English [en]   Deutsch [de]   español [es]   français [fr]   italiano [it]   日本語 [ja]   русский [ru]  

Proprietary malware → Amazon

Amazon's Software Is Malware


Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.

This typically takes the form of malicious functionalities.


If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.

Kindle Swindle

We refer to this product as the Amazon Swindle because it has Digital restrictions management (DRM) and other malicious functionalities.

Back Doors

Surveillance

DRM

  • The Amazon Kindle has DRM. That article is flawed in that it fails to treat DRM as an ethical question; it takes for granted that whatever Amazon might do to its users is legitimate. It refers to DRM as digital “rights” management, which is the spin term used to promote DRM. Nonetheless it serves as a reference for the facts.

Echo

Back Doors

  • The Amazon Echo appears to have a universal back door, since it installs “updates” automatically.

    We have found nothing explicitly documenting the lack of any way to disable remote changes to the software, so we are not completely sure there isn't one, but this seems pretty clear.

Surveillance

  • Amazon Alexa collects a lot more information from users than is necessary for correct functioning (time, location, recordings made without a legitimate prompt), and sends it to Amazon's servers, which store it indefinitely. Even worse, Amazon forwards it to third-party companies. Thus, even if users request deletion of their data from Amazon's servers, the data remain on other servers, where they can be accessed by advertising companies and government agencies. In other words, deleting the collected information doesn't cancel the wrong of collecting it.

    Data collected by devices such as the Nest thermostat, the Philips Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos speakers are likewise stored longer than necessary on the servers the devices are tethered to. Moreover, they are made available to Alexa. As a result, Amazon has a very precise picture of users' life at home, not only in the present, but in the past (and, who knows, in the future too?)

  • Some of users' commands to the Alexa service are recorded for Amazon employees to listen to. The Google and Apple voice assistants do similar things.

    A fraction of the Alexa service staff even has access to location and other personal data.

    Since the client program is nonfree, and data processing is done “in the cloud” (a soothing way of saying “We won't tell you how and where it's done”), users have no way to know what happens to the recordings unless human eavesdroppers break their non-disclosure agreements.

  • Crackers found a way to break the security of an Amazon device, and turn it into a listening device for them.

    It was very difficult for them to do this. The job would be much easier for Amazon. And if some government such as China or the US told Amazon to do this, or cease to sell the product in that country, do you think Amazon would have the moral fiber to say no?

    (These crackers are probably hackers too, but please don't use “hacking” to mean “breaking security”.)

Other products

  • The Ring (now Amazon) doorbell camera is designed so that the manufacturer (now Amazon) can watch all the time. Now it turns out that anyone else can also watch, and fake videos too.

    The third party vulnerability is presumably unintentional and Amazon will probably fix it. However, we do not expect Amazon to change the design that allows Amazon to watch.

  • Amazon Ring “security” devices send the video they capture to Amazon servers, which save it long-term.

    In many cases, the video shows everyone that comes near, or merely passes by, the user's front door.

    The article focuses on how Ring used to let individual employees look at the videos freely. It appears Amazon has tried to prevent that secondary abuse, but the primary abuse—that Amazon gets the video—Amazon expects society to surrender to.

  • Amazon recently invited consumers to be suckers and allow delivery staff to open their front doors. Wouldn't you know it, the system has a grave security flaw.

  • The Amazon “Smart” TV is snooping all the time.

TOP

 [FSF logo] “The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.”

JOIN SHOP