Additions to the Malware Section

These are all the malware items that have been added to this directory since 2018, in reverse chronological order. (In some cases, the latest reference was updated after the item was added.)

  • Added: 2021-11-19 — Latest reference: 2021-10-25

    Ed Tech companies use their surveillance power to manipulate students, and direct them into tracks towards various levels of knowledge, power and prestige. The article argues that these companies should obtain licenses to operate. That wouldn't hurt, but it doesn't address the root of the problem. All data acquired in a school about any student, teacher, or employee must not leave the school, and must be kept in computers that belong to the school and run free (as in freedom) software. That way, the school district and/or parents can control what is done with those data.

  • Added: 2021-11-18 — Latest reference: 2021-11-09

    A building in LA, with a supermarket in it, demands customers load a particular app to pay for parking in the parking lot, and accept pervasive surveillance. They also have the option of entering their license plate numbers in a kiosk. That is an injustice, too.

  • Added: 2021-11-18 — Latest reference: 2021-11-04

    Apple's new tactic to restrict users from repairing their own device and impose DRM on people is to completely disable its Face ID functionality when you replace its screen.

  • Added: 2021-11-18 — Latest reference: 2021-08-18

    Microsoft is making it harder and harder to replace default apps in its Windows operating system and is pressuring users to use its proprietary programs instead. We believe the best approach to this would be replacing Windows with a free (as in freedom) operating system like GNU. We also maintain a list of fully free distributions of GNU.

  • Added: 2021-11-18 — Latest reference: 2018-02-28

    Spotify app harvests users' data to personally identify and know people through music, their mood, mindset, activities, and tastes. There are over 150 billion events logged daily on the program which contains users' data and personal information.

  • Added: 2021-11-09 — Latest reference: 2016-02-11

    A pacemaker running proprietary code was misconfigured and could have killed the implanted person. In order to find out what was wrong and get it fixed, the person needed to break into the remote device that sets parameters in the pacemaker (possibly infringing upon manufacturer's rights under the DMCA). If this system had run free software, it could have been fixed much sooner.

  • Added: 2021-11-04 — Latest reference: 2021-10-13

    Adobe has licensed its Flash Player to China's Zhong Cheng Network who is offering the program bundled with spyware and a back door that can remotely deactivate it.

    Adobe is responsible for this since they gave Zhong Cheng Network permission to do this. This injustice involves “misuse” of the DMCA, but “proper,” intended use of the DMCA is a much bigger injustice. There is a series of errors related to DMCA.

  • Added: 2021-10-30 — Latest reference: 2021-10-16

    Canon's all-in-one printer, scanner, and fax machine will stop you from using any of its features if it's out of ink! Since there's no need for ink to use scan or fax, Canon is sued by its customers for this malicious behavior. The proprietary software installed on Canon machines arbitrarily restricts users from using their device as they wish.

  • Added: 2021-10-12 — Latest reference: 2021-10-07

    Facebook's nonfree client forces its useds to look at the newsfeed. A used of Facebook developed a browser add-on to make it easier to unfollow everyone and thus make the newsfeed empty. Many of the people used by Facebook loved this, because they regard the newsfeed as a burden that Facebook imposes on them.

    If the client software for Facebook were free, useds could probably make the newsfeed disappear by modifying the client not to display it.

  • Added: 2021-10-12 — Latest reference: 2021-09-22

    Some Xiaomi phones have a malfeature to bleep out phrases that express political views China does not like. In phones sold in Europe, Xiaomi leaves this deactivated by default, but has a back door to activate the censorship.

    This is the natural result of having nonfree software in a device that can communicate with the company that made it.

  • Added: 2021-10-12 — Latest reference: 2021-06-25

    El Salvador Dictatorship's Chivo wallet is spyware, it's a proprietary program that breaks users' freedom and spies on people; demands personal data such as the national ID number and does face recognition, and it is bad security for its data. It also asks for almost every malware permission in people's smartphones.

    The article criticizes it for faults in “data protection”, though “data protection” is the wrong approach to privacy anyway.

  • Added: 2021-10-08 — Latest reference: 2021-09-21

    Google's proprietary Chrome web browser added a surveillance API (idle detection API) which lets websites ask Chrome to report when a user with a web page open is idle.

  • Added: 2021-09-20 — Latest reference: 2021-09-17

    Apple has made it impossible to load Navalny's tactical voting app into an iPhone in Russia.

    It is impossible because (1) the iPhone refuses to load apps from anywhere other than Apple, and (2) Apple has obeyed a Russian censorship law. The first point is enforced by Apple's nonfree software.

  • Added: 2021-09-15 — Latest reference: 2021-08-17

    Various models of security cameras, DVRs, and baby monitors that run proprietary software are affected by a security vulnerability that could give attackers access to live feeds.

  • Added: 2021-09-01 — Latest reference: 2021-08-24

    Recent Samsung TVs have a back door with which Samsung can brick them remotely.

  • Added: 2021-09-01 — Latest reference: 2021-08-20

    The Russian communications watchdog tells Google and Apple to remove Navalny's app from their stores.

    Because Apple controls what a user can install, this is absolute censorship. By contrast, because Android does not do that, users can install apps even if Google does not offer them.

  • Added: 2021-07-30 — Latest reference: 2021-07-18

    The pegasus spyware used vulnerabilities on proprietary smartphone operating systems to impose surveillance on people. It can record people's calls, copy their messages, and secretly film them, using a security vulnerability. There's also a technical analysis of this spyware available in PDF format.

    A free operating system would've let people to fix the bugs for themselves but now infected people will be compelled to wait for corporations to fix the problems.

    Please note that the article wrongly refers to crackers as “hackers”.

  • Added: 2021-07-15 — Latest reference: 2021-07-09

    A newly found Microsoft Windows vulnerability can allow crackers to remotely gain access to the operating system and install programs, view and delete data, or even create new user accounts with full user rights.

    The security research firm accidentally leaked instructions on how the flaw could be exploited but Windows users should still wait for Microsoft to fix the flaw, if they fix it.

    Please note that the article wrongly refers to crackers as “hackers”.

  • Added: 2021-07-15 — Latest reference: 2021-07-05

    Advertising companies are experimenting to manipulate people's minds, and impose a new way of advertising by altering their dreams. This “targeted dream incubation” would trigger “refreshing dreams” of the product, according to the companies.

  • Added: 2021-07-04 — Latest reference: 2021-06-22

    Peloton company which produces treadmills recently locked people out of basic features of people's treadmills by a software update. The company now asks people for a membership/subscription for what people already paid for.

    The software used in the treadmill is proprietary and probably includes back doors to force software updates. It teaches the lesson that if a product talks to external networks, you must expect it to take in new malware.

    Please note that the company behind this product said they are working to reverse the changes so people will no longer need subscription to use the locked feature.

    Apparently public anger made the company back down. If we want that to be our safety, we need to build up the anger against malicious features (and the proprietary software that is their entry path) to the point that even the most powerful companies don't dare.

  • Added: 2021-06-27 — Latest reference: 2021-06-19

    Google automatically installed an app on many proprietary Android phones. The app might or might not do malicious things but the power Google has over proprietary Android phones is dangerous.

  • Added: 2021-06-22 — Latest reference: 2021-06-17

    Almost all proprietary health apps harvest users' data, including sensitive health information, tracking identifiers, and cookies to track user activities. Some of these applications are tracking users across different platforms.

  • Added: 2021-06-17 — Latest reference: 2021-06-03

    TikTok apps collect biometric identifiers and biometric information from users' smartphones. The company behind it does whatever it wants and collects whatever data it can.

  • Added: 2021-06-13 — Latest reference: 2020-04-13

    Google, Apple, and Microsoft (and probably some other companies) are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.

  • Added: 2021-06-09 — Latest reference: 2018-08-13

    Google will track people even if people turn off location history, using Google Maps, weather updates, and browser searches. Google basically uses any app activity to track people.

  • Added: 2021-06-08 — Latest reference: 2021-05-30

    Apple is systematically undermining interoperability. At the hardware level, it does this via nonstandard plugs, buses and networks. At the software level, it does this by not letting the user have any data except within one app.

  • Added: 2021-06-08 — Latest reference: 2018-08-13

    Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers, even when location services are disabled, and sending that data back to Google.

  • Added: 2021-06-02 — Latest reference: 2021-05-24

    Apple is moving its Chinese customers' iCloud data to a datacenter controlled by the Chinese government. Apple is already storing the encryption keys on these servers, obeying Chinese authority, making all Chinese user data available to the government.

  • Added: 2021-05-26 — Latest reference: 2021-05-13

    Ford is planning to force ads on drivers in cars, with the ability for the owner to pay extra to turn them off. The system probably imposes surveillance on drivers too.

  • Added: 2021-05-18 — Latest reference: 2021-05-04

    A motorcycle company named Klim is selling airbag vests with different payment methods, one of them is through a proprietary subscription-based option that will block the vest from inflating if the payments don't go through.

    They say there is a 30-days grace period if you miss a payment but the grace period is no excuse to the insecurity.

  • Added: 2021-05-13 — Latest reference: 2021-05-06

    60% of school apps are sending student data to potentially high-risk third parties, putting students and possibly all other school workers under surveillance. This is made possible by using unsafe and proprietary programs made by data-hungry corporations.

    Please note that whether students consent to this or not, doesn't justify the surveillance they're imposed to.

  • Added: 2021-05-06 — Latest reference: 2021-05-03

    The United States' government is reportedly considering teaming up with private companies to monitor American citizens' private online activity and digital communications.

    What creates the opportunity to try this is the fact that these companies are already snooping on users' private activities. That in turn is due to people's use of nonfree software which snoops, and online dis-services which snoop.

  • Added: 2021-04-26 — Latest reference: 2021-04-06

    The WeddingWire app saves people's wedding photos forever and hands over data to others, giving users no control over their personal information/data. The app also sometimes shows old photos and memories to users, without giving them any control over this either.

  • Added: 2021-04-16 — Latest reference: 2021-04-09

    A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction.

  • Added: 2021-04-11 — Latest reference: 2021-02-16

    Google handed over personal data of Indian protesters and activists to Indian police which led to their arrest. The cops requested the IP address and the location where a document was created and with that information, they identified protesters and activists.

  • Added: 2021-04-11 — Latest reference: 2020-07-02

    BMW is trying to lock certain features of its cars, and force people to pay to use part of the car they already bought. This is done through forced update of the car software via a radio-operated back door.

  • Added: 2021-03-16 — Latest reference: 2021-03-10

    Amazon's monopoly and DRM is stopping public libraries from lending e-books and audiobooks. Amazon became powerful in e-book world by Swindle, and is now misusing its power and violates people's rights using Digital Restrictions Management.

    The article is written in a way that endorses DRM in general, which is unacceptable. DRM is an injustice to people.

  • Added: 2021-03-16 — Latest reference: 2021-03-09

    Over 150 thousand security cameras that used Verkada company's proprietary software are cracked by a major security breach. Crackers have had access to security archives of various gyms, hospitals, jails, schools, and police stations that have used Verkada's cameras.

    It is injustice to the public for gyms, stores, hospitals, jails, and schools to hand “security” footage to a company from which the government can collect it at any time, without even telling them.

    Please note that the article wrongly refers to crackers as “hackers”.

  • Added: 2021-03-16 — Latest reference: 2020-10-28

    TV manufacturers are turning to produce only “Smart” TV sets (which include spyware) that it's now very hard to find a TV that doesn't spy on you.

    It appears that those manufacturers business model is not to produce TV and sell them for money, but to collect your personal data and (possibly) hand over them to others for benefit.

  • Added: 2021-03-12 — Latest reference: 2018-09-12

    Tiny Lab Productions, along with online ad businesses run by Google, Twitter and three other companies are facing a lawsuit for violating people's privacy by collecting their data from mobile games and handing over these data to other companies/advertisers.

  • Added: 2021-03-09 — Latest reference: 2021-03-05

    At least 30 thousand organizations in the United States are newly “cracked” via holes in Microsoft's proprietary email software, named Microsoft 365. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs.

  • Added: 2021-03-09 — Latest reference: 2021-02-11

    Researchers at the security firm SentinelOne discovered a security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner.

  • Added: 2021-03-09 — Latest reference: 2020-04-30

    Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.

  • Added: 2021-03-08 — Latest reference: 2020-04-27

    The proprietary program Microsoft Teams' insecurity could have let a malicious GIF steal user data from Microsoft Teams accounts, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.”

  • Added: 2021-03-07 — Latest reference: 2020-10-18

    Microsoft is forcing Windows users to install upgrades it pushes using its universal back doors. These upgrades can do various harms to users such as restricting computers from some functions and/or forcing users to defenselessly do whatever Microsoft tells them to do.

  • Added: 2021-02-25 — Latest reference: 2021-02-20

    The proprietary program Clubhouse is malware and a privacy disaster. Clubhouse collects people's personal data such as recordings of people's conversations, and, as a secondary problem, does not encrypt them, which shows a bad security part of the issue.

    A user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora (the company behind the app) would likely have access to users' raw audio, potentially providing access to the Chinese government.

    Even with good security of data transmission, collecting personal data of people is wrong and a violation of people's privacy rights.

  • Added: 2021-02-25 — Latest reference: 2021-02-18

    Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows.

    The fact that Flash has been disabled by Adobe is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives the developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.

  • Added: 2021-02-22 — Latest reference: 2021-02-19

    The Prodigy maths game played in schools at no cost entices students to play it at home, where the company tries to lure them into paying for a premium subscription in exchange for mere cosmetic features that, at school, underline the socioeconomic gap between those who can afford it and those who can't.

    The strategy of using schools as a fishing pool for customers is a common practice traditionally adopted by nonfree software companies.

  • Added: 2021-02-22 — Latest reference: 2020-12-25

    The HonorLock online exam proctoring program is a surveillance tool that tracks students and collects data such as face, driving license, and network information, among others, in blatant violation of students' privacy.

    Preventing students from cheating should not be an excuse for running malware/spyware on their computers, and it's good that students are protesting. But their petitions overlook a crucial issue, namely, the injustice of being forced to run nonfree software in order to get an education.

  • Added: 2021-02-06 — Latest reference: 2021-02-01

    Many cr…apps, developed by various companies for various organizations, do location tracking unknown to those companies and those organizations. It's actually some widely used libraries that do the tracking.

    What's unusual here is that proprietary software developer A tricks proprietary software developers B1 … B50 into making platforms for A to mistreat the end user.

  • Added: 2021-02-04 — Latest reference: 2020-10-12

    Samsung is forcing its smartphone users in Hong Kong (and Macau) to use a public DNS in Mainland China, using software update released in September 2020, which causes many unease and privacy concerns.

  • Added: 2021-01-27 — Latest reference: 2021-01-13

    The authorities in Venice track the movements of all tourists using their portable phones. The article says that at present the system is configured to report only aggregated information. But that could be changed. What will that system do 10 years from now? What will a similar system in another country do? Those are the questions this raises.

  • Added: 2021-01-19 — Latest reference: 2021-01-11

    A cracker took control of people's internet-connected chastity cages and demanded ransom. The chastity cages are being controlled by a proprietary app (mobile program).

    (Please note that the article wrongly refers to crackers as "hackers".)

  • Added: 2021-01-11 — Latest reference: 2021-01-08

    As of 2021, WhatsApp (one of Facebook's subsidiaries) is forcing its users to hand over sensitive personal data to its parent company. This increases Facebook's power over users, and further jeopardizes people's privacy and security.

    Instead of WhatsApp you can use GNU Jami, which is free software and will not collect your data.

  • Added: 2021-01-08 — Latest reference: 2016-04-04

    Many popular mobile games include a random-reward system called gacha which is especially effective on children. One variant of gacha was declared illegal in Japan in 2012, but the other variants are still luring players into compulsively spending inordinate amounts of money on virtual toys.

  • Added: 2021-01-05 — Latest reference: 2021-01-05

    Most Internet connected devices in Mozilla's “Privacy Not Included” list are designed to snoop on users even if they meet Mozilla's “Minimum Security Standards.” Insecure design of the program running on some of these devices makes the user susceptible to be snooped and exploited by crackers as well.

  • Added: 2021-01-04 — Latest reference: 2021-01-04

    The personal finance management software “Quicken” has a discontinuation policy, a.k.a. planned obsolescence, which is an injustice to users. A free (as in freedom) program would let users control the software. But when you use a proprietary software, you won't be in control.

  • Added: 2021-01-04 — Latest reference: 2020-12-02

    Adobe Flash Player has a universal back door which lets Adobe control the software and, for example, disable it whenever it wants. Adobe will block Flash content from running in Flash Player beginning January 12, 2021, which indicates that they have access to every Flash Player through a back door.

    The back door won't be dangerous in the future, as it'll disable a proprietary program and make users delete the software, but it was an injustice for many years. Users should have deleted Flash Player even before its end of life.

  • Added: 2021-01-04 — Latest reference: 2020-10-21

    As of 2019-2020, Minecraft players are being forced to move to Microsoft servers, which results in privacy violation. Microsoft publishes a program so users can run their own server, but the program is proprietary and it's another injustice to users.

    People can play Minetest instead. Minetest is free software and respects the user's computer freedom.

  • Added: 2021-01-04 — Latest reference: 2020-09-07

    While the world is still struggling with COVID-19 coronavirus, many people are in danger of surveillance and their computers are infected with malware as a result of installing proprietary software.

  • Added: 2020-12-26 — Latest reference: 2020-11-05

    HP tricked users into installing a mischievous update in their printers that made the devices reject all third-party ink cartridges.

  • Added: 2020-12-23 — Latest reference: 2020-12-15

    United States officials are facing one of biggest crackings against them in years, when malicious code was sneaked into SolarWinds' proprietary software named Orion. Crackers got access to networks when users downloaded a tainted software update. Crackers were able to monitor internal emails at some of the top agencies in the US.

    (Please note that the article wrongly refers to crackers as "hackers".)

  • Added: 2020-12-22 — Latest reference: 2020-12-20

    Commercial crackware can get passwords out of an iMonster, use the microphone and camera, and other things.

  • Added: 2020-12-21 — Latest reference: 2020-12-19

    A Zoom executive carried out snooping and censorship for China.

    This abuse of Zoom's power shows how dangerous that power is. The root problem is not the surveillance and censorship, but rather the power that Zoom has. It gets that power partly from the use of its server, but also partly from the nonfree client program.

  • Added: 2020-12-18 — Latest reference: 2020-11-23

    Some Wavelink and JetStream wifi routers have universal back doors that enable unauthenticated users to remotely control not only the routers, but also any devices connected to the network. There is evidence that this vulnerability is actively exploited.

    If you consider buying a router, we encourage you to get one that runs on free software. Any attempts at introducing malicious functionalities in it (e.g., through a firmware update) will be detected by the community, and soon corrected.

    If unfortunately you own a router that runs on proprietary software, don't panic! You may be able to replace its firmware with a free operating system such as libreCMC. If you don't know how, you can get help from a nearby GNU/Linux user group.

  • Added: 2020-12-17 — Latest reference: 2020-12-07

    Baidu apps were caught collecting sensitive personal data that can be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to the Chinese government, possibly putting Chinese people in danger.

  • Added: 2020-12-05 — Latest reference: 2020-11-26

    Microsoft's Office 365 suite enables employers to snoop on each employee. After a public outburst, Microsoft stated that it would remove this capability. Let's hope so.

  • Added: 2020-11-25 — Latest reference: 2020-11-12

    Apple has implemented a malware in its computers that imposes surveillance on users and reports users' computing to Apple.

    The reports are even unencrypted and they've been leaking this data for two years already. This malware is reporting to Apple what user opens what program at what time. It also gives Apple power to sabotage users' computing.

  • Added: 2020-11-23 — Latest reference: 2020-11-09

    According to FTC, the company behind the Zoom conferencing software has lied to users about its end-to-end encryption for years, at least since 2016.

    People can use free (as in freedom) programs such as Jitsi or BigBlueButton, better still if installed in a server controlled by the users.

  • Added: 2020-11-21 — Latest reference: 2020-04-15

    Riot Games' new anti-cheat is malware; runs on system boot at kernel level on Windows. It is insecure software that increases the attack surface of the operating system.

  • Added: 2020-11-19 — Latest reference: 2020-03-26

    The Apple iOS version of Zoom is sending users' data to Facebook even if the user doesn't have a Facebook account. According to the article, Zoom and Facebook don't even mention this surveillance on their privacy policy page, making this an obvious violation of people's privacy even in their own terms.

  • Added: 2020-11-14 — Latest reference: 2020-11-06

    A new app published by Google lets banks and creditors deactivate people's Android devices if they fail to make payments. If someone's device gets deactivated, it will be limited to basic functionality, such as emergency calling and access to settings.

  • Added: 2020-11-14 — Latest reference: 2019-05-28

    Microsoft forces people to give their phone number in order to be able to create an account on the company's network. On top of mistreating their users by providing nonfree software, Microsoft is tracking their lives outside the computer and violates their privacy.

  • Added: 2020-11-10 — Latest reference: 2020-06-12

    The company behind Zoom does not only deny users' computer freedom by developing this piece of nonfree software, it also violates users' civil rights by banning events and censoring users to serve the agenda of governments.

    Freedom respecting programs such as Jitsi or BigBlueButton can be used instead, better still if installed in a server controlled by its users.

  • Added: 2020-11-02 — Latest reference: 2020-10-22

    Microsoft is imposing its surveillance on the game of Minecraft by requiring every player to open an account on Microsoft's network. Microsoft has bought the game and will merge all accounts into its network, which will give them access to people's data.

    Minecraft players can play Minetest instead. The essential advantage of Minetest is that it is free software, meaning it respects the user's computer freedom. As a bonus, it offers more options.

  • Added: 2020-11-02 — Latest reference: 2019-12-16

    Microsoft is tricking users to create an account on their network to be able to install and use the Windows operating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product.

  • Added: 2020-10-28 — Latest reference: 2020-10-22

    The addictive Genshin Impact relentlessly coerces players to spend money by overwhelming the game play with loot boxes.

  • Added: 2020-10-16 — Latest reference: 2020-09-10

    Internet-enabled watches with proprietary software are malware, violating people (specially children's) privacy. In addition, they have a lot of security flaws. They permit security breakers (and unauthorized people) to access the watch.

    Thus, ill-intentioned unauthorized people can intercept communications between parent and child and spoof messages to and from the watch, possibly endangering the child.

    (Note that this article misuses the word “hackers” to mean “crackers.”)

  • Added: 2020-10-06 — Latest reference: 2020-03-11

    Roblox (among many other games) created anti-features which sucker children into utilizing third-party payment services without authorization.

  • Added: 2020-09-30 — Latest reference: 2020-07-27

    The Mellow sous-vide cooker is tethered to a server. The company suddenly turned this tethering into a subscription, forbidding users from taking advantage of the “advanced features” of the cooker unless they pay a monthly fee.

  • Added: 2020-09-28 — Latest reference: 2020-09-27

    Many employers are using nonfree software, including videoconference software, to surveil and monitor staff working at home. If the program reports whether you are “active,” that is in effect a malicious surveillance feature.

  • Added: 2020-09-28 — Latest reference: 2020-09-18

    Facebook snoops on Instagram users by surreptitously turning on the device's camera.

  • Added: 2020-09-23 — Latest reference: 2020-08-18

    Oculus headsets require users to identify themselves to Facebook. This will give Facebook free rein to pervasively snoop on Oculus users.

  • Added: 2020-09-02 — Latest reference: 2020-08-30

    Apple is putting the squeeze on all business conducted through apps for iMonsters.

    This is a symptom of a very big injustice: that Apple has the power to decide what software can be installed on an iMonster. That it is a jail.

  • Added: 2020-08-21 — Latest reference: 2020-08-18

    New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour.

    Before you buy a “connected” car, make sure you can disconnect its cellular antenna and its GPS antenna. If you want GPS navigation, get a separate navigator which runs free software and works with Open Street Map.

  • Added: 2020-08-21 — Latest reference: 2020-08-18

    Apple can remotely cut off any developer's access to the tools for developing software for iOS or MacOS.

    Epic (Apple's target in this example) makes nonfree games which have their own malicious features, but that doesn't make it acceptable for Apple to have this sort of power.

  • Added: 2020-08-20 — Latest reference: 2020-08-11

    TikTok exploited an Android vulnerability to obtain user MAC addresses.

  • Added: 2020-08-18 — Latest reference: 2020-04-20

    Apple whistleblower Thomas Le Bonniec reports that Apple made a practice of surreptitiously activating the Siri software to record users' conversations when they had not activated Siri. This was not just occasional, it was systematic practice.

    His job was to listen to these recordings, in a group that made transcripts of them. He does not believes that Apple has ceased this practice.

    The only reliable way to prevent this is, for the program that controls access to the microphone to decide when the user has “activated” any service, to be free software, and the operating system under it free as well. This way, users could make sure Apple can't listen to them.

  • Added: 2020-08-14 — Latest reference: 2020-08-03

    Google Nest is taking over ADT. Google sent out a software update to its speaker devices using their back door that listens for things like smoke alarms and then notifies your phone that an alarm is happening. This means the devices now listen for more than just their wake words. Google says the software update was sent out prematurely and on accident and Google was planning on disclosing this new feature and offering it to customers who pay for it.

  • Added: 2020-08-12 — Latest reference: 2020-07-28

    The Focals eyeglass display, with snooping microphone, has been eliminated. Google eliminated it by buying the manufacturer and shutting it down. It also shut down the server these devices depend on, which caused the ones already sold to cease to function.

    It may be a good thing to wipe out this product—for “smart,” read “snoop”—but Google didn't do that for the sake of privacy. Rather, it was eliminating competition for its own snooping product.

  • Added: 2020-07-09 — Latest reference: 2020-07-01

    BMW will remotely enable and disable functionality in cars through a universal back door.

  • Added: 2020-07-09 — Latest reference: 2020-06-30

    “Bossware” is malware that bosses coerce workers into installing in their own computers, so the bosses can spy on them.

    This shows why requiring the user's “consent” is not an adequate basis for protecting digital privacy. The boss can coerce most workers into consenting to almost anything, even probable exposure to contagious disease that can be fatal. Software like this should be illegal and bosses that demand it should be prosecuted for it.

  • Added: 2020-07-01 — Latest reference: 2015-04-21

    Runescape is a popular online game with some addictive features derived from behavioral manipulation techniques. Certain repetitive aspects of the game, like grinding, can be minimised by becoming a paying member, and can thus encourage children and impressionable people to spend money on the game.

  • Added: 2020-06-26 — Latest reference: 2020-06-26

    Most apps are malware, but Trump's campaign app, like Modi's campaign app, is especially nasty malware, helping companies snoop on users as well as snooping on them itself.

    The article says that Biden's app has a less manipulative overall approach, but that does not tell us whether it has functionalities we consider malicious, such as sending data the user has not explicitly asked to send.

  • Added: 2020-06-25 — Latest reference: 2020-06-25

    TV manufacturers are able to snoop every second of what the user is watching. This is illegal due to the Video Privacy Protection Act of 1988, but they're circumventing it through EULAs.

  • Added: 2020-06-22 — Latest reference: 2020-06-16

    A disasterous security bug touches millions of products in the Internet of Stings.

    As a result, anyone can sting the user, not only the manufacturer.

  • Added: 2020-06-13 — Latest reference: 2019-09-06

    Best Buy made controllable appliances and shut down the service to control them through.

    While it is laudable that Best Buy recognized it was mistreating the customers by doing so, this doesn't alter the facts that tethering the device to a particular server is a path to screwing the users, and that it is a consequence of having nonfree software in the device.

  • Added: 2020-06-07 — Latest reference: 2020-05-07

    Wink sells a “smart” home hub that is tethered to a server. In May 2020, it ordered the purchasers to start paying a monthly fee for the use of that server. Because of the tethering, the hub is useless without that.

  • Added: 2020-05-25 — Latest reference: 2020-05-25

    Tesla's cars have a universal remote back door. Tesla used it to disable the autopilot features on people's cars to make them pay extra for re-enabling the features.

    This kind of malfeature is only possible with proprietary software—free software is controlled by its users who wouldn't let do such things to them.

  • Added: 2020-05-03 — Latest reference: 2020-04-30

    Xiaomi phones report many actions the user takes: starting an app, looking at a folder, visiting a website, listening to a song. They send device identifying information too.

    Other nonfree programs snoop too. For instance, Spotify and other streaming dis-services make a dossier about each user, and they make users identify themselves to pay. Out, out, damned Spotify!

    Forbes exonerates the same wrongs when the culprits are not Chinese, but we condemn this no matter who does it.

  • Added: 2020-04-14 — Latest reference: 2020-04-13

    The Google Play Terms of Service insist that the user of Android accept the presence of universal back doors in apps released by Google.

    This does not tell us whether any of Google's apps currently contains a universal back door, but that is a secondary question. In moral terms, demanding that people accept in advance certain bad treatment is equivalent to actually doing it. Whatever condemnation the latter deserves, the former deserves the same.

  • Added: 2020-03-25 — Latest reference: 2017-03-07

    The CIA exploited existing vulnerabilities in “smart” TVs and phones to design a malware that spies through their microphones and cameras while making them appear to be turned off. Since the spyware sniffs signals, it bypasses encryption.

  • Added: 2020-03-04 — Latest reference: 2020-03-01

    The Alipay Health Code app estimates whether the user has Covid-19 and tells the cops directly.

  • Added: 2020-02-24 — Latest reference: 2019-11-19

    Internet-tethered Amazon Ring had a security vulnerability that enabled attackers to access the user's wifi password, and snoop on the household through connected surveillance devices.

    Knowledge of the wifi password would not be sufficient to carry out any significant surveillance if the devices implemented proper security, including encryption. But many devices with proprietary software lack this. Of course, they are also used by their manufacturers for snooping.

  • Added: 2020-02-17 — Latest reference: 2019-12-22

    The ToToc messaging app seems to be a spying tool for the government of the United Arab Emirates. Any nonfree program could be doing this, and that is a good reason to use free software instead.

    Note: this article uses the word “free” in the sense of “gratis.”

  • Added: 2020-02-17 — Latest reference: 2019-12-19

    Some Avast and AVG extensions for Firefox and Chrome were found to snoop on users' detailed browsing habits. Mozilla and Google removed the problematic extensions from their stores, but this shows once more how unsafe nonfree software can be. Tools that are supposed to protect a proprietary system are, instead, infecting it with additional malware (the system itself being the original malware).

  • Added: 2020-02-15 — Latest reference: 2020-02-02

    Many Android apps fool their users by asking them to decide what permissions to give the program, and then bypassing these permissions.

    The Android system is supposed to prevent data leaks by running apps in isolated sandboxes, but developers have found ways to access the data by other means, and there is nothing the user can do to stop them from doing so, since both the system and the apps are nonfree.

  • Added: 2020-02-15 — Latest reference: 2019-12-17

    Most modern cars now record and send various kinds of data to the manufacturer. For the user, access to the data is nearly impossible, as it involves cracking the car's computer, which is always hidden and running with proprietary software.

  • Added: 2020-02-15 — Latest reference: 2019-12-09

    iMonsters and Android phones, when used for work, give employers powerful snooping and sabotage capabilities if they install their own software on the device. Many employers demand to do this. For the employee, this is simply nonfree software, as fundamentally unjust and as dangerous as any other nonfree software.

  • Added: 2020-02-01 — Latest reference: 2020-01-29

    The Amazon Ring app does surveillance for other companies as well as for Amazon.

  • Added: 2020-01-20 — Latest reference: 2020-01-09

    Android phones subsidized by the US government come with preinstalled adware and a back door for forcing installation of apps.

    The adware is in a modified version of an essential system configuration app. The back door is a surreptitious addition to a program whose stated purpose is to be a universal back door for firmware.

    In other words, a program whose raison d'être is malicious has a secret secondary malicious purpose. All this is in addition to the malware of Android itself.

  • Added: 2019-12-17 — Latest reference: 2019-12-17

    Some security breakers (wrongly referred in this article as “hackers”) managed to interfere the Amazon Ring proprietary system, and access its camera, speakers and microphones.

  • Added: 2019-10-31 — Latest reference: 2019-10-13

    Safari occasionally sends browsing data from Apple devices in China to the Tencent Safe Browsing service, to check URLs that possibly correspond to “fraudulent” websites. Since Tencent collaborates with the Chinese government, its Safe Browsing black list most certainly contains the websites of political opponents. By linking the requests originating from single IP addresses, the government can identify dissenters in China and Hong Kong, thus endangering their lives.

  • Added: 2019-10-20 — Latest reference: 2019-04-08

    Apple plans to require that all application software for MacOS be approved by Apple first.

    Offering a checking service as an option could be useful and would not be wrong. Requiring users to get Apple's approval is tyranny. Apple says the check will only look for malware (not counting the malware that is part of the operating system), but Apple could change that policy step by step. Or perhaps Apple will define malware to include any app that China does not like.

    For free software, this means users will need to get Apple's approval after compilation. This amounts to a system of surveilling the use of free programs.

  • Added: 2019-10-19 — Latest reference: 2019-10-13

    The Chinese Communist Party's “Study the Great Nation” app requires users to grant it access to the phone's microphone, photos, text messages, contacts, and internet history, and the Android version was found to contain a back-door allowing developers to run any code they wish in the users' phone, as “superusers.” Downloading and using this app is mandatory at some workplaces.

    Note: The Washington Post version of the article (partly obfuscated, but readable after copy-pasting in a text editor) includes a clarification saying that the tests were only performed on the Android version of the app, and that, according to Apple, “this kind of ‘superuser’ surveillance could not be conducted on Apple's operating system.”

  • Added: 2019-10-16 — Latest reference: 2019-10-07

    Apple censors the Taiwan flag in iOS on behalf of the Chinese government. When the region is set to Hong Kong, this flag is not visible in the emoji selection widget but is still accessible. When the region is set to mainland China, all attempts to display it will result in the “empty emoji” icon as if the flag never existed.

    Thus, not only does Apple use the App Store as an instrument of censorship, it also uses the iThing operating system for that purpose.

  • Added: 2019-10-15 — Latest reference: 2019-10-10

    Apple has banned the app that Hong Kong protesters use to communicate.

    Obeying the “local laws” about what people can do with software is no excuse for censoring what software people can use.

  • Added: 2019-10-15 — Latest reference: 2019-10-07

    Adobe has cancelled the software subscriptions of all users in Venezuela. This demonstrates how a requirement for subscription can be turned into a tool for sabotage.

  • Added: 2019-10-04 — Latest reference: 2019-08-27

    A very popular app found in the Google Play store contained a module that was designed to secretly install malware on the user's computer. The app developers regularly used it to make the computer download and execute any code they wanted.

    This is a concrete example of what users are exposed to when they run nonfree apps. They can never be completely sure that a nonfree app is safe.

  • Added: 2019-10-03 — Latest reference: 2019-09-09

    The Facebook app tracks users even when it is turned off, after tricking them into giving the app broad permissions in order to use one of its functionalities.

  • Added: 2019-10-03 — Latest reference: 2017-08-31

    The recent versions of Microsoft Office require the user to connect to Microsoft servers at least every thirty-one days. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.

  • Added: 2019-09-18 — Latest reference: 2019-09-09

    Some nonfree period-tracking apps including MIA Fem and Maya send intimate details of users' lives to Facebook.

  • Added: 2019-09-16 — Latest reference: 2019-09-16

    Tesla users claim Tesla force-installed software to cut down on battery range, rather than replace the defective batteries. Tesla did this to avoid having to run their warranty.

    This means that proprietary software can potentially be a way to commit perjury with impunity.

  • Added: 2019-09-11 — Latest reference: 2019-08-22

    ChromeBooks are programmed for obsolescence: ChromeOS has a universal back door that is used for updates and ceases to operate at a predefined date. From then on, there appears to be no support whatsoever for the computer.

    In other words, when you stop getting screwed by the back door, you start getting screwed by the obsolescence.

  • Added: 2019-09-11 — Latest reference: 2019-08-21

    Microsoft recorded users of Xboxes and had human workers listen to the recordings.

    Morally, we see no difference between having human workers listen and having speech-recognition systems listen. Both intrude on privacy.

  • Added: 2019-09-10 — Latest reference: 2019-09-06

    Keeping track of who downloads a proprietary program is a form of surveillance. There is a proprietary program for adjusting a certain telescopic rifle sight. A US prosecutor has demanded the list of all the 10,000 or more people who have installed it.

    With a free program there would not be a list of who has installed it.

  • Added: 2019-09-10 — Latest reference: 2019-08-31

    A series of vulnerabilities found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster.

    The deep insecurity of iMonsters is even more pertinent given that Apple's proprietary software makes users totally dependent on Apple for even a modicum of security. It also means that the devices do not even try to offer security against Apple itself.

  • Added: 2019-08-31 — Latest reference: 2019-08-16

    A game published on Facebook aimed at leading children to spend large amounts of their parents' money without explaining it to them.

  • Added: 2019-08-23 — Latest reference: 2019-08-13

    When Apple suspects a user of fraud, it judges the case secretly and presents the verdict as a fait accompli. The punishment to a user found guilty is being cut off for life, which more-or-less cripples the user's Apple devices forever. There is no appeal.

  • Added: 2019-08-15 — Latest reference: 2019-08-15

    Skype refuses to say whether it can eavesdrop on calls.

    That almost certainly means it can do so.

  • Added: 2019-08-15 — Latest reference: 2019-08-15

    Apple is putting DRM on iPhone batteries, and the system proprietary software turns off certain features when batteries are replaced other than by Apple.

  • Added: 2019-08-06 — Latest reference: 2019-08-02

    Out of 21 gratis Android antivirus apps that were tested by security researchers, eight failed to detect a test virus. All of them asked for dangerous permissions or contained advertising trackers, with seven being more risky than the average of the 100 most popular Android apps.

    (Note that the article refers to these proprietary apps as “free”. It should have said “gratis” instead.)

  • Added: 2019-08-03 — Latest reference: 2019-07-08

    Many unscrupulous mobile-app developers keep finding ways to bypass user's settings, regulations, and privacy-enhancing features of the operating system, in order to gather as much private data as they possibly can.

    Thus, we can't trust rules against spying. What we can trust is having control over the software we run.

  • Added: 2019-07-21 — Latest reference: 2019-07-21

    Google “Assistant” records users' conversations even when it is not supposed to listen. Thus, when one of Google's subcontractors discloses a thousand confidential voice recordings, users were easily identified from these recordings.

    Since Google “Assistant” uses proprietary software, there is no way to see or control what it records or sends.

    Rather than trying to better control the use of recordings, Google should not record or listen to the person's voice. It should only get commands that the user wants to send to some Google service.

  • Added: 2019-07-17 — Latest reference: 2019-07-09

    Resourceful children figured out how to empty their parents' bank account buying packs of special players for an Electronic Arts soccer game.

    The random element of these packs (also called “loot boxes”) makes the game strongly addictive, but the fact that players are pressured to spend more in order to get ahead of their competitors further qualifies it as predatory. Note that Belgium made these loot boxes illegal in 2018.

    The only good reason to have a copy of such a proprietary game is to study it for free software development.

  • Added: 2019-07-16 — Latest reference: 2019-07-10

    Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps.

    The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

  • Added: 2019-07-15 — Latest reference: 2019-07-08

    Many Android apps can track users' movements even when the user says not to allow them access to locations.

    This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps.

  • Added: 2019-07-15 — Latest reference: 2018-09-21

    Clash of Clans is a good example of a gratis mobile game that its developers made very addictive for a large proportion of its users—and turned into a cash machine for themselves—by using psychological manipulation techniques.

    (The article uses “free” to mean “zero price,” which is a usage we should avoid. We recommend saying “gratis” instead.)

  • Added: 2019-06-27 — Latest reference: 2019-06-22

    Google Chrome is an instrument of surveillance. It lets thousands of trackers invade users' computers and report the sites they visit to advertising and data companies, first of all to Google. Moreover, if users have a Gmail account, Chrome automatically logs them in to the browser for more convenient profiling. On Android, Chrome also reports their location to Google.

    The best way to escape surveillance is to switch to IceCat, a modified version of Firefox with several changes to protect users' privacy.

  • Added: 2019-06-10 — Latest reference: 2019-05-28

    In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night sending users' personal information to third parties.

    The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as phone fingerprint, exact location, email address, phone number or even delivery address (in the case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for.

  • Added: 2019-06-01 — Latest reference: 2019-05-30

    The Femm “fertility” app is secretly a tool for propaganda by natalist Christians. It spreads distrust for contraception.

    It snoops on users, too, as you must expect from nonfree programs.

  • Added: 2019-05-29 — Latest reference: 2019-05-06

    Amazon Alexa collects a lot more information from users than is necessary for correct functioning (time, location, recordings made without a legitimate prompt), and sends it to Amazon's servers, which store it indefinitely. Even worse, Amazon forwards it to third-party companies. Thus, even if users request deletion of their data from Amazon's servers, the data remain on other servers, where they can be accessed by advertising companies and government agencies. In other words, deleting the collected information doesn't cancel the wrong of collecting it.

    Data collected by devices such as the Nest thermostat, the Philips Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos speakers are likewise stored longer than necessary on the servers the devices are tethered to. Moreover, they are made available to Alexa. As a result, Amazon has a very precise picture of users' life at home, not only in the present, but in the past (and, who knows, in the future too?)

  • Added: 2019-05-18 — Latest reference: 2019-05-15

    Users caught in the jail of an iMonster are sitting ducks for other attackers, and the app censorship prevents security companies from figuring out how those attacks work.

    Apple's censorship of apps is fundamentally unjust, and would be inexcusable even if it didn't lead to security threats as well.

  • Added: 2019-05-10 — Latest reference: 2019-05-06

    BlizzCon 2019 imposed a requirement to run a proprietary phone app to be allowed into the event.

    This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has near-complete control over the phone.

  • Added: 2019-05-08 — Latest reference: 2019-04-26

    The Jibo robot toys were tethered to the manufacturer's server, and the company made them all cease to work by shutting down that server.

    The shutdown might ironically be good for their users, since the product was designed to manipulate people by presenting a phony semblance of emotions, and was most certainly spying on them.

  • Added: 2019-05-08 — Latest reference: 2019-02-01

    The FordPass Connect feature of some Ford vehicles has near-complete access to the internal car network. It is constantly connected to the cellular phone network and sends Ford a lot of data, including car location. This feature operates even when the ignition key is removed, and users report that they can't disable it.

    If you own one of these cars, have you succeeded in breaking the connectivity by disconnecting the cellular modem, or wrapping the antenna in aluminum foil?

  • Added: 2019-04-27 — Latest reference: 2019-04-24

    Some of users' commands to the Alexa service are recorded for Amazon employees to listen to. The Google and Apple voice assistants do similar things.

    A fraction of the Alexa service staff even has access to location and other personal data.

    Since the client program is nonfree, and data processing is done “in the cloud” (a soothing way of saying “We won't tell you how and where it's done”), users have no way to know what happens to the recordings unless human eavesdroppers break their non-disclosure agreements.

  • Added: 2019-04-22 — Latest reference: 2019-04-21

    As of April 2019, it is no longer possible to disable an unscrupulous tracking anti-feature that reports users when they follow ping links in Apple Safari, Google Chrome, Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is going to be based on Chromium.

  • Added: 2019-04-22 — Latest reference: 2019-04-13

    Data collected by menstrual and pregnancy monitoring apps is often available to employers and insurance companies. Even though the data is “anonymized and aggregated,” it can easily be traced back to the woman who uses the app.

    This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do so. A free-software app that does more or less the same thing without spying on you is available from F-Droid, and a new one is being developed.

  • Added: 2019-04-21 — Latest reference: 2019-04-04

    Microsoft has been force-installing a “remediation” program on computers running certain versions of Windows 10. Remediation, in Microsoft's view, means tampering with users' settings and files, notably to “repair” any components of the updating system that users may have intentionally disabled, and thus regain full power over them. Microsoft repeatedly pushed faulty versions of this program to users' machines, causing numerous problems, some of which critical.

    This exemplifies the arrogant and manipulative attitude that proprietary software developers have learned to adopt toward the people they are supposedly serving. Migrate to a free operating system if you can!

    If your employer makes you run Windows, tell the financial department how this wastes your time dealing with endless connections and premature hardware failures.

  • Added: 2019-04-20 — Latest reference: 2019-04-15

    Volkswagen programmed its car engine computers to detect the Environmental Protection Agency's emission tests, and run dirty the rest of the time. In real driving, the cars exceeded emissions standards by a factor of up to 35.

    Using free software would not have stopped Volkswagen from programming it this way, but would have made it harder to conceal, and given the users the possibility of correcting the deception.

    Former executives of Volkswagen are being sued over this fraud.

  • Added: 2019-04-18 — Latest reference: 2019-04-13

    Google tracks the movements of Android phones and iPhones running Google apps, and sometimes saves the data for years.

    Nonfree software in the phone has to be responsible for sending the location data to Google.

  • Added: 2019-04-18 — Latest reference: 2018-11-23

    An Android phone was observed to track location even while in airplane mode. It didn't send the location data while in airplane mode. Instead, it saved up the data, and sent them all later.

  • Added: 2019-04-17 — Latest reference: 2019-04-04

    Ebooks “bought” from Microsoft's store check that their DRM is valid by connecting to the store every time their “owner” wants to read them. Microsoft is going to close this store, bricking all DRM'ed ebooks it has ever “sold”. (The article additionally highlights the pitfalls of DRM.)

    This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said it will refund customers, but this is no excuse for selling them restricted books.

  • Added: 2019-04-15 — Latest reference: 2019-03-28

    OfficeMax cheated customers by using proprietary “PC Health Check” software rigged to give false results, deceiving the customer into thinking per computer was infected and buy unneeded support services from the company.

  • Added: 2019-04-11 — Latest reference: 2019-03-21

    The Medtronics Conexus Telemetry Protocol has two vulnerabilities that affect several models of implantable defibrillators and the devices they connect to.

    This protocol has been around since 2006, and similar vulnerabilities were discovered in an earlier Medtronics communication protocol in 2008. Apparently, nothing was done by the company to correct them. This means you can't rely on proprietary software developers to fix bugs in their products.

  • Added: 2019-04-09 — Latest reference: 2019-03-28

    Car companies are coming up with a list of clever reasons why they “have to” put cameras and microphones in the car.

    BMW says its software does not store any driver-monitoring information. If this means none of the data that come out of the cameras and microphones can be seen by anyone else, the cameras and microphones are not dangerous. But should we trust this claim? The only way it can deserve rational trust is if the software is free.

  • Added: 2019-04-09 — Latest reference: 2019-03-25

    Many Android phones come with a huge number of preinstalled nonfree apps that have access to sensitive data without users' knowledge. These hidden apps may either call home with the data, or pass it on to user-installed apps that have access to the network but no direct access to the data. This results in massive surveillance on which the user has absolutely no control.

  • Added: 2019-04-05 — Latest reference: 2019-03-29

    Tesla cars collect lots of personal data, and when they go to a junkyard the driver's personal data goes with them.

  • Added: 2019-04-01 — Latest reference: 2019-03-25

    The British supermarket Tesco sold tablets which were tethered to Tesco's server for reinstalling default settings. Tesco turned off the server for old models, so now if you try to reinstall the default settings, it bricks them instead.

  • Added: 2019-03-28 — Latest reference: 2019-03-20

    A study of 24 “health” apps found that 19 of them send sensitive personal data to third parties, which can use it for invasive advertising or discriminating against people in poor medical condition.

    Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping.

  • Added: 2019-03-28 — Latest reference: 2019-03-20

    Volvo plans to install cameras inside cars to monitor the driver for signs of impairment that could cause an accident.

    However, there is nothing to prevent these cameras from doing other things, such as biometrically identifying the driver or passengers, other than proprietary software which Volvo—or various governments and criminals—could change at any time.

  • Added: 2019-03-26 — Latest reference: 2017-04-13

    Low-priced Chromebooks for schools are collecting far more data on students than is necessary, and store it indefinitely. Parents and students complain about the lack of transparency on the part of both the educational services and the schools, the difficulty of opting out of these services, and the lack of proper privacy policies, among other things.

    But complaining is not sufficient. Parents, students and teachers should realize that the software Google uses to spy on students is nonfree, so they can't verify what it really does. The only remedy is to persuade school officials to exclusively use free software for both education and school administration. If the school is run locally, parents and teachers can mandate their representatives at the School Board to refuse the budget unless the school initiates a switch to free software. If education is run nation-wide, they need to persuade legislators (e.g., through free software organizations, political parties, etc.) to migrate the public schools to free software.

  • Added: 2019-03-23 — Latest reference: 2017-01-27

    A cracker would be able to turn the Oculus Rift sensors into spy cameras after breaking into the computer they are connected to.

    (Unfortunately, the article improperly refers to crackers as “hackers”.)

  • Added: 2019-03-13 — Latest reference: 2018-11-30

    In China, it is mandatory for electric cars to be equipped with a terminal that transfers technical data, including car location, to a government-run platform. In practice, manufacturers collect this data as part of their own spying, then forward it to the government-run platform.

  • Added: 2019-03-11 — Latest reference: 2019-03-08

    Malware installed into the processor in a hard drive could use the disk itself as a microphone to detect speech.

    The article refers to the “Linux operating system” but seems to mean GNU/Linux. That hack would not require changing Linux itself.

  • Added: 2019-03-10 — Latest reference: 2015-07-29

    Game Of War: Fire Age is an iPhone game with addictive features which are based on behavioral manipulation techniques, compounded with group emulation. After a fairly easy start, the game slows down and becomes more difficult, so gamers are led to spend more and more money in order to keep up with their group. And if they stop playing for a while, the equipment they invested in gets destroyed by the “enemy” unless they buy an expensive “shield” to protect it. This game is also deceptive, as it uses confusing menus and complex stats to obfuscate true monetary costs.

  • Added: 2019-03-04 — Latest reference: 2019-02-27

    The Ring (now Amazon) doorbell camera is designed so that the manufacturer (now Amazon) can watch all the time. Now it turns out that anyone else can also watch, and fake videos too.

    The third party vulnerability is presumably unintentional and Amazon will probably fix it. However, we do not expect Amazon to change the design that allows Amazon to watch.

  • Added: 2019-03-04 — Latest reference: 2019-02-14

    The AppCensus database gives information on how Android apps use and misuse users' personal data. As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the Advertising ID to other companies, and 18,000 (23% of the total) link this ID to hardware identifiers, so that users cannot escape tracking by resetting it.

    Collecting hardware identifiers is in apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to take action. This proves that the policies of a development platform are ineffective at preventing nonfree software developers from including malware in their programs.

  • Added: 2019-02-28 — Latest reference: 2019-02-23

    Facebook offered a convenient proprietary library for building mobile apps, which also sent personal data to Facebook. Lots of companies built apps that way and released them, apparently not realizing that all the personal data they collected would go to Facebook as well.

    It shows that no one can trust a nonfree program, not even the developers of other nonfree programs.

  • Added: 2019-02-28 — Latest reference: 2019-02-08

    The HP “ink subscription” cartridges have DRM that constantly communicates with HP servers to make sure the user is still paying for the subscription, and hasn't printed more pages than were paid for.

    Even though the ink subscription program may be cheaper in some specific cases, it spies on users, and involves totally unacceptable restrictions in the use of ink cartridges that would otherwise be in working order.

  • Added: 2019-02-22 — Latest reference: 2019-01-07

    Vizio TVs collect “whatever the TV sees,” in the own words of the company's CTO, and this data is sold to third parties. This is in return for “better service” (meaning more intrusive ads?) and slightly lower retail prices.

    What is supposed to make this spying acceptable, according to him, is that it is opt-in in newer models. But since the Vizio software is nonfree, we don't know what is actually happening behind the scenes, and there is no guarantee that all future updates will leave the settings unchanged.

    If you already own a Vizio “smart” TV (or any “smart” TV, for that matter), the easiest way to make sure it isn't spying on you is to disconnect it from the Internet, and use a terrestrial antenna instead. Unfortunately, this is not always possible. Another option, if you are technically oriented, is to get your own router (which can be an old computer running completely free software), and set up a firewall to block connections to Vizio's servers. Or, as a last resort, you can replace your TV with another model.

  • Added: 2019-02-21 — Latest reference: 2019-02-20

    Some portable surveillance devices (“phones”) now have fingerprint sensors in the display. Does that imply they could take the fingerprint of anyone who operates the touch screen?

  • Added: 2019-02-20 — Latest reference: 2019-02-04

    Twenty nine “beauty camera” apps that used to be on Google Play had one or more malicious functionalities, such as stealing users' photos instead of “beautifying” them, pushing unwanted and often malicious ads on users, and redirecting them to phishing sites that stole their credentials. Furthermore, the user interface of most of them was designed to make uninstallation difficult.

    Users should of course uninstall these dangerous apps if they haven't yet, but they should also stay away from nonfree apps in general. All nonfree apps carry a potential risk because there is no easy way of knowing what they really do.

  • Added: 2019-02-13 — Latest reference: 2019-02-06

    Many nonfree apps have a surveillance feature for recording all the users' actions in interacting with the app.

  • Added: 2019-02-08 — Latest reference: 2019-02-01

    An investigation of the 150 most popular gratis VPN apps in Google Play found that 25% fail to protect their users' privacy due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well.

    Moreover, a previous investigation had found that half of the top 10 gratis VPN apps have lousy privacy policies.

    (It is unfortunate that these articles talk about “free apps.” These apps are gratis, but they are not free software.)

  • Added: 2019-02-07 — Latest reference: 2019-02-04

    Google invites people to let Google monitor their phone use, and all internet use in their homes, for an extravagant payment of $20.

    This is not a malicious functionality of a program with some other purpose; this is the software's sole purpose, and Google says so. But Google says it in a way that encourages most people to ignore the details. That, we believe, makes it fitting to list here.

  • Added: 2019-02-03 — Latest reference: 2019-01-23

    Google is modifying Chromium so that extensions won't be able to alter or block whatever the page contains. Users could conceivably reverse the change in a fork of Chromium, but surely Chrome (nonfree) will have the same change, and users can't fix it there.

  • Added: 2019-02-02 — Latest reference: 2018-12-29

    Around 40% of gratis Android apps report on the user's actions to Facebook.

    Often they send the machine's “advertising ID,” so that Facebook can correlate the data it obtains from the same machine via various apps. Some of them send Facebook detailed information about the user's activities in the app; others only say that the user is using that app, but that alone is often quite informative.

    This spying occurs regardless of whether the user has a Facebook account.

  • Added: 2019-02-02 — Latest reference: 2018-11-02

    Foundry's graphics software reports information to identify who is running it. The result is often a legal threat demanding a lot of money.

    The fact that this is used for repression of forbidden sharing makes it even more vicious.

    This illustrates that making unauthorized copies of nonfree software is not a cure for the injustice of nonfree software. It may avoid paying for the nasty thing, but cannot make it less nasty.

  • Added: 2019-01-28 — Latest reference: 2019-01-11

    Samsung phones come preloaded with a version of the Facebook app that can't be deleted. Facebook claims this is a stub which doesn't do anything, but we have to take their word for it, and there is the permanent risk that the app will be activated by an automatic update.

    Preloading crapware along with a nonfree operating system is common practice, but by making the crapware undeletable, Facebook and Samsung (among others) are going one step further in their hijacking of users' devices.

  • Added: 2019-01-21 — Latest reference: 2019-01-10

    Until 2015, any tweet that listed a geographical tag sent the precise GPS location to Twitter's server. It still contains these GPS locations.

  • Added: 2019-01-15 — Latest reference: 2016-12-29

    In the game Fruit Pop, the player buys boosts with coins to get a high score. The player gets coins at the end of each game, and can buy more coins with real money.

    Getting a higher score once leads the player to desire higher score again later. But the higher score resulting from the boost does not give the player more coins, and does not help the player get a higher score in subsequent games. To get that, the player will need a boost frequently, and usually has to pay real money for that. Since boosts are exciting and entertaining, the player is subtly pushed to purchase more coins with real money to get boosts, and it can develop into a costly habit.

  • Added: 2019-01-14 — Latest reference: 2016-12-14

    The Microsoft Telemetry Compatibility service drastically reduces the performances of machines running Windows 10, and can't be disabled easily.

  • Added: 2019-01-13 — Latest reference: 2019-01-10

    Amazon Ring “security” devices send the video they capture to Amazon servers, which save it long-term.

    In many cases, the video shows everyone that comes near, or merely passes by, the user's front door.

    The article focuses on how Ring used to let individual employees look at the videos freely. It appears Amazon has tried to prevent that secondary abuse, but the primary abuse—that Amazon gets the video—Amazon expects society to surrender to.

  • Added: 2019-01-06 — Latest reference: 2019-01-05

    The Weather Channel app stored users' locations to the company's server. The company is being sued, demanding that it notify the users of what it will do with the data.

    We think that lawsuit is about a side issue. What the company does with the data is a secondary issue. The principal wrong here is that the company gets that data at all.

    Other weather apps, including Accuweather and WeatherBug, are tracking people's locations.

  • Added: 2019-01-01 — Latest reference: 2018-12-30

    New GM cars offer the feature of a universal back door.

    Every nonfree program offers the user zero security against its developer. With this malfeature, GM has explicitly made things even worse.

  • Added: 2018-12-11 — Latest reference: 2018-12-06

    Facebook's app got “consent” to upload call logs automatically from Android phones while disguising what the “consent” was for.

  • Added: 2018-12-04 — Latest reference: 2018-11-27

    Many web sites use JavaScript code to snoop on information that users have typed into a form but not sent, in order to learn their identity. Some are getting sued for this.

    The chat facilities of some customer services use the same sort of malware to read what the user is typing before it is posted.

  • Added: 2018-11-13 — Latest reference: 2018-11-10

    Corel Paintshop Pro has a back door that can make it cease to function.

    The article is full of confusions, errors and biases that we have an obligation to expose, given that we are making a link to them.

    • Getting a patent does not “enable” a company to do any particular thing in its products. What it does enable the company to do is sue other companies if they do some particular thing in their products.
    • A company's policies about when to attack users through a back door are beside the point. Inserting the back door is wrong in the first place, and using the back door is always wrong too. No software developer should have that power over users.
    • Piracy” means attacking ships. Using that word to refer to sharing copies is a smear; please don't smear sharing.
    • The idea of “protecting our IP” is total confusion. The term “IP” itself is a bogus generalization about things that have nothing in common.

      In addition, to speak of “protecting” that bogus generalization is a separate absurdity. It's like calling the cops because neighbors' kids are playing on your front yard, and saying that you're “protecting the boundary line”. The kids can't do harm to the boundary line, not even with a jackhammer, because it is an abstraction and can't be affected by physical action.

  • Added: 2018-11-04 — Latest reference: 2018-10-30

    Nearly all “home security cameras” give the manufacturer an unencrypted copy of everything they see. “Home insecurity camera” would be a better name!

    When Consumer Reports tested them, it suggested that these manufacturers promise not to look at what's in the videos. That's not security for your home. Security means making sure they don't get to see through your camera.

  • Added: 2018-10-30 — Latest reference: 2018-10-24

    Some Android apps track the phones of users that have deleted them.

  • Added: 2018-10-29 — Latest reference: 2018-10-24

    Apple and Samsung deliberately degrade the performance of older phones to force users to buy their newer phones.

  • Added: 2018-10-26 — Latest reference: 2018-10-23

    GM tracked the choices of radio programs in its “connected” cars, minute by minute.

    GM did not get users' consent, but it could have got that easily by sneaking it into the contract that users sign for some digital service or other. A requirement for consent is effectively no protection.

    The cars can also collect lots of other data: listening to you, watching you, following your movements, tracking passengers' cell phones. All such data collection should be forbidden.

    But if you really want to be safe, we must make sure the car's hardware cannot collect any of that data, or that the software is free so we know it won't collect any of that data.

  • Added: 2018-10-22 — Latest reference: 2018-10-15

    Printer manufacturers are very innovative—at blocking the use of independent replacement ink cartridges. Their “security upgrades” occasionally impose new forms of cartridge DRM. HP and Epson have done this.

  • Added: 2018-10-11 — Latest reference: 2018-07-31

    A nonfree video game, available through the nonfree Steam client, included a “miner”, i.e. an executable that hijacks the CPU in users' computers to mine a cryptocurrency.

  • Added: 2018-10-11 — Latest reference: 2018-05-08

    A cracker used an exploit in outdated software to inject a “miner” in web pages served to visitors. This type of malware hijacks the computer's processor to mine a cryptocurrency.

    (Note that the article refers to the infected software as “content management system”. A better term would be “website revision system”.)

    Since the miner was a nonfree JavaScript program, visitors wouldn't have been affected if they had used LibreJS. Some browser extensions that specifically block JavaScript miners are also available.

  • Added: 2018-10-01 — Latest reference: 2018-09-26

    Honeywell's “smart” thermostats communicate only through the company's server. They have all the nasty characteristics of such devices: surveillance, and danger of sabotage (of a specific user, or of all users at once), as well as the risk of an outage (which is what just happened).

    In addition, setting the desired temperature requires running nonfree software. With an old-fashioned thermostat, you can do it using controls right on the thermostat.

  • Added: 2018-09-25 — Latest reference: 2018-09-24

    Researchers have discovered how to hide voice commands in other audio, so that people cannot hear them, but Alexa and Siri can.

  • Added: 2018-09-22 — Latest reference: 2018-09-14

    Android has a back door for remotely changing “user” settings.

    The article suggests it might be a universal back door, but this isn't clear.

  • Added: 2018-09-18 — Latest reference: 2018-09-12

    One version of Windows 10 harangues users if they try to install Firefox (or Chrome).

  • Added: 2018-09-15 — Latest reference: 2017-12-06

    Learn how gratis-to-play-and-not-win-much games manipulate their useds psychologically.

    These manipulative behaviors are malicious functionalities, and they are possible because the game is proprietary. If it were free, people could publish a non-manipulative version and play that instead.

  • Added: 2018-08-24 — Latest reference: 2018-06-24

    Red Shell is a spyware that is found in many proprietary games. It tracks data on users' computers and sends it to third parties.

  • Added: 2018-08-24 — Latest reference: 2005-10-20

    Blizzard Warden is a hidden “cheating-prevention” program that spies on every process running on a gamer's computer and sniffs a good deal of personal data, including lots of activities which have nothing to do with cheating.

  • Added: 2018-07-15 — Latest reference: 2018-06-25

    The game Metal Gear Rising for MacOS was tethered to a server. The company shut down the server, and all copies stopped working.

  • Added: 2018-02-10 — Latest reference: 2018-03-30

    In MacOS and iOS, the procedure for converting images from the Photos format to a free format is so tedious and time-consuming that users just give up if they have a lot of them.