the manufacturer and the FBI could listen to these
+ conversations was unacceptable by itself.</p>
+ </li>
+
+ <li id="M201612060">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The “smart” toys My Friend Cayla and i-Que transmit
<a
+
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
+ conversations to Nuance Communications</a>, a speech recognition
+ company based in the U.S.</p>
+
+ <p>Those toys also contain major security vulnerabilities; crackers
+ can remotely control the toys with a mobile phone. This would enable
+ crackers to listen in on a child's speech, and even speak into the
+ toys themselves.</p>
+ </li>
+
+ <li id="M201502180">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Barbie <a
+
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
+ going to spy on children and adults</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInDrones">Drones</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInDrones">#SpywareInDrones</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201708040">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>While you're using a DJI drone
+ to snoop on other people, DJI is in many cases <a
+
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
+ on you</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareAtHome">Other Appliances</h4><span
class="anchor-reference-id">(<a
href="#SpywareAtHome">#SpywareAtHome</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202009270">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many employers are using nonfree
+ software, including videoconference software, to <a
+
href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
+ surveil and monitor staff working at home</a>. If the program reports
+ whether you are “active,” that is in effect a malicious
+ surveillance feature.</p>
+ </li>
+
+ <li id="M202008030">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Nest <a
+
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
+ is taking over ADT</a>. Google sent out a software
+ update to its speaker devices using their back door <a
+ href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
+ listens for things like smoke alarms</a> and then notifies your phone
+ that an alarm is happening. This means the devices now listen for more
+ than just their wake words. Google says the software update was sent
+ out prematurely and on accident and Google was planning on disclosing
+ this new feature and offering it to customers who pay for it.</p>
+ </li>
+
+ <li id="M202006300">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>“Bossware” is malware that bosses <a
+
href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
+ coerce workers into installing in their own computers</a>, so the
+ bosses can spy on them.</p>
+
+ <p>This shows why requiring the user's “consent” is not
+ an adequate basis for protecting digital privacy. The boss can coerce
+ most workers into consenting to almost anything, even probable exposure
+ to contagious disease that can be fatal. Software like this should
+ be illegal and bosses that demand it should be prosecuted for it.</p>
+ </li>
+
+ <li id="M201911190">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Internet-tethered Amazon Ring had
+ a security vulnerability that enabled attackers to <a
+
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
+ access the user's wifi password</a>, and snoop on the household
+ through connected surveillance devices.</p>
+
+ <p>Knowledge of the wifi password would not be sufficient to carry
+ out any significant surveillance if the devices implemented proper
+ security, including encryption. But many devices with proprietary
+ software lack this. Of course, they are also used by their
+ manufacturers for snooping.</p>
+ </li>
+
+ <li id="M201907210">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google “Assistant” records users' conversations <a
+
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
+ when it is not supposed to listen</a>. Thus, when one of Google's
+ subcontractors discloses a thousand confidential voice recordings,
+ users were easily identified from these recordings.</p>
+
+ <p>Since Google “Assistant” uses proprietary software,
there is no
+ way to see or control what it records or sends.</p>
+
+ <p>Rather than trying to better control the use of recordings, Google
+ should not record or listen to the person's voice. It should only
+ get commands that the user wants to send to some Google service.</p>
+ </li>
+
+ <li id="M201905061">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Amazon Alexa collects a lot more information from users
+ than is necessary for correct functioning (time, location,
+ recordings made without a legitimate prompt), and sends
+ it to Amazon's servers, which store it indefinitely. Even
+ worse, Amazon forwards it to third-party companies. Thus,
+ even if users request deletion of their data from Amazon's servers, <a
+
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
+ the data remain on other servers</a>, where they can be accessed by
+ advertising companies and government agencies. In other words,
+ deleting the collected information doesn't cancel the wrong of
+ collecting it.</p>
+
+ <p>Data collected by devices such as the Nest thermostat, the Philips
+ Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
+ speakers are likewise stored longer than necessary on the servers
+ the devices are tethered to. Moreover, they are made available to
+ Alexa. As a result, Amazon has a very precise picture of users' life
+ at home, not only in the present, but in the past (and, who knows,
+ in the future too?)</p>
+ </li>
+
+ <li id="M201904240">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some of users' commands to the Alexa service are <a
+
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
+ recorded for Amazon employees to listen to</a>. The Google and Apple
+ voice assistants do similar things.</p>
+
+ <p>A fraction of the Alexa service staff even has access to <a
+
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
+ location and other personal data</a>.</p>
+
+ <p>Since the client program is nonfree, and data processing is done
+ “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
+ the cloud</a>” (a soothing way of saying “We won't
+ tell you how and where it's done”), users have no way
+ to know what happens to the recordings unless human eavesdroppers <a
+
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
+ break their non-disclosure agreements</a>.</p>
+ </li>
+
+ <li id="M201902080">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The HP <a
+ href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
+ “ink subscription” cartridges have DRM that constantly
+ communicates with HP servers</a> to make sure the user is still
+ paying for the subscription, and hasn't printed more pages than were
+ paid for.</p>
+
+ <p>Even though the ink subscription program may be cheaper in some
+ specific cases, it spies on users, and involves totally unacceptable
+ restrictions in the use of ink cartridges that would otherwise be in
+ working order.</p>
+ </li>
+
+ <li id="M201808120">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Crackers found a way to break the security of an Amazon device,
+ and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
+ turn it into a listening device</a> for them.</p>
+
+ <p>It was very difficult for them to do this. The job would be much
+ easier for Amazon. And if some government such as China or the US
+ told Amazon to do this, or cease to sell the product in that country,
+ do you think Amazon would have the moral fiber to say no?</p>
+
+ <p><small>(These crackers are probably hackers too, but please
<a
+ href="https://stallman.org/articles/on-hacking.html"> don't use
+ “hacking” to mean “breaking
security”</a>.)</small></p>
+ </li>
+
+ <li id="M201804140">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A medical insurance company <a
+
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
+ offers a gratis electronic toothbrush that snoops on its user by
+ sending usage data back over the Internet</a>.</p>
+ </li>
+
+ <li id="M201706204">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Lots of “smart” products are designed <a
+
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
+ listen to everyone in the house, all the time</a>.</p>
+
+ <p>Today's technological practice does not include any way of making
+ a device that can obey your voice commands without potentially spying
+ on you. Even if it is air-gapped, it could be saving up records
+ about you for later examination.</p>
+ </li>
+
+ <li id="M201407170">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="nest-thermometers">Nest thermometers send <a
+ href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
+ data about the user</a>.</p>
+ </li>
+
+ <li id="M201310260">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://web.archive.org/web/20180911191954/http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
+ Rent-to-own computers were programmed to spy on their
renters</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareOnWearables">Wearables</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201807260">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tommy Hilfiger clothing <a
+
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
+ monitor how often people wear it</a>.</p>
+
+ <p>This will teach the sheeple to find it normal that companies
+ monitor every aspect of what they do.</p>
+ </li>
+</ul>
+
+
+<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
+
+<ul class="blurbs">
+ <li id="M202009100">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Internet-enabled watches with proprietary software
+ are malware, violating people (specially children's)
+ privacy. In addition, they have a lot of security flaws. They <a
+
href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
+ permit security breakers (and unauthorized people) to access</a> the
watch.</p>
+
+ <p>Thus, ill-intentioned unauthorized people can intercept
communications between parent and child and spoof messages to and from the
watch, possibly endangering the child.</p>
+
+ <p><small>(Note that this article misuses the word “<a
+ href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
+ to mean “crackers.”)</small></p>
+ </li>
+
+ <li id="M201603020">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A very cheap “smart watch” comes with an Android app
<a
+
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
+ that connects to an unidentified site in China</a>.</p>
+
+ <p>The article says this is a back door, but that could be a
+ misunderstanding. However, it is certainly surveillance, at
least.</p>
+ </li>
+
+ <li id="M201407090">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>An LG “smart” watch is designed <a
+
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
+ to report its location to someone else and to transmit conversations
+ too</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInVehicles">Vehicles</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202105130">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+ href="https://gizmodo.com/get-ready-for-in-car-ads-1846888390">Ford
+ is planning to force ads on drivers in cars</a>, with the ability for
+ the owner to pay extra to turn them off. The system probably imposes
+ surveillance on drivers too.</p>
+ </li>
+
+ <li id="M202008181">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>New Toyotas will <a
+ href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
+ upload data to AWS to help create custom insurance premiums</a>
+ based on driver behaviour.</p>
+
+ <p>Before you buy a “connected” car, make sure you can
+ disconnect its cellular antenna and its GPS antenna. If you want
+ GPS navigation, get a separate navigator which runs free software
+ and works with Open Street Map.</p>
+ </li>
+
+ <li id="M201912171">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Most modern cars now <a
+
href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
+ record and send various kinds of data to the manufacturer</a>. For
+ the user, access to the data is nearly impossible, as it involves
+ cracking the car's computer, which is always hidden and running with
+ proprietary software.</p>
+ </li>
+
+ <li id="M201903290">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tesla cars collect lots of personal data, and <a
+
href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
+ when they go to a junkyard the driver's personal data goes with
+ them</a>.</p>
+ </li>
+
+ <li id="M201902011">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The FordPass Connect feature of some Ford vehicles has <a
+
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
+ near-complete access to the internal car network</a>. It is
constantly
+ connected to the cellular phone network and sends Ford a lot of data,
+ including car location. This feature operates even when the ignition
+ key is removed, and users report that they can't disable it.</p>
+
+ <p>If you own one of these cars, have you succeeded in breaking the
+ connectivity by disconnecting the cellular modem, or wrapping the
+ antenna in aluminum foil?</p>
+ </li>
+
+ <li id="M201811300">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>In China, it is mandatory for electric
+ cars to be equipped with a terminal that <a
+ href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
+ transfers technical data, including car location,
+ to a government-run platform</a>. In practice, <a
+ href="/proprietary/proprietary-surveillance.html#car-spying">
+ manufacturers collect this data</a> as part of their own spying, then
+ forward it to the government-run platform.</p>
+ </li>
+
+ <li id="M201810230">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>GM <a
+ href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
+ tracked the choices of radio programs</a> in its
+ “connected” cars, minute by minute.</p>
+
+ <p>GM did not get users' consent, but it could have got that easily
by
+ sneaking it into the contract that users sign for some digital service
+ or other. A requirement for consent is effectively no protection.</p>
+
+ <p>The cars can also collect lots of other data: listening to you,
+ watching you, following your movements, tracking passengers' cell
+ phones. <em>All</em> such data collection should be
forbidden.</p>
+
+ <p>But if you really want to be safe, we must make sure the car's
+ hardware cannot collect any of that data, or that the software
+ is free so we know it won't collect any of that data.</p>
+ </li>
+
+ <li id="M201711230">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>AI-powered driving apps can <a
+
href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
+ track your every move</a>.</p>
+ </li>
+
+ <li id="M201607160">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="car-spying">Computerized cars with nonfree software are <a
+
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
+ snooping devices</a>.</p>
+ </li>
+
+ <li id="M201602240">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="nissan-modem">The Nissan Leaf has a built-in
+ cell phone modem which allows effectively anyone to <a
+ href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
+ access its computers remotely and make changes in various
+ settings</a>.</p>
+
+ <p>That's easy to do because the system has no authentication
+ when accessed through the modem. However, even if it asked
+ for authentication, you couldn't be confident that Nissan
+ has no access. The software in the car is proprietary, <a
+ href="/philosophy/free-software-even-more-important.html">which means
+ it demands blind faith from its users</a>.</p>
+
+ <p>Even if no one connects to the car remotely, the cell phone modem
+ enables the phone company to track the car's movements all the time;
+ it is possible to physically remove the cell phone modem, though.</p>
+ </li>
+
+ <li id="M201306140">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Tesla cars allow the company to extract
+ data remotely and determine the car's location
+ at any time. (See Section 2, paragraphs b and c of the <a
+
href="https://www.tesla.com/sites/default/files/pdfs/en_US/tmi_privacy_statement_external_6-14-2013_v2.pdf">
+ privacy statement</a>.) The company says it doesn't store this
+ information, but if the state orders it to get the data and hand it
+ over, the state can store it.</p>
+ </li>
+
+ <li id="M201303250">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p id="records-drivers">Proprietary software in cars <a
+
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
+ records information about drivers' movements</a>, which is made
+ available to car manufacturers, insurance companies, and others.</p>
+
+ <p>The case of toll-collection systems, mentioned in this article,
+ is not really a matter of proprietary surveillance. These systems
+ are an intolerable invasion of privacy, and should be replaced with
+ anonymous payment systems, but the invasion isn't done by malware. The
+ other cases mentioned are done by proprietary malware in the car.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInVR">Virtual Reality</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInVR">#SpywareInVR</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M202008182">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Oculus headsets <a
+
href="https://www.theverge.com/2020/8/18/21372435/oculus-facebook-login-change-separate-account-support-end-quest-october">require
+ users to identify themselves to Facebook</a>. This will give Facebook
+ free rein to pervasively snoop on Oculus users.</p>
+ </li>
+
+ <li id="M201612230">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>VR equipment, measuring every slight motion,
+ creates the potential for the most intimate
+ surveillance ever. All it takes to make this potential real <a
+
href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
+ software as malicious as many other programs listed in this
+ page</a>.</p>
+
+ <p>You can bet Facebook will implement the maximum possible
+ surveillance on Oculus Rift devices. The moral is, never trust a VR
+ system with nonfree software in it.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<p>In addition, many web sites spy on their visitors. Web sites are not
+ programs, so it
+ <a href="/philosophy/network-services-arent-free-or-nonfree.html">
+ makes no sense to call them “free” or
“proprietary”</a>,
+ but the surveillance is an abuse all the same.</p>
+
+<ul class="blurbs">
+ <li id="M201904210">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>As of April 2019, it is <a
+
href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
+ longer possible to disable an
+ unscrupulous tracking anti-feature</a> that <a
+
href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
+ users when they follow ping links</a> in Apple Safari, Google Chrome,
+ Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is
+ going to be based on Chromium.</p>
+ </li>
+
+ <li id="M201901101">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Until 2015, any tweet that listed a geographical tag <a
+
href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/">
+ sent the precise GPS location to Twitter's server</a>. It still
+ contains these GPS locations.</p>
+ </li>
+
+ <li id="M201805170">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Storyful program <a
+
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
+ on the reporters that use it</a>.</p>
+ </li>
+
+ <li id="M201701060">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-01</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>When a page uses Disqus
+ for comments, the proprietary Disqus software <a
+
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
+ a Facebook software package into the browser of every anonymous visitor
+ to the page, and makes the page's URL available to
Facebook</a>.</p>
+ </li>
+
+ <li id="M201612064">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Online sales, with tracking and surveillance of customers, <a
+
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
+ businesses to show different people different prices</a>. Most of
+ the tracking is done by recording interactions with servers, but
+ proprietary software contributes.</p>
+ </li>
+
+ <li id="M201405140">
+ <!--#set var="DATE" value='<small
class="date-tag">2014-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
+ Microsoft SkyDrive allows the NSA to directly examine users'
+ data</a>.</p>
+ </li>
+
+ <li id="M201210240">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many web sites rat their visitors to advertising
+ networks that track users. Of the top 1000 web sites, <a
+
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
+ (as of 5/17/2012) fed their visitors third-party cookies, allowing
+ other sites to track them</a>.</p>
+ </li>
+
+ <li id="M201208210">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many web sites report all their visitors
+ to Google by using the Google Analytics service, which <a
+
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
+ tells Google the IP address and the page that was
visited</a>.</p>
+ </li>
+
+ <li id="M201200000">
+ <!--#set var="DATE" value='<small
class="date-tag">[2012]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many web sites try to collect users' address books (the user's
list
+ of other people's phone numbers or email addresses). This violates
+ the privacy of those other people.</p>
+ </li>
+
+ <li id="M201110040">
+ <!--#set var="DATE" value='<small
class="date-tag">2011-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Pages that contain “Like” buttons <a
+
href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
+ enable Facebook to track visitors to those pages</a>—even users
+ that don't have Facebook accounts.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInJavaScript">JavaScript</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInJavaScript">#SpywareInJavaScript</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201811270">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Many web sites use JavaScript code <a
+
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
+ to snoop on information that users have typed into a
+ form but not sent</a>, in order to learn their identity. Some are
<a
+
href="https://www.manatt.com/insights/newsletters/advertising-law/sites-illegally-tracked-consumers-new-suits-allege">
+ getting sued</a> for this.</p>
+
+ <p>The chat facilities of some customer services use the same sort of
+ malware to <a
+
href="https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119">
+ read what the user is typing before it is posted</a>.</p>
+ </li>
+
+ <li id="M201807190">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>British Airways used <a
+
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
+ JavaScript on its web site to give other companies personal data on
+ its customers</a>.</p>
+ </li>
+
+ <li id="M201712300">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some JavaScript malware <a
+
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
+ swipes usernames from browser-based password managers</a>.</p>
+ </li>
+
+ <li id="M201711150">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-11</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some websites send
+ JavaScript code to collect all the user's input, <a
+
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
+ can then be used to reproduce the whole session</a>.</p>
+
+ <p>If you use LibreJS, it will block that malicious JavaScript
+ code.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInFlash">Flash</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInFlash">#SpywareInFlash</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li id="M201310110">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Flash and JavaScript are used for <a
+
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
+ “fingerprinting” devices</a> to identify users.</p>
+ </li>
+
+ <li id="M201003010">
+ <!--#set var="DATE" value='<small
class="date-tag">2010-03</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Flash Player's <a
+
href="https://web.archive.org/web/20200808151607/http://www.imasuper.com/2008/10/09/flash-cookies-the-silent-privacy-killer/">
+ cookie feature helps web sites track visitors</a>.</p>
+ </li>
+</ul>
+
+
+<div class="big-subsection">
+ <h4 id="SpywareInChrome">Chrome</h4>
+ <span class="anchor-reference-id">(<a
href="#SpywareInChrome">#SpywareInChrome</a>)</span>
+</div>
+
+<ul class="blurbs">
+ <li <span class="inserted"><ins><em>id="M202109210">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google's proprietary Chrome web browser <a
+
href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/">
+ added a surveillance API (idle detection API)</a> which lets
+ websites ask Chrome to report when a user with a web page open is
+ idle.</p>
+ </li>
+
+ <li</em></ins></span> id="M201906220">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome is an <a
+
href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
+ instrument of surveillance</a>. It lets thousands of trackers invade
+ users' computers and report the sites they visit to advertising and
+ data companies, first of all to Google. Moreover, if users have a
+ Gmail account, Chrome automatically logs them in to the browser for
+ more convenient profiling. On Android, Chrome also reports their
+ location to Google.</p>
+
+ <p>The best way to escape surveillance is to switch to <a
+ href="/software/icecat/">IceCat</a>, a modified version of Firefox
+ with several changes to protect users' privacy.</p>
+ </li>
+
+ <li id="M201704131">
+ <!--#set var="DATE" value='<small
class="date-tag">2017-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Low-priced Chromebooks for schools are <a
+ href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
+ collecting far more data on students than is necessary, and store
+ it indefinitely</a>. Parents and students complain about the lack
+ of transparency on the part of both the educational services and the
+ schools, the difficulty of opting out of these services, and the lack
+ of proper privacy policies, among other things.</p>
+
+ <p>But complaining is not sufficient. Parents, students and teachers
+ should realize that the software Google uses to spy on students is
+ nonfree, so they can't verify what it really does. The only remedy is
+ to persuade school officials to <a
href="/education/edu-schools.html">
+ exclusively use free software</a> for both education and school
+ administration. If the school is run locally, parents and teachers
+ can mandate their representatives at the School Board to refuse the
+ budget unless the school initiates a switch to free software. If
+ education is run nation-wide, they need to persuade legislators
+ (e.g., through free software organizations, political parties,
+ etc.) to migrate the public schools to free software.</p>
+ </li>
+
+ <li id="M201507280">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-07</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome makes it easy for an extension to do <a
+
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
+ snooping on the user's browsing</a>, and many of them do
so.</p>
+ </li>
+
+ <li id="M201506180">
+ <!--#set var="DATE" value='<small
class="date-tag">2015-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome includes a module that <a
+
href="https://www.privateinternetaccess.com/blog/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
+ activates microphones and transmits audio to its
servers</a>.</p>
+ </li>
+
+ <li id="M201308040">
+ <!--#set var="DATE" value='<small
class="date-tag">2013-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome <a
+ href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
+ spies on browser history, affiliations</a>, and other installed
+ software.</p>
+ </li>
+
+ <li id="M200809060">
+ <!--#set var="DATE" value='<small
class="date-tag">2008-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Chrome contains a key logger that <a
+
href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/">
+ sends Google every URL typed in</a>, one key at a time.</p>
+ </li>
+</ul>
+
+
+
+<div class="big-section">
+ <h3 id="SpywareInNetworks">Spyware in Networks</h3>
+ <span class="anchor-reference-id">(<a
href="#SpywareInNetworks">#SpywareInNetworks</a>)</span>
+</div>
+<div style="clear: left;"></div>
+
+<ul class="blurbs">
+ <li <span class="inserted"><ins><em>id="M202110250">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-10</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Ed Tech companies use their surveillance power to
+ manipulate students, and direct them into tracks towards various
+ levels of knowledge, power and prestige. The article argues that <a
+
href="https://blogs.lse.ac.uk/medialse/2021/10/25/algorithmic-injustice-in-education-why-tech-companies-should-require-a-license-to-operate-in-childrens-education/">these
+ companies should obtain licenses to operate</a>. That wouldn't hurt,
+ but it doesn't address the root of the problem. All data acquired
+ in a school about any student, teacher, or employee must not leave
+ the school, and must be kept in computers that belong to the school
+ and run free (as in freedom) software. That way, the school district
+ and/or parents can control what is done with those data.</p>
+ </li>
+
+ <li</em></ins></span> id="M202105060">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://me2ba.org/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
+ of school apps are sending student data to potentially high-risk
+ third parties</a>, putting students and possibly all other school
+ workers under surveillance. This is made possible by using unsafe
+ and proprietary programs made by data-hungry corporations.</p>
+
+ <p><small>Please note that whether students consent to this or
not,
+ doesn't justify the surveillance they're imposed
to.</small></p>
+ </li>
+
+ <li id="M202105030">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The United States' government is reportedly considering <a
+
href="https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/">teaming
+ up with private companies to monitor American citizens' private online
+ activity and digital communications</a>.</p>
+
+ <p>What creates the opportunity to try this is the fact that these
+ companies are already snooping on users' private activities. That
+ in turn is due to people's use of nonfree software which snoops,
+ and online dis-services which snoop.</p>
+ </li>
+
+ <li id="M202102160">
+ <!--#set var="DATE" value='<small
class="date-tag">2021-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google <a
+
href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed
+ over personal data of Indian protesters and activists to Indian
+ police</a> which led to their arrest. The cops requested the IP
+ address and the location where a document was created and with that
+ information, they identified protesters and activists.</p>
+ </li>
+
+ <li id="M202012250">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The HonorLock online exam
+ proctoring program is a surveillance tool that <a
+
href="https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps">tracks
+ students and collects data</a> such as face, driving license, and
+ network information, among others, in blatant violation of students'
+ privacy.</p>
+
+ <p>Preventing students from cheating should not be an excuse for
+ running malware/spyware on their computers, and it's good that students
+ are protesting. But their petitions overlook a crucial issue, namely,
+ the injustice of being forced to run nonfree software in order to
+ get an education.</p>
+ </li>
+
+ <li id="M202009070">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-09</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>While the world is still
+ struggling with COVID-19 coronavirus, many <a
+
href="https://mashable.com/article/privacy-in-the-age-of-coronavirus/">people
+ are in danger of surveillance</a> and their computers are infected
+ with malware as a result of installing proprietary software.</p>
+ </li>
+
+ <li id="M202004301">
+ <!--#set var="DATE" value='<small
class="date-tag">2020-04</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a
+
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
+ collecting user's personal and identifiable data</a> including how
long
+ a call lasts, who's participating in the call, and the IP addresses
+ of everyone taking part. From experience, this can even harm users
+ physically if those companies hand over data to governments.</p>
+ </li>
+
+ <li id="M201905281">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-05</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Microsoft <a
+
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
+ people to give their phone number</a> in order to be able to create
an account on
+ the company's network. On top of mistreating their users by providing
+ nonfree software, Microsoft is tracking their lives outside the computer
and
+ violates their privacy.</p>
+ </li>
+
+ <li id="M201902040">
+ <!--#set var="DATE" value='<small
class="date-tag">2019-02</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google invites people to <a
+
href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
+ let Google monitor their phone use, and all internet use in their
+ homes, for an extravagant payment of $20</a>.</p>
+
+ <p>This is not a malicious functionality of a program with some other
+ purpose; this is the software's sole purpose, and Google says so. But
+ Google says it in a way that encourages most people to ignore the
+ details. That, we believe, makes it fitting to list here.</p>
+ </li>
+
+ <li id="M201808131">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p><a
+
href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google
+ will track people even if people turn off location history</a>, using
+ Google Maps, weather updates, and browser searches. Google basically
+ uses any app activity to track people.</p>
+ </li>
+
+ <li id="M201808130">
+ <!--#set var="DATE" value='<small
class="date-tag">2018-08</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Since the beginning of 2017, <a
+
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">Android
+ phones have been collecting the addresses of nearby cellular
+ towers</a>, even when location services are disabled, and sending
+ that data back to Google.</p>
+ </li>
+
+ <li id="M201606030">
+ <!--#set var="DATE" value='<small
class="date-tag">2016-06</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Investigation Shows <a
+
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
+ Using US Companies, NSA To Route Around Domestic Surveillance
+ Restrictions</a>.</p>
+
+ <p>Specifically, it can collect the emails of members of Parliament
+ this way, because they pass it through Microsoft.</p>
+ </li>
+
+ <li id="M201212290">
+ <!--#set var="DATE" value='<small
class="date-tag">2012-12</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The Cisco TNP IP phones are <a
+
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+ spying devices</a>.</p>
+ </li>
+</ul>
+</div>
+
+</div>
+<!--#include virtual="/proprietary/proprietary-menu.html" -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer" role="contentinfo">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a
href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:web-translators@gnu.org">
+ <web-translators@gnu.org></a>.</p>
+
+ <p>For information on coordinating and contributing translations
of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and contributing translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2015-2021 Free Software Foundation, Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by/4.0/">Creative
+Commons Attribution 4.0 International License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2021/12/07 19:30:34 $
+<!-- timestamp end -->
+</p>
+</div>
+</div><!-- for class="inner", starts in the banner include -->
+</body>
+</html>
+</pre></body></html>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary malware-google.pt-br.html propr...,
GNUN <=