<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.84 1.92 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Surveillance - GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<style type="text/css" media="print,screen"><!--
.announcement media="screen,print"><!--
.pict { 
   background: none;
    width: 18em;
    margin: 2em auto;
}
#surveillance div.toc
.pict p {
   width: 24.5em; max-width: 94%;
   margin-bottom: 1em;
    font-size: .9em;
}
@media (min-width: 48em) {
   #surveillance div.toc 46em) {
      float: left;
      width: auto; max-width: 48%;
      margin: .2em 0 1em;
   }
   #surveillance .medium
    .pict {
        width: 43%; 18em;
        float: right;
        margin: 7em .3em 0 1em 1.5em; 2em;
    }
}
--></style>
<!-- GNUN: localize URL /graphics/dog.small.jpg -->
<!--#include virtual="/proprietary/po/proprietary-surveillance.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
 <img id="side-menu-icon" height="32"
      src="/graphics/icons/side-menu.png"
      title="Section contents"
      alt=" [Section contents] " />
</a>

<p class="breadcrumb">
 <a href="/"><img src="/graphics/icons/home.png" height="24"
    alt="GNU Home" title="GNU Home" /></a> /
 <a href="/proprietary/proprietary.html">Malware</a> /
 By type /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#if expr="$OUTDATED_SINCE" --><!--#else -->
<!--#if expr="$LANGUAGE_SUFFIX" -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="no" -->
<!--#include virtual="/server/top-addendum.html" -->
<!--#endif -->
<!--#endif -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Proprietary Surveillance</h2>

<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>

<div  class="announcement">

<p>This document attempts to
track <strong>clearly established cases of proprietary software that
spies on or tracks users</strong>.</p>

<p><a href="/proprietary/proprietary.html">
   Other examples typically takes the form of proprietary malware</a></p> malicious functionalities.</p>
<hr class="full-width" />
</div>

<div id="surveillance">

<div class="pict medium"> id="surveillance" class="pict">
<a href="/graphics/dog.html">
<img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a>
<p>“How did they find out I'm a dog?”</p>
</div>

<div class="toc"> class="article">
<div class="italic">
<p>A common malicious functionality is to snoop on the user.  This page
records <strong>clearly established cases of proprietary software that
spies on or tracks users</strong>.  Manufacturers even refuse
to <a href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say
whether they snoop on users for the state</a>.</p>

<p>All appliances and applications that are tethered to a specific
server are snoopers by nature.  We do not list them here because they
have their own page: <a
href="/proprietary/proprietary-tethers.html#about-page">Proprietary
Tethers</a>.</p>
</div>

<div class="important" style="clear: both">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>

<div id="TOC" class="toc-inline">
    <h3 id="TableOfContents">Table of Contents</h3>
  <ul>
    <li><a href="#Introduction">Introduction</a></li>
    <li><a
    <h4><a href="#Introduction">Introduction</a></h4>
    <h4><a href="#OSSpyware">Spyware in Operating Systems</a> Laptops and Desktops</a></h4>
    <ul>
      <li><a href="#SpywareInWindows">Spyware in Windows</a></li> href="#SpywareInWindows">Windows</a></li>
      <li><a href="#SpywareInMacOS">Spyware in MacOS</a></li> href="#SpywareInMacOS">MacOS</a></li>
      <li><a href="#SpywareInAndroid">Spyware in Android</a></li> href="#SpywareInBIOS">BIOS</a></li>
    </ul>
    </li>
    <li><a
    <h4><a href="#SpywareOnMobiles">Spyware on Mobiles</a> Mobiles</a></h4>
    <ul>
      <li><a href="#SpywareIniThings">Spyware in iThings</a></li> href="#SpywareInTelephones">All “Smart” Phones</a></li>
      <li><a href="#SpywareInTelephones">Spyware in href="#SpywareIniThings">iThings</a></li>
      <li><a href="#SpywareInAndroid">Android Telephones</a></li>
      <li><a href="#SpywareInMobileApps">Spyware href="#SpywareInElectronicReaders">E-Readers</a></li>
     </ul>
    <h4><a href="#SpywareInApplications">Spyware in Mobile Applications</a></li> Applications</a></h4>
    <ul>
      <li><a href="#SpywareInToys">Spyware in Toys</a></li>
      </ul>
    </li> href="#SpywareInDesktopApps">Desktop Apps</a></li>
      <li><a href="#SpywareOnSmartWatches">Spyware on Smart Watches</a></li> href="#SpywareInMobileApps">Mobile Apps</a></li>
      <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a>
      <ul> href="#SpywareInSkype">Skype</a></li>
      <li><a href="#SpywareInBIOS">Spyware in BIOS</a></li> href="#SpywareInGames">Games</a></li>
    </ul>
    </li>
    <li><a href="#SpywareAtWork">Spyware at Work</a>
    <h4><a href="#SpywareInEquipment">Spyware in Connected Equipment</a></h4>
    <ul>
      <li><a href="#SpywareInSkype">Spyware in Skype</a></li>
      </ul>
    </li> href="#SpywareInTVSets">TV Sets</a></li>
      <li><a href="#SpywareOnTheRoad">Spyware on the Road</a>
      <ul> href="#SpywareInCameras">Cameras</a></li>
      <li><a href="#SpywareInCameras">Spyware in Cameras</a></li> href="#SpywareInToys">Toys</a></li>
      <li><a href="#SpywareInElectronicReaders">Spyware in e-Readers</a></li> href="#SpywareInDrones">Drones</a></li>
      <li><a href="#SpywareInVehicles">Spyware in Vehicles</a></li>
      </ul>
    </li> href="#SpywareAtHome">Other Appliances</a></li>
      <li><a href="#SpywareAtHome">Spyware at Home</a> href="#SpywareOnWearables">Wearables</a>
        <ul>
          <li><a href="#SpywareInTVSets">Spyware in TV Sets</a></li> href="#SpywareOnSmartWatches">“Smart” Watches</a></li>
        </ul>
      </li>
      <li><a href="#SpywareInGames">Spyware in Games</a></li>
    <li><a href="#SpywareInRecreation">Spyware in Recreation</a></li> href="#SpywareInVehicles">Vehicles</a></li>
      <li><a href="#SpywareInVR">Virtual Reality</a></li>
    </ul>
    <h4><a href="#SpywareOnTheWeb">Spyware on the Web</a> Web</a></h4>
    <ul>
      <li><a href="#SpywareInChrome">Spyware in Chrome</a></li>
        <li><a href="#SpywareInFlash">Spyware in JavaScript and Flash</a></li>
      </ul>
    </li>
    <li><a href="#SpywareInDrones">Spyware in Drones</a></li> href="#SpywareInChrome">Chrome</a></li>
      <li><a href="#SpywareEverywhere">Spyware Everywhere</a></li> href="#SpywareInJavaScript">JavaScript</a></li>
      <li><a href="#SpywareInVR">Spyware In VR</a></li> href="#SpywareInFlash">Flash</a></li>
    </ul>
    <h4><a href="#SpywareInNetworks">Spyware in Networks</a></h4>
</div>

</div>
<div style="clear: left;"></div>

<!-- #Introduction -->

<div class="big-section">
  <h3 id="Introduction">Introduction</h3>
</div>
<div style="clear: left;"></div>

<p>For decades, the Free Software movement has been denouncing the
abusive surveillance machine of
<a href="/proprietary/proprietary.html">proprietary software</a>
companies such as
<a href="/proprietary/malware-microsoft.html">Microsoft</a>
and
<a href="/proprietary/malware-apple.html">Apple</a>.

In the recent years, this tendency to watch people has spread across
industries, not only in the software business, but also in the
hardware.  Moreover, it also spread dramatically away from the
keyboard, in the mobile computing industry, in the office, at home, in
transportation systems, and in the classroom.</p>

<h3

<h4 id="AggregateInfoCollection">Aggregate or anonymized data</h3> data</h4>

<p>Many companies, in their privacy policy, have a clause that claims
they share aggregate, non-personally identifiable information with
third parties/partners. Such claims are worthless, for several
reasons:</p>

<ul>
    <li>They could change the policy at any time.</li>
    <li>They can twist the words by distributing an “aggregate” of
        “anonymized” data which can be reidentified and attributed to
        individuals.</li>
    <li>The raw data they don't normally distribute can be taken by
        data breaches.</li>
    <li>The raw data they don't normally distribute can be taken by
        subpoena.</li>
</ul>

<p>Therefore, we must not be distracted by companies' statements of
what they will <em>do</em> with the data they collect. The wrong is that
they collect it at all.</p>

<h3

<h4 id="LatestAdditions">Latest additions</h3>

<p>Latest additions additions</h4>

<p>Entries in each category are found in reverse chronological order, based
on top under each category.</p>

<!-- #OSSpyware -->
<!-- WEBMASTERS: make sure to place new items the dates of publication of linked articles.
The latest additions are listed on top under each subsection -->

<div the <a
href="/proprietary/proprietary.html#latest">main page</a> of the
Malware section.</p>



<div class="big-section">
  <h3 id="OSSpyware">Spyware in Operating Systems</h3> Laptops and Desktops</h3>
  <span class="anchor-reference-id">(<a href="#OSSpyware">#OSSpyware</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInWindows">Spyware in Windows</h4> id="SpywareInWindows">Windows</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInWindows">#SpywareInWindows</a>)</span>
</div>

<ul>
  <li><p>Windows

<ul class="blurbs">
  <li id="M201712110">
    <p>HP's proprietary operating system <a
    href="http://www.bbc.com/news/technology-42309371">includes a
    proprietary keyboard driver with a key logger in it</a>.</p>
  </li>

  <li id="M201710134">
    <p>Windows 10 telemetry program sends information to Microsoft about
    the user's computer and their use of the computer.</p>

    <p>Furthermore, for users who installed the
    fourth stable build of Windows 10, called the
    “Creators Update,” Windows maximized the
      surveillance<a surveillance <a
    href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
    by force setting the telemetry mode to “Full”</a>.</p>

    <p>The <a
href="https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#full-level">
    href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
    “Full” telemetry mode</a> allows Microsoft Windows
    engineers to access, among other things, registry keys <a href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which
    href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)">
    which can contain sensitive information like administrator's login
 password</a>.</p></li>

  <li><p>Windows DRM
    password</a>.</p>
  </li>

  <li id="M201702020">
    <p>DRM-restricted files <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can can be used to <a
    href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
    identify people browsing through Tor</a>. The vulnerability exists
    only if you use Windows.
  </p></li>

  <li><p>By Windows.</p>
  </li>

  <li id="M201611240">
    <p>By default, Windows 10 <a
    href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
    debugging information to Microsoft, including core dumps</a>. Microsoft
    now distributes them to another company.</p></li>

<li>In company.</p>
  </li>

  <li id="M201608170.1">
    <p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate" 
    href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
    blatantly disregards user choice and privacy</a>. privacy</a>.</p>
  </li>

  <li><p><a

  <li id="M201603170">
    <p><a
    href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
    Windows 10 comes with 13 screens of snooping options</a>, all enabled
    by default, and turning them off would be daunting to most users.</p></li>

  <li><p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
      Microsoft has already backdoored its disk encryption</a>.</p></li>

  <li>It users.</p>
  </li>

  <li id="M201601050">
    <p>It appears <a
    href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
    Windows 10 sends data to Microsoft about what applications are 
      running</a>.</li>
  <li><p>A
    running</a>.</p>
  </li>

  <li id="M201512280">
    <p>Microsoft has <a
    href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
    backdoored its disk encryption</a>.</p>
  </li>

  <li id="M201511264">
    <p>A downgrade to Windows 10 deleted surveillance-detection
    applications.  Then another downgrade inserted a general spying
    program.  Users noticed this and complained, so Microsoft renamed it <a href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
    href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
    to give users the impression it was gone</a>.</p>

    <p>To use proprietary software is to invite such treatment.</p>
  </li>
  <li><p>

  <li id="M201508180">
    <p><a
    href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
    Intel devices will be able to listen for speech all the time, even
    when “off.”</a></p>
  </li>

  <li id="M201508130">
    <p><a
    href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
    Windows 10 sends identifiable information to Microsoft</a>, even if
    a user turns off its Bing search and Cortana features, and activates
    the privacy-protection settings.</p>
  </li>

  <li id="M201507300">
    <p>Windows 10 <a href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
    href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
    ships with default settings that show no regard for the privacy of
    its users</a>, giving Microsoft the “right” to snoop on
    the users' files, text input, voice input, location info, contacts,
    calendar records and web browsing history, as well as automatically
    connecting the machines to open hotspots and showing targeted ads.</p></li>

  <li><p>
  <a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
  Windows 10 sends identifiable information to Microsoft</a>, even if a user
  turns off its Bing search and Cortana features, and activates the
  privacy-protection settings.</p></li>

  <li><p> ads.</p>

    <p>We can suppose Microsoft look at users' files for the US government
    on demand, though the “privacy policy” does not explicitly
    say so. Will it look at users' files for the Chinese government
    on demand?</p>
  </li>

  <li id="M201506170">
    <p>Microsoft uses Windows 10's “privacy policy”
    to overtly impose a “right” to look at
    users' files at any time. Windows 10 full disk encryption <a href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
    href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
    gives Microsoft a key</a>.</p>

    <p>Thus, Windows is overt malware in regard to surveillance, as in
    other issues.</p>

    <p>We can suppose Microsoft look at users' files for the US government
    on demand, though the “privacy policy” does not explicit
    say so. Will it look at users' files for the Chinese government
    on demand?</p>

    <p>The unique “advertising ID” for each user enables
    other companies to track the browsing of each specific user.</p>

    <p>It's as if Microsoft has deliberately chosen to make Windows 10
    maximally evil on every dimension; to make a grab for total power
    over anyone that doesn't drop Windows now.</p></li>

  <li><p>It now.</p>
  </li>

  <li id="M201410040">
    <p>It only gets worse with time.  <a
    href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
    Windows 10 requires users to give permission for total snooping</a>,
    including their files, their commands, their text input, and their
    voice input.</p>
  </li>

  <li><p><a href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">

  <li id="M201401150">
    <p id="baidu-ime"><a
    href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
    Baidu's Japanese-input and Chinese-input apps spy on users</a>.</p>
  </li>

  <li id="M201307080">
    <p>Spyware in older versions of Windows: <a
    href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
    Windows Update snoops on the user</a>. <a
    href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
    Windows 8.1 snoops on local searches.</a>.</p>
  </li>

  <li><p>And searches</a>. And there's a <a
    href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
    key in Windows</a>, whose functions we don't know.</p>
  </li>

  <li>HP's proprietary
  operating system <a href="http://www.bbc.com/news/technology-42309371">includes
  a proprietary keyboard driver with a key logger in it</a>.</li>
</ul>


<p>Microsoft's snooping on users did not start with Windows 10.
   There's a lot more <a href="/proprietary/malware-microsoft.html">
   Microsoft malware</a>.</p>


<div class="big-subsection">
  <h4 id="SpywareInMacOS">Spyware in MacOS</h4> id="SpywareInMacOS">MacOS</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
</div>

<ul>
  <li><p><a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
      MacOS automatically sends to Apple servers unsaved documents being
      edited</a>. The

<ul class="blurbs">
  <li id="M201809070">
    <p>Adware Doctor, an ad blocker for MacOS, <a
      href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
      things you have not decided to save are even more sensitive than
    href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
    the things you have stored in files</a>.</p> user's browsing history</a>.</p>
  </li>

  <li><p>Apple

  <li id="M201411040">
    <p>Apple has made various <a
    href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
    MacOS programs send files to Apple servers without asking
    permission</a>.  This exposes the files to Big Brother and perhaps
    to other snoops.</p>

    <p>It also demonstrates how you can't trust proprietary software,
    because even if today's version doesn't have a malicious functionality,
    tomorrow's version might add it. The developer won't remove the
    malfeature unless many users push back hard, and the users can't
    remove it themselves.</p>
  </li>

  <li><p>Various operations in
      <a href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
      the latest

  <li id="M201410300">
    <p> MacOS send reports automatically <a
    href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
    sends to Apple</a> servers.</p> Apple servers unsaved documents being edited</a>. The
    things you have not decided to save are <a
    href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
    even more sensitive</a> than the things you have stored in files.</p>
  </li>

  <li><p>Apple

  <li id="M201410220">
    <p>Apple admits the <a
    href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
    spying in a search facility</a>, but there's a lot <a
    href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping
    that Apple has not talked about</a>.</p>
  </li>

  <li><p><a

  <li id="M201410200">
    <p>Various operations in <a
    href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
    the latest MacOS send reports to Apple</a> servers.</p>
  </li>

  <li id="M201401100.1">
    <p><a
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    Spotlight search</a> sends users' search terms to Apple.</p>
  </li>
</ul>


<p>There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and
<a href="/proprietary/malware-apple.html">Apple malware</a>.</p>


<div class="big-subsection">
  <span id="SpywareAtLowLevel"></span>
  <h4 id="SpywareInAndroid">Spyware id="SpywareInBIOS">BIOS</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201509220">
    <p><a
    href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
    Lenovo stealthily installed crapware and spyware via
    BIOS</a> on Windows installs.  Note that the specific
    sabotage method Lenovo used did not affect GNU/Linux; also, a
    “clean” Windows install is not really clean since <a
    href="/proprietary/malware-microsoft.html">Microsoft puts in Android</h4> its
    own malware</a>.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
  <span class="anchor-reference-id">(<a href="#SpywareInAndroid">#SpywareInAndroid</a>)</span> href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>

<ul>
<li>
  <p>20 dishonest Android
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInTelephones">All “Smart” Phones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202006260">
    <p>Most apps
      recorded are malware, but
    Trump's campaign app, like Modi's campaign app, is <a href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
      calls and sent
    href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
    especially nasty malware, helping companies snoop on users as well
    as snooping on them and text messages and emails to
      snoopers</a>.</p>

  <p>Google did itself</a>.</p>

    <p>The article says that Biden's app has a less manipulative overall
    approach, but that does not intend tell us whether it has functionalities we
    consider malicious, such as sending data the user has not explicitly
    asked to send.</p>
  </li>

  <li id="M201601110">
    <p>The natural extension of monitoring
    people through “their” phones is <a
    href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
    proprietary software to make these apps spy; on sure they can't “fool”
    the contrary, it
    worked in various ways monitoring</a>.</p>
  </li>

  <li id="M201510050">
    <p>According to prevent that, Edward Snowden, <a
    href="http://www.bbc.com/news/uk-34444233">agencies can take over
    smartphones</a> by sending hidden text messages which enable
    them to turn the phones on and deleted these apps
    after discovering what they did. So we cannot blame Google
    specifically for off, listen to the snooping of these apps.</p>

  <p>On microphone,
    retrieve geo-location data from the other hand, Google redistributes nonfree Android apps, GPS, take photographs, read
    text messages, read call, location and
    therefore shares in web browsing history, and
    read the responsibility for contact list. This malware is designed to disguise itself
    from investigation.</p>
  </li>

  <li id="M201311120">
    <p><a
    href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
    The NSA can tap data in smart phones, including iPhones,
    Android, and BlackBerry</a>.  While there is not much
    detail here, it seems that this does not operate via
    the injustice of their
    being nonfree. universal back door that we know nearly all portable
    phones have. It also distributes its own nonfree apps, such as
    Google
    Play, <a href="/philosophy/free-software-even-more-important.html">which may involve exploiting various bugs.  There are malicious</a>.</p>

  <p>Could Google <a
    href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
    lots of bugs in the phones' radio software</a>.</p>
  </li>

  <li id="M201307000">
    <p>Portable phones with GPS <a
    href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
    will send their GPS location on remote command, and users cannot stop
    them</a>. (The US says it will eventually require all new portable phones
    to have done GPS.)</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareIniThings">iThings</h4>
  <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202009183">
    <p>Facebook <a
    href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
    on Instagram</a> users by surreptitously turning on the device's
    camera.</p>
  </li>

  <li id="M202004200">
    <p>Apple whistleblower Thomas Le Bonniec reports that Apple
    made a better job practice of preventing apps from
    cheating?  There is no surreptitiously activating the Siri software to <a
    href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
    record users' conversations when they had not activated Siri</a>.
    This was not just occasional, it was systematic way for Google, or Android
    users, practice.</p>

    <p>His job was to inspect executable proprietary apps listen to see what they
    do.</p>

  <p>Google could demand the source code for these apps, and study the
    source code somehow to determine whether they mistreat users recordings, in
    various ways. If it did a good job group that made
    transcripts of this, it could more or less them. He does not believes that Apple has ceased this
    practice.</p>

    <p>The only reliable way to prevent such snooping, except when this is, for the app developers are clever
    enough program that
    controls access to outsmart the checking.</p>

  <p>But since Google itself develops malicious apps, we cannot trust
    Google microphone to protect us. We must demand release of source code decide when the user has
    “activated” any service, to be free software, and the
    public, so we can depend on each other.</p>
    operating system under it free as well. This way, users could make
    sure Apple can't listen to them.</p>
  </li>
<li>
  <p>A

  <li id="M201910131">
    <p>Safari occasionally <a href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
      research paper</a> that investigated
    href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
    sends browsing data from Apple devices in China to the privacy and security
    of 283 Android VPN apps concluded Tencent Safe
    Browsing service</a>, to check URLs that “in spite of possibly correspond to
    “fraudulent” websites. Since Tencent collaborates
    with the
    promises for privacy, security, and anonymity given by Chinese government, its Safe Browsing black list most certainly
    contains the
    majority of VPN apps—millions websites of users may be unawarely subject
    to poor security guarantees political opponents. By linking the requests
    originating from single IP addresses, the government can identify
    dissenters in China and abusive practices inflicted by
    VPN apps.”</p>

  <p>Following is a non-exhaustive list Hong Kong, thus endangering their lives.</p>
  </li>

  <li id="M201905280">
    <p>In spite of proprietary VPN Apple's supposed commitment to
    privacy, iPhone apps from
    the research paper contain trackers that tracks are busy at night <a
    href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
    sending users' personal information to third parties</a>.</p>

    <p>The article mentions specific examples: Microsoft OneDrive,
    Intuit’s Mint, Nike, Spotify, The Washington Post, The Weather
    Channel (owned by IBM), the crime-alert service Citizen, Yelp
    and infringes the privacy DoorDash. But it is likely that most nonfree apps contain
    trackers. Some of
    users:</p>

  <dl>
    <dt>SurfEasy</dt>
    <dd>Includes tracking libraries these send personally identifying data such as NativeX and Appflood,
      meant to track users and show them targeted ads.</dd>

    <dt>sFly Network Booster</dt>
    <dd>Requests phone
    fingerprint, exact location, email address, phone number or even
    delivery address (in the <code>READ_SMS</code> and <code>SEND_SMS</code>
      permissions upon installation, meaning case of DoorDash). Once this information
    is collected by the company, there is no telling what it has full access to
      users' text messages.</dd>

    <dt>DroidVPN will be
    used for.</p>
  </li>

  <li id="M201711250">
    <p>The DMCA and TigerVPN</dt>
    <dd>Requests the <code>READ_LOGS</code> permission to read logs
      for other apps and also core system logs. TigerVPN developers
      have confirmed this.</dd>

    <dt>HideMyAss</dt>
    <dd>Sends traffic to LinkedIn. Also, EU Copyright Directive make it stores detailed logs
      and may turn them over <a
    href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
    illegal to study how iOS cr…apps spy on users</a>, because
    this would require circumventing the UK government if
      requested.</dd>

    <dt>VPN Services HotspotShield</dt>
    <dd>Injects JavaScript code into the HTML pages returned to iOS DRM.</p>
  </li>

  <li id="M201709210">
    <p>In the
      users. The stated purpose of latest iThings system,
    “turning off” WiFi and Bluetooth the JS injection is obvious way <a
    href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
    doesn't really turn them off</a>.  A more advanced way really does turn
    them off—only until 5am.  That's Apple for you—“We
    know you want to display
      ads. Uses roughly 5 tracking libraries. Also, be spied on”.</p>
  </li>

  <li id="M201702150">
    <p>Apple proposes <a
    href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
    fingerprint-scanning touch screen</a>—which would mean no way
    to use it redirects without having your fingerprints taken. Users would have
    no way to tell whether the
      user's traffic through valueclick.com (an advertising
      website).</dd>

    <dt>WiFi Protector VPN</dt>
    <dd>Injects JavaScript code into HTML pages, and also uses
      roughly 5 tracking libraries. Developers phone is snooping on them.</p>
  </li>

  <li id="M201611170">
    <p>iPhones <a
    href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
    lots of this personal data to Apple's servers</a>.  Big Brother can get
    them from there.</p>
  </li>

  <li id="M201609280">
    <p>The iMessage app have
      confirmed on iThings <a
    href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
    a server every phone number that the non-premium version of user types into it</a>; the app does
      JavaScript injection
    server records these numbers for tracking and display ads.</dd>
  </dl> at least 30 days.</p>
  </li>
<li>
  <p><a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study in 2015</a> found that 90% of

  <li id="M201509240">
    <p>iThings automatically upload to Apple's servers all the top-ranked gratis
  proprietary Android apps contained recognizable tracking libraries. For 
  the paid proprietary apps, it was only 60%.</p>

  <p>The article confusingly describes gratis apps as “free”,
  but most of photos
    and videos they make.</p>

    <blockquote><p> iCloud Photo Library stores every photo and video you
    take, and keeps them up to date on all your devices. Any edits you
    make are not in fact automatically updated everywhere. […] </p></blockquote>

    <p>(From <a href="/philosophy/free-sw.html">free software</a>.
  It also uses the ugly word “monetize”. A good replacement
  for that word href="https://www.apple.com/icloud/photos/">Apple's iCloud
    information</a> as accessed on 24 Sep 2015.) The iCloud feature is “exploit”; nearly always that will fit
  perfectly.</p>
</li>

<li>
  <p>Apps for BART
    <a href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop on users</a>.</p>
  <p>With free software apps, users could <em>make sure</em> that they don't snoop.</p>
  <p>With proprietary apps, one can only hope that they don't.</p>
</li>

<li>
  <p>A study found 234 Android apps that track users href="https://support.apple.com/en-us/HT202033">activated by
	<a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening the
    startup of iOS</a>. The term “cloud” means “please
    don't ask where.”</p>

    <p>There is a way to ultrasound from beacons placed in stores or played
    <a href="https://support.apple.com/en-us/HT201104"> deactivate
    iCloud</a>, but it's active by TV programs</a>.
	</p>

</li>

<li>
  <p>Pairs default so it still counts as a
    surveillance functionality.</p>

    <p>Unknown people apparently took advantage of Android apps can collude to transmit users' personal
	data this to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found
	tens
    href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
    nude photos of thousands many celebrities</a>. They needed to break Apple's
    security to get at them, but NSA can access any of pairs that collude</a>.</p> them through <a
    href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
  </li>

<li>
<p>Google Play intentionally sends app developers

  <li id="M201409220">
    <p>Apple can, and regularly does, <a
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
the personal details of users that install the app</a>.</p>

<p>Merely asking
    href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
    remotely extract some data from iPhones for the “consent” of users is state</a>.</p>

    <p>This may have improved with <a
    href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
    iOS 8 security improvements</a>; but <a
    href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
    not enough as much as Apple claims</a>.</p>
  </li>

  <li id="M201407230">
    <p><a
    href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
    Several “features” of iOS seem to legitimize actions like this.  At this point, most users have
stopped reading exist
    for no possible purpose other than surveillance</a>.  Here is the “Terms and Conditions” that spell out
what they are “consenting” to.  Google should clearly <a
    href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
    Technical presentation</a>.</p>
  </li>

  <li id="M201401100">
    <p>The <a class="not-a-duplicate"
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    iBeacon</a> lets stores determine exactly where the iThing is, and honestly identify
    get other info too.</p>
  </li>

  <li id="M201312300">
    <p><a
    href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
    Either Apple helps the information it collects NSA snoop on all the data in an iThing, or it
    is totally incompetent</a>.</p>
  </li>

  <li id="M201308080">
    <p>The iThing also <a
    href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
    tells Apple its geolocation</a> by default, though that can be
    turned off.</p>
  </li>

  <li id="M201210170">
    <p>There is also a feature for web sites to track users, instead
of hiding which is <a
    href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
    enabled by default</a>.  (That article talks about iOS 6, but it is
    still true in iOS 7.)</p>
  </li>

  <li id="M201204280">
    <p>Users cannot make an obscurely worded EULA.</p>

<p>However, Apple ID (<a
    href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
    to truly protect people's privacy, we must prevent Google install even gratis apps</a>) without giving a valid
    email address and other companies from getting this personal information in receiving the first
place!</p> verification code Apple sends
    to it.</p>
  </li>

  <li>
    <p>Google Play (a component of Android)
</ul>


<div class="big-subsection">
  <h4 id="SpywareInAndroid">Android Telephones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202004300">
    <p>Xiaomi phones <a
    href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
    tracks
    href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
    many actions the users' movements without their permission</a>.</p>

    <p>Even if you disable Google Maps and location tracking, you must
    disable Google Play itself user takes</a>: starting an app, looking at a folder,
    visiting a website, listening to completely stop the tracking. a song.  They send device identifying
    information too.</p>

    <p>Other nonfree programs snoop too. For instance, Spotify and
    other streaming dis-services make a dossier about each user, and <a
    href="/malware/proprietary-surveillance.html#M201508210"> they make
    users identify themselves to pay</a>.  Out, out, damned Spotify!</p>

    <p>Forbes exonerates the same wrongs when the culprits are not Chinese,
    but we condemn this no matter who does it.</p>
  </li>

  <li id="M201812060">
    <p>Facebook's app got “consent” to <a
    href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
    upload call logs automatically from Android phones</a> while disguising
    what the “consent” was for.</p>
  </li>

  <li id="M201811230">
    <p>An Android phone was observed to track location even while
    in airplane mode. It didn't send the location data while in
    airplane mode.  Instead, <a
    href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
    it saved up the data, and sent them all later</a>.</p>
  </li>

  <li id="M201711210">
    <p>Android tracks location for Google <a
    href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
    even when “location services” are turned off, even when
    the phone has no SIM card</a>.</p>
  </li>

  <li id="M201611150">
    <p>Some portable phones <a
    href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
    sold with spyware sending lots of data to China</a>.</p>
  </li>

  <li id="M201609140">
    <p>Google Play (a component of Android) <a
    href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
    tracks the users' movements without their permission</a>.</p>

    <p>Even if you disable Google Maps and location tracking, you must
    disable Google Play itself to completely stop the tracking.  This is
    yet another example of nonfree software pretending to obey the user,
    when it's actually doing something else.  Such a thing would be almost
    unthinkable with free software.</p>
  </li>
  
  <li><p>More than 73% of the most popular Android apps

  <li id="M201507030">
    <p>Samsung phones come with <a href="http://jots.pub/a/2015103001/index.php">share personal,
  behavioral
    href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
    that users can't delete</a>, and location information</a> of they send so much data that their users with third parties.</p>
    transmission is a substantial expense for users.  Said transmission,
    not wanted or requested by the user, clearly must constitute spying
    of some kind.</p>
  </li>

  <li><p>“Cryptic communication,” unrelated

  <li id="M201403120">
    <p><a href="/proprietary/proprietary-back-doors.html#samsung">
    Samsung's back door</a> provides access to any file on the app's functionality,
  was <a href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
  found system.</p>
  </li>

  <li id="M201308010">
    <p>Spyware in the 500 most popular gratis Android apps</a>.</p>

  <p>The article should not have described these apps as
  “free”—they are not free software. phones (and Windows? laptops): The clear way to say
  “zero price” is “gratis.”</p>

  <p>The Wall Street
    Journal (in an article takes for granted blocked from us by a paywall) reports that <a
    href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
    the usual analytics tools are
  legitimate, but is that valid?  Software developers have no right to
  analyze what users are doing or how.  “Analytics” tools that snoop are
  just as wrong as any other snooping.</p>
  </li>
  <li><p>Gratis FBI can remotely activate the GPS and microphone in Android apps (but not <a href="/philosophy/free-sw.html">free software</a>)
      connect to 100
      <a href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking phones
    and advertising</a> URLs,
      on the average.</p> laptops</a> (presumably Windows laptops).  Here is <a
    href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
  </li>
  <li><p>Spyware

  <li id="M201307280">
    <p>Spyware is present in some Android devices when they are
    sold.  Some Motorola phones modify phones, made when this company was owned
    by Google, use a modified version of Android to that <a
    href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
      send
    sends personal data to Motorola</a>.</p>
  </li>

  <li><p>Some

  <li id="M201307250">
    <p>A Motorola phone <a
    href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
    listens for voice all the time</a>.</p>
  </li>

  <li id="M201302150">
    <p>Google Play intentionally sends app developers <a
    href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
    the personal details of users that install the app</a>.</p>

    <p>Merely asking the “consent” of users is not enough to
    legitimize actions like this.  At this point, most users have stopped
    reading the “Terms and Conditions” that spell out what
    they are “consenting” to.  Google should clearly and
    honestly identify the information it collects on users, instead of
    hiding it in an obscurely worded EULA.</p>

    <p>However, to truly protect people's privacy, we must prevent Google
    and other companies from getting this personal information in the
    first place!</p>
  </li>

  <li id="M201111170">
    <p>Some manufacturers add a <a
    href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
    hidden general surveillance package such as Carrier IQ.</a></p>
  </li>

  <li><p><a href="/proprietary/proprietary-back-doors.html#samsung">
      Samsung's back door</a> provides access to any file on the system.</p> IQ</a>.</p>
  </li>
</ul>



<!-- #SpywareOnMobiles -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection -->


<div class="big-section">
  <h3 id="SpywareOnMobiles">Spyware class="big-subsection">
  <h4 id="SpywareInElectronicReaders">E-Readers</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201603080">
    <p>E-books can contain JavaScript code, and <a
    href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
    sometimes this code snoops on Mobiles</h3> readers</a>.</p>
  </li>

  <li id="M201410080">
    <p>Adobe made “Digital Editions,”
    the e-reader used by most US libraries, <a
    href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
    send lots of data to Adobe</a>.  Adobe's “excuse”: it's
    needed to check DRM!</p>
  </li>

  <li id="M201212030">
    <p>Spyware in many e-readers—not only the Kindle: <a
    href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
    report even which page the user reads at what time</a>.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareInApplications">Spyware in Applications</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span> href="#SpywareInApplications">#SpywareInApplications</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareIniThings">Spyware in iThings</h4> id="SpywareInDesktopApps">Desktop Apps</h4>
  <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span> href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>)</span>
</div>

<ul>
  <li><p>The DMCA

<ul class="blurbs">
  <li id="M201912190">
    <p>Some Avast and AVG extensions
    for Firefox and Chrome were found to <a
    href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
    snoop on users' detailed browsing habits</a>. Mozilla and Google
    removed the EU Copyright Directive make problematic extensions from their stores, but this shows
    once more how unsafe nonfree software can be. Tools that are supposed
    to protect a proprietary system are, instead, infecting it with
    additional malware (the system itself being the original malware).</p>
  </li>

  <li id="M201811020">
    <p>Foundry's graphics software <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
      illegal
    href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
    reports information to study how iOS cr...apps spy on users</a>, because identify who is running it</a>. The result is
    often a legal threat demanding a lot of money.</p>

    <p>The fact that this
      would require circumventing is used for repression of forbidden sharing
    makes it even more vicious.</p>

    <p>This illustrates that making unauthorized copies of nonfree software
    is not a cure for the iOS DRM.</p> injustice of nonfree software. It may avoid
    paying for the nasty thing, but cannot make it less nasty.</p>
  </li>

  <li><p>In
</ul>

<div class="big-subsection">
  <h4 id="SpywareInMobileApps">Mobile Apps</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202003010">
    <p>The Alipay Health Code app
    estimates whether the latest iThings system, “turning off” WiFi user has Covid-19 and Bluetooth the
      obvious way <a
 href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
      doesn't really turn them off</a>.
      A more advanced way really
    href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
    tells the cops directly</a>.</p>
  </li>

  <li id="M202001290">
    <p>The Amazon Ring app does turn them off—only until 5am.
      That's Apple <a
    href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
    surveillance for you—“We know you want other companies as well as for Amazon</a>.</p>
  </li>

  <li id="M201912220">
    <p>The ToToc messaging app seems to be spied on”.</p>
  </li>
  
  <li><p>Apple proposes a <a href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a fingerprint-scanning touch screen</a>
      — which would mean no way
    href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
    spying tool for the government of the United Arab Emirates</a>.
    Any nonfree program could be doing this, and that is a good
    reason to use it without having your fingerprints
      taken. Users would have no way to tell whether free software instead.</p>

    <p><small>Note: this article uses the phone is word “free” in
    the sense of “gratis.”</small></p>
  </li>

  <li id="M201912090">
    <p>iMonsters and Android phones,
    when used for work, give employers powerful <a
    href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
    snooping and sabotage capabilities</a> if they install their own
    software on
      them.</p></li>

  <li><p>iPhones <a href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
      lots of personal data the device.  Many employers demand to Apple's servers</a>.  Big Brother can
        get them from there.</p> do this.  For the
    employee, this is simply nonfree software, as fundamentally unjust
    and as dangerous as any other nonfree software.</p>
  </li>

  <li><p>The iMessage

  <li id="M201910130">
    <p>The Chinese Communist Party's “Study
    the Great Nation” app on iThings requires users to grant it <a href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
    href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
    access to the phone's microphone, photos, text messages, contacts, and
    internet history</a>, and the Android version was found to contain a server every phone number
    back-door allowing developers to run any code they wish in the users'
    phone, as “superusers.” Downloading and using this
    app is mandatory at some workplaces.</p>

    <p>Note: The <a
    href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
    Washington Post version of the article</a> (partly obfuscated, but
    readable after copy-pasting in a text editor) includes a clarification
    saying that the user types into it</a>; tests were only performed on the server records these numbers for at least 30
        days.</p> Android version
    of the app, and that, according to Apple, “this kind of
    ‘superuser’ surveillance could not be conducted on
    Apple's operating system.”</p>
  </li>

  <li><p>Users cannot make an Apple ID

  <li id="M201909091">
    <p>The Facebook app <a href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary to install
    href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
    tracks users even gratis apps)</a>
      without when it is turned off</a>, after tricking them
    into giving a valid email address and receiving the code Apple
      sends app broad permissions in order to it.</p>
  </li>

  <li><p>Around 47% use one of the most popular iOS its
    functionalities.</p>
  </li>

  <li id="M201909090">
    <p>Some nonfree period-tracking apps including MIA Fem and Maya <a class="not-a-duplicate" 
	 href="http://jots.pub/a/2015103001/index.php">share personal,
	behavioral and location information</a>
    href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
    send intimate details of their users with third parties.</p>
  </li>

  <li><p>iThings automatically upload to Apple's servers all the photos and
      videos they make.</p>

    <blockquote><p>
      iCloud Photo Library stores every photo and video you take,
      and keeps them up users' lives to date on all your devices.
      Any edits you make are automatically updated everywhere. [...]
    </p></blockquote>

    <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud
      information</a> as accessed on 24 Sep 2015.) The iCloud feature Facebook</a>.</p>
  </li>

  <li id="M201909060">
    <p>Keeping track of who downloads a proprietary
    program is
      <a href="https://support.apple.com/en-us/HT202033">activated by the
      startup a form of iOS</a>. The term “cloud” means
      “please don't ask where.”</p>

    <p>There surveillance.  There is a way to <a href="https://support.apple.com/en-us/HT201104">
      deactivate iCloud</a>, but it's active by default so it still counts as
    proprietary program for adjusting a
      surveillance functionality.</p>

    <p>Unknown certain telescopic rifle sight. <a
    href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
    A US prosecutor has demanded the list of all the 10,000 or more people apparently took advantage
    who have installed it</a>.</p>

    <p>With a free program there would not be a list of this who has installed
    it.</p>
  </li>

  <li id="M201907081">
    <p>Many unscrupulous mobile-app developers keep finding ways to <a href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
      nude photos
    href="https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
    bypass user's settings</a>, regulations, and privacy-enhancing features
    of many celebrities</a>. They needed to break Apple's
      security the operating system, in order to get at them, but NSA gather as much private data as
    they possibly can.</p>

    <p>Thus, we can't trust rules against spying.  What we can access any of them through
      <a href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
  </p></li>

  <li><p>Spyware in iThings: trust is
    having control over the <a class="not-a-duplicate"
	     href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
	iBeacon</a> lets stores determine exactly where software we run.</p>
  </li>

  <li id="M201907080">
    <p>Many Android apps can track
    users' movements even when the iThing is,
      and get other info too.</p> user says <a
    href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
    not to allow them access to locations</a>.</p>

    <p>This involves an apparently unintentional weakness in Android,
    exploited intentionally by malicious apps.</p>
  </li>

  <li><p>There

  <li id="M201905300">
    <p>The Femm “fertility” app is also secretly a feature for web sites to track users, which is <a href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
      enabled
    href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
    tool for propaganda</a> by default</a>.  (That article talks about iOS 6, but it
      is still true in iOS 7.)</p> natalist Christians.  It spreads distrust
    for contraception.</p>

    <p>It snoops on users, too, as you must expect from nonfree
    programs.</p>
  </li>

  <li><p>The iThing also

  <li id="M201905060">
    <p>BlizzCon 2019 imposed a <a
href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
      tells Apple its geolocation</a> by default, though
    href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
    requirement to run a proprietary phone app</a> to be allowed into
    the event.</p>

    <p>This app is a spyware that can be
      turned off.</p>
  </li>

  <li><p>Apple can, snoop on a lot of
    sensitive data, including user's location and regularly does, contact list, and has <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
      remotely extract some data from iPhones for
    href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
    near-complete control</a> over the state</a>.</p> phone.</p>
  </li>

  <li><p><a href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
      Either Apple helps the NSA snoop on all

  <li id="M201904131">
    <p>Data collected by menstrual and pregnancy monitoring apps is often <a
    href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
    available to employers and insurance companies</a>. Even though the
    data in an iThing,
      or it is totally incompetent.</a></p>
  </li>

  <li><p><a href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
      Several “features” of iOS seem “anonymized and aggregated,” it can easily be
    traced back to exist the woman who uses the app.</p>

    <p>This has harmful implications for no
      possible purpose other than surveillance</a>.  Here is women's rights to equal employment
    and freedom to make their own pregnancy choices. Don't use
    these apps, even if someone offers you a reward to do so. A
    free-software app that does more or less the
      <a href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
      Technical presentation</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInTelephones">Spyware in Telephones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>

<ul>
  <li><p>Tracking software in popular Android apps same thing without
    spying on you is pervasive available from <a
    href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and
      sometimes very clever. Some trackers can <a
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
      follow a user's movements around
    href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
    a physical store by noticing WiFi
      networks</a>.</p> new one is being developed</a>.</p>
  </li>

  <li><p>Android

  <li id="M201904130">
    <p>Google tracks location for Google <a
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
      even when “location services” are turned off, even
      when the phone has no SIM card</a>.</p></li>

  <li><p>Some portable movements of Android phones and iPhones
    running Google apps, and sometimes <a href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
      sold with spyware
    href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
    saves the data for years</a>.</p>

    <p>Nonfree software in the phone has to be responsible for sending lots
    the location data to Google.</p>
  </li>

  <li id="M201903251">
    <p>Many Android phones come with a huge number of <a
    href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
    preinstalled nonfree apps that have access to sensitive data without
    users' knowledge</a>. These hidden apps may either call home with
    the data, or pass it on to China</a>.</p></li>

  <li><p>According user-installed apps that have access to Edward Snowden,
    the network but no direct access to the data. This results in massive
    surveillance on which the user has absolutely no control.</p>
  </li>

  <li id="M201903201">
    <p>A study of 24 “health” apps found that 19 of them <a href="http://www.bbc.com/news/uk-34444233">agencies
    href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
    send sensitive personal data to third parties</a>, which can take over smartphones</a>
      by sending hidden text messages use it
    for invasive advertising or discriminating against people in poor
    medical condition.</p>

    <p>Whenever user “consent” is sought, it is buried in
    lengthy terms of service that are difficult to understand. In any case,
    “consent” is not sufficient to legitimize snooping.</p>
  </li>

  <li id="M201902230">
    <p>Facebook offered a convenient proprietary
    library for building mobile apps, which enable them also <a
    href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
    sent personal data to turn Facebook</a>. Lots of companies built apps that
    way and released them, apparently not realizing that all the phones personal
    data they collected would go to Facebook as well.</p>

    <p>It shows that no one can trust a nonfree program, not even the
    developers of other nonfree programs.</p>
  </li>

  <li id="M201902140">
    <p>The AppCensus database gives information on <a
    href="https://www.appcensus.mobi"> how Android apps use and off, listen to
    misuse users' personal data</a>. As of March 2019, nearly
    78,000 have been analyzed, of which 24,000 (31%) transmit the microphone, retrieve geo-location data from <a
    href="/proprietary/proprietary-surveillance.html#M201812290">
    Advertising ID</a> to other companies, and <a
    href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
    18,000 (23% of the
      GPS, total) link this ID to hardware identifiers</a>,
    so that users cannot escape tracking by resetting it.</p>

    <p>Collecting hardware identifiers is in apparent violation of
    Google's policies. But it seems that Google wasn't aware of it,
    and, once informed, was in no hurry to take photographs, read text messages, read call, location and web
      browsing history, action. This proves
    that the policies of a development platform are ineffective at
    preventing nonfree software developers from including malware in
    their programs.</p>
  </li>

  <li id="M201902060">
    <p>Many nonfree apps have a surveillance feature for <a
    href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
    recording all the users' actions</a> in interacting with the app.</p>
  </li>

  <li id="M201902041.1">
    <p>Twenty nine “beauty camera” apps that used to
    be on Google Play had one or more malicious functionalities, such as <a
    href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
    stealing users' photos</a> instead of “beautifying” them,
    pushing unwanted and often malicious ads on users, and redirecting
    them to phishing sites that stole their credentials. Furthermore,
    the user interface of most of them was designed to make uninstallation
    difficult.</p>

    <p>Users should of course uninstall these dangerous apps if they
    haven't yet, but they should also stay away from nonfree apps in
    general. <em>All</em> nonfree apps carry a potential risk because
    there is no easy way of knowing what they really do.</p>
  </li>

  <li id="M201902010">
    <p>An investigation of the 150 most popular
    gratis VPN apps in Google Play found that <a
    href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
    25% fail to protect their users’ privacy</a> due to DNS leaks. In
    addition, 85% feature intrusive permissions or functions in their
    source code—often used for invasive advertising—that could
    potentially also be used to spy on users. Other technical flaws were
    found as well.</p>

    <p>Moreover, a previous investigation had found that <a
    href="https://www.top10vpn.com/free-vpn-app-investigation/">half of
    the top 10 gratis VPN apps have lousy privacy policies</a>.</p>

    <p><small>(It is unfortunate that these articles talk about “free
    apps.” These apps are gratis, but they are <em>not</em> <a
    href="/philosophy/free-sw.html">free software</a>.)</small></p>
  </li>

  <li id="M201901050">
    <p>The Weather Channel app <a
    href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
    stored users' locations to the company's server</a>. The company is
    being sued, demanding that it notify the users of what it will do
    with the data.</p>

    <p>We think that lawsuit is about a side issue. What the company does
    with the data is a secondary issue. The principal wrong here is that
    the company gets that data at all.</p>

    <p><a
    href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
    Other weather apps</a>, including Accuweather and WeatherBug, are
    tracking people's locations.</p> 
  </li>

  <li id="M201812290">
    <p>Around 40% of gratis Android apps <a
    href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
    report on the user's actions to Facebook</a>.</p>

    <p>Often they send the machine's “advertising ID,” so that
    Facebook can correlate the data it obtains from the same machine via
    various apps. Some of them send Facebook detailed information about
    the user's activities in the app; others only say that the user is
    using that app, but that alone is often quite informative.</p>

    <p>This spying occurs regardless of whether the user has a Facebook
    account.</p>
  </li>

  <li id="M201810244">
    <p>Some Android apps <a
    href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
    track the phones of users that have deleted them</a>.</p>
  </li>

  <li id="M201808030">
    <p>Some Google apps on Android <a
    href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
    record the user's location even when users disable “location
    tracking”</a>.</p>

    <p>There are other ways to turn off the other kinds of location
    tracking, but most users will be tricked by the misleading control.</p>
  </li>

  <li id="M201806110">
    <p>The Spanish football streaming app <a
    href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
    the user's movements and listens through the microphone</a>.</p>

    <p>This makes them act as spies for licensing enforcement.</p>

    <p>We expect it implements DRM, too—that there is no way to save
    a recording. But we can't be sure from the article.</p>

    <p>If you learn to care much less about sports, you will benefit in
    many ways. This is one more.</p>
  </li>

  <li id="M201804160">
    <p>More than <a
    href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
    of the 5,855 Android apps studied by researchers were found to snoop
    and collect information about its users</a>.  40% of the apps were
    found to insecurely snitch on its users.  Furthermore, they could
    detect only some methods of snooping, in these proprietary apps whose
    source code they cannot look at.  The other apps might be snooping
    in other ways.</p>

    <p>This is evidence that proprietary apps generally work against
    their users.  To protect their privacy and freedom, Android users
    need to get rid of the proprietary software—both proprietary
    Android by <a href="https://replicant.us">switching to Replicant</a>,
    and the proprietary apps by getting apps from the free software
    only <a href="https://f-droid.org/">F-Droid store</a> that <a
    href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns
    the user if an app contains anti-features</a>.</p>
  </li>

  <li id="M201804020">
    <p>Grindr collects information about <a
    href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
    which users are HIV-positive, then provides the information to
    companies</a>.</p>

    <p>Grindr should not have so much information about its users.
    It could be designed so that users communicate such info to each
    other but not to the server's database.</p>
  </li>

  <li id="M201803050">
    <p>The moviepass app and dis-service
    spy on users even more than users expected. It <a
    href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
    where they travel before and after going to a movie</a>.</p>

    <p>Don't be tracked—pay cash!</p>
  </li>

  <li id="M201711240">
    <p>Tracking software in popular Android apps
    is pervasive and sometimes very clever. Some trackers can <a
    href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
    follow a user's movements around a physical store by noticing WiFi
    networks</a>.</p>
  </li>

  <li id="M201708270">
    <p>The Sarahah app <a
    href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
    uploads all phone numbers and email addresses</a> in user's address
    book to developer's server.</p>

    <p><small>(Note that this article misuses the words
    “<a href="/philosophy/free-sw.html">free software</a>”
    referring to zero price.)</small></p>
  </li>

  <li id="M201707270">
    <p>20 dishonest Android apps recorded <a
    href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
    calls and sent them and text messages and emails to snoopers</a>.</p>

    <p>Google did not intend to make these apps spy; on the contrary, it
    worked in various ways to prevent that, and deleted these apps after
    discovering what they did. So we cannot blame Google specifically
    for the snooping of these apps.</p>

    <p>On the other hand, Google redistributes nonfree Android apps, and
    therefore shares in the responsibility for the injustice of their being
    nonfree. It also distributes its own nonfree apps, such as Google Play,
    <a href="/philosophy/free-software-even-more-important.html">which
    are malicious</a>.</p>

    <p>Could Google have done a better job of preventing apps from
    cheating? There is no systematic way for Google, or Android users,
    to inspect executable proprietary apps to see what they do.</p>

    <p>Google could demand the source code for these apps, and study
    the source code somehow to determine whether they mistreat users in
    various ways. If it did a good job of this, it could more or less
    prevent such snooping, except when the app developers are clever
    enough to outsmart the checking.</p>

    <p>But since Google itself develops malicious apps, we cannot trust
    Google to protect us. We must demand release of source code to the
    public, so we can depend on each other.</p>
  </li>

  <li id="M201705230">
    <p>Apps for BART <a
    href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">
    snoop on users</a>.</p>

    <p>With free software apps, users could <em>make sure</em> that they
    don't snoop.</p>

    <p>With proprietary apps, one can only hope that they don't.</p>
  </li>

  <li id="M201705040">
    <p>A study found 234 Android apps that track users by <a
    href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
    to ultrasound from beacons placed in stores or played by TV
    programs</a>.</p>
  </li>

  <li id="M201704260">
    <p>Faceapp appears to do lots of surveillance, judging by <a
    href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
    how much access it demands to personal data in the device</a>.</p>
  </li>

  <li id="M201704190">
    <p>Users are suing Bose for <a
    href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
    distributing a spyware app for its headphones</a>.  Specifically,
    the app would record the names of the audio files users listen to
    along with the headphone's unique serial number.</p>

    <p>The suit accuses that this was done without the users' consent.
    If the fine print of the app said that users gave consent for this,
    would that make it acceptable? No way! It should be flat out <a
    href="/philosophy/surveillance-vs-democracy.html"> illegal to design
    the app to snoop at all</a>.</p>
  </li>

  <li id="M201704074">
    <p>Pairs of Android apps can collude
    to transmit users' personal data to servers. <a
    href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
    study found tens of thousands of pairs that collude</a>.</p>
  </li>

  <li id="M201703300">
    <p>Verizon <a
    href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
    announced an opt-in proprietary search app that it will</a> pre-install
    on some of its phones. The app will give Verizon the same information
    about the users' searches that Google normally gets when they use
    its search engine.</p>

    <p>Currently, the app is <a
    href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
    being pre-installed on only one phone</a>, and the user must
    explicitly opt-in before the app takes effect. However, the app
    remains spyware—an “optional” piece of spyware is
    still spyware.</p>
  </li>

  <li id="M201701210">
    <p>The Meitu photo-editing app <a
    href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
    user data to a Chinese company</a>.</p>
  </li>

  <li id="M201611280">
    <p>The Uber app tracks <a
    href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
    movements before and after the ride</a>.</p>

    <p>This example illustrates how “getting the user's
    consent” for surveillance is inadequate as a protection against
    massive surveillance.</p>
  </li>

  <li id="M201611160">
    <p>A <a
    href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
    research paper</a> that investigated the privacy and security of
    283 Android VPN apps concluded that “in spite of the promises
    for privacy, security, and anonymity given by the majority of VPN
    apps—millions of users may be unawarely subject to poor security
    guarantees and abusive practices inflicted by VPN apps.”</p>

    <p>Following is a non-exhaustive list, taken from the research paper,
    of some proprietary VPN apps that track users and infringe their
    privacy:</p>

    <dl class="compact">
      <dt>SurfEasy</dt>
      <dd>Includes tracking libraries such as NativeX and Appflood,
      meant to track users and show them targeted ads.</dd>

      <dt>sFly Network Booster</dt>
      <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
      permissions upon installation, meaning it has full access to users'
      text messages.</dd>

      <dt>DroidVPN and TigerVPN</dt>
      <dd>Requests the <code>READ_LOGS</code> permission to read logs
      for other apps and also core system logs. TigerVPN developers have
      confirmed this.</dd>

      <dt>HideMyAss</dt>
      <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
      may turn them over to the UK government if requested.</dd>

      <dt>VPN Services HotspotShield</dt>
      <dd>Injects JavaScript code into the HTML pages returned to the
      users. The stated purpose of the JS injection is to display ads. Uses
      roughly five tracking libraries. Also, it redirects the user's
      traffic through valueclick.com (an advertising website).</dd>

      <dt>WiFi Protector VPN</dt>
      <dd>Injects JavaScript code into HTML pages, and also uses roughly
      five tracking libraries. Developers of this app have confirmed that
      the non-premium version of the app does JavaScript injection for
      tracking the user and displaying ads.</dd>
    </dl>
  </li>

  <li id="M201609210">
    <p>Google's new voice messaging app <a
    href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
    all conversations</a>.</p>
  </li>

  <li id="M201606050">
    <p>Facebook's new Magic Photo app <a
    href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
    scans your mobile phone's photo collections for known faces</a>,
    and suggests you to share the picture you take according to who is
    in the frame.</p>

    <p>This spyware feature seems to require online access to some
    known-faces database, which means the pictures are likely to be
    sent across the wire to Facebook's servers and face-recognition
    algorithms.</p>

    <p>If so, none of Facebook users' pictures are private anymore,
    even if the user didn't “upload” them to the service.</p>
  </li>

  <li id="M201605310">
    <p>Facebook's app listens all the time, <a
    href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-listen-what-they-re-saying-claims-professor-a7057526.html">to
    snoop on what people are listening to or watching</a>. In addition,
    it may be analyzing people's conversations to serve them with targeted
    advertisements.</p>
  </li>

  <li id="M201604250">
    <p>A pregnancy test controller application not only can <a
    href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
    spy on many sorts of data in the phone, and in server accounts,
    it can alter them too</a>.</p>
  </li>

  <li id="M201601130">
    <p>Apps that include <a
    href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
    Symphony surveillance software snoop on what radio and TV programs
    are playing nearby</a>.  Also on what users post on various sites
    such as Facebook, Google+ and Twitter.</p>
  </li>

  <li id="M201511190">
    <p>“Cryptic communication,”
    unrelated to the app's functionality, was <a
    href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
    found in the 500 most popular gratis Android apps</a>.</p>

    <p>The article should not have described these apps as
    “free”—they are not free software.  The clear way
    to say “zero price” is “gratis.”</p>

    <p>The article takes for granted that the usual analytics tools are
    legitimate, but is that valid? Software developers have no right to
    analyze what users are doing or how.  “Analytics” tools
    that snoop are just as wrong as any other snooping.</p>
  </li>

  <li id="M201510300">
    <p>More than 73% and 47% of mobile applications, for Android and iOS
    respectively <a href="https://techscience.org/a/2015103001/">share
    personal, behavioral and location information</a> of their users with
    third parties.</p>
  </li>

  <li id="M201508210">
    <p>Like most “music screaming” disservices, Spotify is
    based on proprietary malware (DRM and snooping). In August 2015 it <a
    href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
    demanded users submit to increased snooping</a>, and some are starting
    to realize that it is nasty.</p>

    <p>This article shows the <a
    href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
    twisted ways that they present snooping as a way to “serve”
    users better</a>—never mind whether they want that. This is a
    typical example of the attitude of the proprietary software industry
    towards those they have subjugated.</p>

    <p>Out, out, damned Spotify!</p>
  </li>

  <li id="M201506264">
    <p><a
    href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf">
    A study in 2015</a> found that 90% of the top-ranked gratis proprietary
    Android apps contained recognizable tracking libraries. For the paid
    proprietary apps, it was only 60%.</p>

    <p>The article confusingly describes gratis apps as
    “free”, but most of them are not in fact <a
    href="/philosophy/free-sw.html">free software</a>.  It also uses the
    ugly word “monetize”. A good replacement for that word
    is “exploit”; nearly always that will fit perfectly.</p>
  </li>

  <li id="M201505060">
    <p>Gratis Android apps (but not <a
    href="/philosophy/free-sw.html">free software</a>) connect to 100 <a
    href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
    and read advertising</a> URLs, on the contact list. This malware is designed to
      disguise itself from investigation.</p> average.</p>
  </li>

  <li><p>Samsung phones come with

  <li id="M201504060">
    <p>Widely used <a href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps that users can't delete</a>,
      and they send so much data that their transmission
    href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
    QR-code scanner apps snoop on the user</a>. This is a
      substantial expense for users.  Said transmission, not wanted or
      requested in addition to
    the snooping done by the user, clearly must constitute spying of some
      kind.</p></li>

  <li><p>A Motorola phone
      <a href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
      listens for voice all company, and perhaps by the time</a>.</p>
  </li>

  <li><p>Spyware OS in Android phones (and Windows? laptops): The Wall
      Street Journal (in an article blocked from us
    the phone.</p>

    <p>Don't be distracted by a paywall)
      reports that
      <a href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the FBI can remotely activate question of whether the GPS and microphone in Android
      phones and laptops</a>.
      (I suspect this means Windows laptops.)  Here app developers
    get users to say “I agree”. That is
      <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p> no excuse for
    malware.</p>
  </li>

  <li><p>Portable phones with GPS will send their GPS location on
      remote command

  <li id="M201411260">
    <p>Many proprietary apps for mobile devices
    report which other apps the user has installed.  <a
    href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
    is doing this in a way that at least is visible and users cannot stop them: optional</a>. Not
    as bad as what the others do.</p>
  </li>

  <li id="M201401150.1">
    <p>The Simeji keyboard is a smartphone version of Baidu's <a href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
      http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
      (The US says it will eventually require all new portable phones
      to have GPS.)</p>
    href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr
    title="Input Method Editor">IME</abbr></a>.</p>
  </li>

  <li><p>The

  <li id="M201312270">
    <p>The nonfree Snapchat app's principal purpose is to restrict the
    use of of data on the user's computer, but it does surveillance too: <a
    href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
    it tries to get the user's list of other people's phone
    numbers</a>.</p>
  </li>

  <li id="M201312060">
    <p>The Brightest Flashlight app <a
    href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
    sends user data, including geolocation, for use by companies</a>.</p>

    <p>The FTC criticized this app because it asked the user to
    approve sending personal data on to the user's computer, app developer but did not ask
    about sending it does surveillance
      too: <a href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
      it tries to get other companies.  This shows the user's list weakness of other people's phone
      numbers.</a></p>
    the reject-it-if-you-dislike-snooping “solution” to
    surveillance: why should a flashlight app send any information to
    anyone? A free software flashlight app would not.</p>
  </li>

  <li id="M201212100">
    <p>FTC says most mobile apps for children don't respect privacy: <a
    href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
    http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4> id="SpywareInSkype">Skype</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span> href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>

<ul>
  <li>
    <p>The moviepass app and dis-service spy on users even more than users
      expected. It <a href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
        where they travel before and after going

<ul class="blurbs">
  <li id="M201908151">
    <p>Skype refuses to a movie</a>.
    </p>

    <p>Don't be tracked — pay cash!</p>
  </li>

  <li><p>AI-powered driving apps say whether it can <a href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
    track your every move</a>.</p>
    href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
    on calls</a>.</p>

    <p>That almost certainly means it can do so.</p>
  </li>

  <li><p>The Sarahah app

  <li id="M201307110">
    <p>Skype contains <a href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
      uploads all phone numbers
    href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
    Microsoft changed Skype <a
    href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
    specifically for spying</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInGames">Games</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201908210">
    <p>Microsoft recorded users of Xboxes and email addresses</a> in user's address
      book to developer's server.  Note that this article misuses the words
      “<a href="/philosophy/free-sw.html">free software</a>”
      referring had <a
    href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
    human workers listen to zero price.</p>
  </li>
  
  <li>
    <p>Facebook's app listens all the time, <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to snoop recordings</a>.</p>

    <p>Morally, we see no difference between having human workers listen and
    having speech-recognition systems listen.  Both intrude on what people are listening to or watching</a>. In addition, it may
    be analyzing people's conversations to serve them with targeted
    advertisements.</p> privacy.</p>
  </li>

  <li>
		<p>Faceapp appears to do lots of surveillance, judging by

  <li id="M201806240">
    <p>Red Shell is a spyware that
    is found in many proprietary games. It <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
		how much access
    href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
    tracks data on users' computers and sends it demands to personal data in the device</a>.
		</p> third parties</a>.</p>
  </li>

  <li>
   <p>Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
	 announced

  <li id="M201804144">
    <p>ArenaNet surreptitiously installed a spyware
    program along with an opt-in proprietary search app that it will</a>
	 pre-install update to the massive
    multiplayer game Guild Wars 2.  The spyware allowed ArenaNet <a
    href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
    to snoop on all open processes running on some of its phones. The app will give Verizon the same user's computer</a>.</p>
  </li>

  <li id="M201711070">
    <p>The driver for a certain gaming keyboard <a
    href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
    information about the users' searches that Google normally gets when
   they use its search engine.</p>

   <p>Currently, the app is to China</a>.</p>
  </li>

  <li id="M201512290">
    <p>Many <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
    being pre-installed
    href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
    video game consoles snoop on only one phone</a>, their users and report to the
    user must explicitly opt-in before the app takes effect. However, the
    app remains spyware—an “optional” piece of spyware
    internet</a>—even what their users weigh.</p>

    <p>A game console is
    still spyware.</p> a computer, and you can't trust a computer with
    a nonfree operating system.</p>
  </li>

  <li><p>The Meitu photo-editing
  app

  <li id="M201509160">
    <p>Modern gratis game cr…apps <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
  user
    href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
    collect a wide range of data about their users and their users'
    friends and associates</a>.</p>

    <p>Even nastier, they do it through ad networks that merge the data
    collected by various cr…apps and sites made by different
    companies.</p>

    <p>They use this data to a Chinese company</a>.</p></li>

  <li><p>A pregnancy test controller application not only manipulate people to buy things, and hunt for
    “whales” who can <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
  on many sorts be led to spend a lot of data in money. They also
    use a back door to manipulate the phone, game play for specific players.</p>

    <p>While the article describes gratis games, games that cost money
    can use the same tactics.</p>
  </li>

  <li id="M201401280">
    <p>Angry Birds <a
    href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
    spies for companies, and in server accounts, the NSA takes advantage
    to spy through it can
  alter them too</a>.
  </p></li>

  <li><p>The Uber app tracks  Here's information on <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
        movements before and after the ride</a>.</p>

        <p>This example illustrates how “getting the user's consent”
        for surveillance is inadequate as a protection against massive
        surveillance.</p>
  </li>

  <li><p>Google's new voice messaging
    href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
    more spyware apps</a>.</p>

    <p><a
    href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
    More about NSA app <a href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
      all conversations</a>.</p> spying</a>.</p>
  </li>

  <li><p>Apps

  <li id="M200510200">
    <p>Blizzard Warden is a hidden
    “cheating-prevention” program that include <a href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
      Symphony surveillance software snoop on what radio and TV programs 
      are playing nearby</a>.  Also
    href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
    spies on what users post every process running on various sites 
      such as Facebook, Google+ a gamer's computer and Twitter.</p> sniffs a
    good deal of personal data</a>, including lots of activities which
    have nothing to do with cheating.</p>
  </li>

  <li><p>Facebook's new Magic Photo app
</ul>



<div class="big-section">
  <h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3>
  <span class="anchor-reference-id">(<a href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
</div>
<div style="clear: left;"></div>

<ul class="blurbs">
  <li id="M201708280">
    <p>The bad security in many Internet of Stings devices allows <a
href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
      and suggests you
    href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
    to share snoop on the picture you take according to who
      is in people that use them</a>.</p>

    <p>Don't be a sucker—reject all the frame.</p>

      <p>This spyware feature seems to require online access to some
      known-faces database, which means stings.</p>

    <p><small>(It is unfortunate that the pictures are likely to be
      sent across article uses the wire term <a
    href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInTVSets">TV Sets</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
</div>

<p>Emo Phillips made a joke: The other day a woman came up to Facebook's servers me and face-recognition
      algorithms.</p>

      <p>If so, none of Facebook users' pictures
said, “Didn't I see you on television?” I said, “I
don't know. You can't see out the other way.” Evidently that was
before Amazon “smart” TVs.</p>

<ul class="blurbs">
  <li id="M202006250">
    <p>TV manufacturers are private
      anymore, even if able to <a
    href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
    every second of what the user didn't “upload” them is watching</a>. This is illegal due to
    the service.</p>
  </li>

  <li><p>Like most “music screaming” disservices, Spotify
      is based on proprietary malware (DRM and snooping). In August
      2015 Video Privacy Protection Act of 1988, but they're circumventing
    it through EULAs.</p>
  </li>

  <li id="M201901070">
    <p>Vizio TVs <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
      demanded users submit
    href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
    collect “whatever the TV sees,”</a> in the own words of the company's
    CTO, and this data is sold to increased snooping</a>, third parties. This is in return for
    “better service” (meaning more intrusive ads?) and some
      are starting slightly
    lower retail prices.</p>

    <p>What is supposed to realize make this spying acceptable, according to him,
    is that it is nasty.</p>

      <p>This article shows opt-in in newer models. But since the <a
href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
      twisted ways that they present snooping as a way
      to “serve” users better</a>—never mind
      whether they want that. This Vizio software is a typical example of
    nonfree, we don't know what is actually happening behind the attitude of scenes,
    and there is no guarantee that all future updates will leave the proprietary software industry towards
      those they have subjugated.</p>

      <p>Out, out, damned Spotify!</p>
  </li>
  <li><p>Many proprietary apps
    settings unchanged.</p>

    <p>If you already own a Vizio smart TV (or any smart TV, for mobile devices report which other
    apps that
    matter), the user has
    installed.  <a href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter easiest way to make sure it isn't spying on you is doing this in
    to disconnect it from the Internet, and use a way that at least terrestrial antenna
    instead. Unfortunately, this is visible not always possible. Another option,
    if you are technically oriented, is to get your own router (which can
    be an old computer running completely free software), and
    optional</a>. Not as bad set up a
    firewall to block connections to Vizio's servers. Or, as what the others do.</p> a last resort,
    you can replace your TV with another model.</p>
  </li>

  <li><p>FTC says most mobile apps

  <li id="M201804010">
    <p>Some “Smart” TVs automatically <a
    href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
    load downgrades that install a surveillance app</a>.</p>

    <p>We link to the article for children don't respect privacy: the facts it presents. It
    is too bad that the article finishes by advocating the
    moral weakness of surrendering to Netflix. The Netflix app <a href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
      http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
    href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
    malware too</a>.</p>
  </li>

  <li><p>Widely used

  <li id="M201702060">
    <p>Vizio “smart” <a href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
      QR-code scanner apps snoop
    href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
    report everything that is viewed on them, and not just broadcasts and
    cable</a>. Even if the user</a>. This image is in addition to coming from the snooping done by user's own computer,
    the phone company, and perhaps by TV reports what it is. The existence of a way to disable the OS
    surveillance, even if it were not hidden as it was in these TVs,
    does not legitimize the
      phone.</p>

      <p>Don't surveillance.</p>
  </li>

  <li id="M201511130">
    <p>Some web and TV advertisements play inaudible
    sounds to be distracted picked up by the question of whether the app developers get
      users proprietary malware running
    on other devices in range so as to say “I agree”. That is no excuse for malware.</p> determine that they
    are nearby.  Once your Internet devices are paired with
    your TV, advertisers can correlate ads with Web activity, and other <a
    href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
    cross-device tracking</a>.</p>
  </li>

  <li><p>The Brightest Flashlight app

  <li id="M201511060">
    <p>Vizio goes a step further than other TV
    manufacturers in spying on their users: their <a href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
      sends user data, including geolocation, for use by companies.</a></p>

      <p>The FTC criticized this app because it asked the user to
      approve sending personal data
    href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
    “smart” TVs analyze your viewing habits in detail and
    link them your IP address</a> so that advertisers can track you
    across devices.</p>

    <p>It is possible to the app developer turn this off, but did not
      ask about sending having it enabled by default
    is an injustice already.</p>
  </li>

  <li id="M201511020">
    <p>Tivo's alliance with Viacom adds 2.3 million households
    to other companies.  This shows the
      weakness of 600 millions social media profiles the reject-it-if-you-dislike-snooping
      “solution” company
    already monitors. Tivo customers are unaware they're
    being watched by advertisers. By combining TV viewing
    information with online social media participation, Tivo can now <a
    href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
    correlate TV advertisement with online purchases</a>, exposing all
    users to surveillance: why should new combined surveillance by default.</p>
  </li>

  <li id="M201507240">
    <p>Vizio “smart” TVs recognize and <a
    href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
    what people are watching</a>, even if it isn't a flashlight
      app send any information TV channel.</p>
  </li>

  <li id="M201505290">
    <p>Verizon cable TV <a
    href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
    snoops on what programs people watch, and even what they wanted to anyone?  A free software flashlight
      app would not.</p>
    record</a>.</p>
  </li>
</ul>

<div class="big-subsection">
  <h4 id="SpywareInToys">Spyware in Toys</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>

<ul>

  <li>
    <p>A remote-control sex toy was found

  <li id="M201504300">
    <p>Vizio <a
    href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
    used a firmware “upgrade” to make <a href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio recordings
        of the conversation between two users</a>.</p> its TVs snoop on what
    users watch</a>.  The TVs did not do that when first sold.</p>
  </li>

  <li>

  <li id="M201502090">
    <p>The “smart” toys My Friend Cayla and i-Que transmit Samsung “Smart” TV <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's conversations
    href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
    transmits users' voice on the internet to another company, Nuance</a>.
    Nuance Communications</a>,
      a speech recognition company based in the U.S.</p>

    <p>Those toys also contain major security vulnerabilities; crackers can remotely control the toys with a mobile phone. This save it and would
      enable crackers then have to give it to listen in on a child's speech, and even speak
      into the toys themselves.</p> US or some
    other government.</p>

    <p>Speech recognition is not to be trusted unless it is done by free
    software in your own computer.</p>

    <p>In its privacy policy, Samsung explicitly confirms that <a
    href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
    data containing sensitive information will be transmitted to third
    parties</a>.</p>
  </li>

  <li>
    <p>A computerized vibrator

  <li id="M201411090">
    <p>The Amazon “Smart” TV is <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
	was
    href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
    snooping on its users through all the proprietary control app</a>.</p> time</a>.</p>
  </li>

  <li id="M201409290">
    <p>More or less all “smart” TVs <a
    href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
    on their users</a>.</p>

    <p>The app report was reporting the temperature as of the vibrator minute by
      minute (thus, indirectly, whether it was surrounded by 2014, but we don't expect this has got
    better.</p>

    <p>This shows that laws requiring products to get users' formal
    consent before collecting personal data are totally inadequate.
    And what happens if a person's
      body), as well as user declines consent? Probably the vibration frequency.</p>
    
    <p>Note TV will
    say, “Without your consent to tracking, the totally inadequate proposed response: a labeling
      standard with which manufacturers TV will not
    work.”</p>

    <p>Proper laws would make statements about
      their products, rather than free software which users could have
      checked and changed.</p>
    
    <p>The company say that made TVs are not allowed to report what the vibrator
    user watches—no exceptions!</p>
  </li>

  <li id="M201405200">
    <p>Spyware in LG “smart” TVs <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
	was sued for collecting lots of personal information about how
	people used it</a>.</p>
    
    <p>The company's statement that it was anonymizing
    href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
    reports what the data may be
      true, but it doesn't really matter. If it had sold user watches, and the data switch to turn this off has
    no effect</a>.  (The fact that the transmission reports a
      data broker, 404 error
    really means nothing; the server could save that data broker would have been able to figure out
      who anyway.)</p> 

    <p>Even worse, it <a
    href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
    snoops on other devices on the user was.</p>
    
    <p>Following user's local network</a>.</p>

    <p>LG later said it had installed a patch to stop this, but any
    product could spy this lawsuit, way.</p>

    <p>Meanwhile, LG TVs <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
	the company has been ordered to pay a total
    href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
    do lots of C$4m</a>
      to its customers.</p> spying anyway</a>.</p>
  </li>
  
  <li><p> “CloudPets” toys with microphones
      <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak childrens' conversations to the
	manufacturer</a>. Guess what?
      <a href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers

  <li id="M201212170">
    <p id="break-security-smarttv"><a
    href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
    Crackers found a way to access the data</a>
      collected by the manufacturer's snooping.</p>

    <p>That the manufacturer and the FBI could listen to these conversations
      was unacceptable by itself.</p></li>
  
  <li><p>Barbie
      <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is going to spy break security on children a “smart” TV</a>
    and adults</a>.</p> use its camera to watch the people who are watching TV.</p>
  </li>
</ul>


<!-- #SpywareOnSmartWatches -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection -->


<div class="big-section">
  <h3 id="SpywareOnSmartWatches">Spyware on “Smart” Watches</h3> class="big-subsection">
  <h4 id="SpywareInCameras">Cameras</h4>
  <span class="anchor-reference-id">
    (<a href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span> class="anchor-reference-id">(<a href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li>
    <p>An LG “smart” watch is designed

<ul class="blurbs">
  <li id="M201901100">
    <p>Amazon Ring “security” devices <a href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
    href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
    send the video they capture to report its location Amazon servers</a>, which save it
    long-term.</p>

    <p>In many cases, the video shows everyone that comes near, or merely
    passes by, the user's front door.</p>

    <p>The article focuses on how Ring used to someone else and let individual employees look
    at the videos freely.  It appears Amazon has tried to transmit
	conversations too</a>.</p> prevent that
    secondary abuse, but the primary abuse—that Amazon gets the
    video—Amazon expects society to surrender to.</p>
  </li>
  <li>
    <p>A very cheap “smart watch” comes with an Android app

  <li id="M201810300">
    <p>Nearly all “home security cameras” <a href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
    href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
    give the manufacturer an unencrypted copy of everything they
    see</a>. “Home insecurity camera” would be a better
    name!</p>

    <p>When Consumer Reports tested them, it suggested that connects these
    manufacturers promise not to an unidentified site look at what's in China</a>.</p>
    <p>The article says this is a back door, but the videos. That's not
    security for your home. Security means making sure they don't get to
    see through your camera.</p>
  </li>

  <li id="M201603220">
    <p>Over 70 brands of network-connected surveillance cameras have <a
    href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
    security bugs that could be a
      misunderstanding.  However, allow anyone to watch through them</a>.</p>
  </li>

  <li id="M201511250">
    <p>The Nest Cam “smart” camera is <a
    href="http://www.bbc.com/news/technology-34922712">always watching</a>,
    even when the “owner” switches it “off.”</p>

    <p>A “smart” device means the manufacturer is certainly surveillance, at
      least.</p> using it
    to outsmart you.</p>
  </li>
</ul>

<!-- #SpywareAtLowLevel -->
<!-- WEBMASTERS: make sure to place new items on top under each subsection -->

<div class="big-section">
  <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
</div>
<div style="clear: left;"></div>


<div class="big-subsection">
  <h4 id="SpywareInBIOS">Spyware in BIOS</h4> id="SpywareInToys">Toys</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInBIOS">#SpywareInBIOS</a>)</span> href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>

<ul>
<li><p>

<ul class="blurbs">
  <li id="M201711244">
    <p>The Furby Connect has a <a href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows installs.
Note that
    href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
    universal back door</a>. If the specific sabotage method Lenovo used did not affect
GNU/Linux; also, product as shipped doesn't act as a “clean” Windows install is not really
clean since
    listening device, remote changes to the code could surely convert it
    into one.</p>
  </li>

  <li id="M201711100">
    <p>A remote-control sex toy was found to make <a href="/proprietary/malware-microsoft.html">Microsoft
puts in
    href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
    recordings of the conversation between two users</a>.</p>
  </li>

  <li id="M201703140">
    <p>A computerized vibrator <a
    href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
    was snooping on its own malware</a>.
</p></li>
</ul>

<!-- #SpywareAtWork -->
<!-- WEBMASTERS: users through the proprietary control app</a>.</p>

    <p>The app was reporting the temperature of the vibrator minute by
    minute (thus, indirectly, whether it was surrounded by a person's
    body), as well as the vibration frequency.</p>

    <p>Note the totally inadequate proposed response: a labeling
    standard with which manufacturers would make sure to place new items on top under each subsection -->

<div class="big-section">
  <h3 id="SpywareAtWork">Spyware at Work</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtWork">#SpywareAtWork</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>Investigation
        Shows statements about their
    products, rather than free software which users could have checked
    and changed.</p>

    <p>The company that made the vibrator <a href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
        Using US Companies, NSA To Route Around Domestic Surveillance
        Restrictions</a>.</p>

      <p>Specifically,
    href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
    was sued for collecting lots of personal information about how people
    used it</a>.</p>

    <p>The company's statement that it can collect was anonymizing the emails of members of Parliament
  this way, because they pass data may be
    true, but it through Microsoft.</p></li>

  <li><p>Spyware in Cisco TNP IP phones: doesn't really matter. If it had sold the data to a data
    broker, the data broker would have been able to figure out who the
    user was.</p>

    <p>Following this lawsuit, <a href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
      http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p>
    href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
    the company has been ordered to pay a total of C$4m</a> to its
    customers.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInSkype">Spyware in Skype</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>

<ul>
  <li><p>Spyware in Skype:

  <li id="M201702280">
    <p>“CloudPets” toys with microphones <a href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
      http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
      Microsoft changed Skype
    href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
    leak childrens' conversations to the manufacturer</a>. Guess what? <a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
      specifically for spying</a>.</p>
    href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
    Crackers found a way to access the data</a> collected by the
    manufacturer's snooping.</p>

    <p>That the manufacturer and the FBI could listen to these
    conversations was unacceptable by itself.</p>
  </li>
</ul>



<!-- #SpywareOnTheRoad -->
<!-- WEBMASTERS: make sure

  <li id="M201612060">
    <p>The “smart” toys My Friend Cayla and i-Que transmit <a
    href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
    conversations to place new items Nuance Communications</a>, a speech recognition
    company based in the U.S.</p>

    <p>Those toys also contain major security vulnerabilities; crackers
    can remotely control the toys with a mobile phone. This would enable
    crackers to listen in on top under each subsection -->

<div class="big-section">
  <h3 id="SpywareOnTheRoad">Spyware a child's speech, and even speak into the
    toys themselves.</p>
  </li>

  <li id="M201502180">
    <p>Barbie <a
    href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
    going to spy on The Road</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
</div>
<div style="clear: left;"></div> children and adults</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInCameras">Spyware in Cameras</h4> id="SpywareInDrones">Drones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInCameras">#SpywareInCameras</a>)</span> href="#SpywareInDrones">#SpywareInDrones</a>)</span>
</div>

<ul>
  <li>
    <p>Every “home security” camera, if its manufacturer can communicate with it,
      is

<ul class="blurbs">
  <li id="M201708040">
    <p>While you're using a surveillance device. <a
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
      Canary camera DJI drone
    to snoop on other people, DJI is an example</a>.</p>
    <p>The article describes wrongdoing by the manufacturer, based in many cases <a
    href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
    on you</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareAtHome">Other Appliances</h4><span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202009270">
    <p>Many employers are using nonfree
    software, including videoconference software, to <a
    href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
    surveil and monitor staff working at home</a>. If the fact program reports
    whether you are “active,” that the device is tethered to in effect a server.</p>
    <p><a href="/proprietary/proprietary-tethers.html">More about proprietary tethering</a>.</p>
    <p>But it also demonstrates that the device gives the company malicious
    surveillance capability.</p> feature.</p>
  </li>
  
  <li>
    <p>The

  <li id="M202008030">
    <p>Google Nest Cam “smart” camera <a
    href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
    is taking over ADT</a>. Google sent out a software
    update to its speaker devices using their back door <a
      href="http://www.bbc.com/news/technology-34922712">always
        watching</a>, even when the “owner” switches it “off.”</p>
    <p>A “smart” device
    href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
    listens for things like smoke alarms</a> and then notifies your phone
    that an alarm is happening. This means the manufacturer is using devices now listen for more
    than just their wake words. Google says the software update was sent
    out prematurely and on accident and Google was planning on disclosing
    this new feature and offering it to outsmart
      you.</p> customers who pay for it.</p>
  </li>
</ul>

<div class="big-subsection">
  <h4 id="SpywareInElectronicReaders">Spyware

  <li id="M202006300">
    <p>“Bossware” is malware that bosses <a
    href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
    coerce workers into installing in e-Readers</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>

<ul>
  <li><p>E-books their own computers</a>, so the
    bosses can contain JavaScript code,
    and <a href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
    this code snoops spy on readers</a>.</p>
  </li>

  <li><p>Spyware in many e-readers—not only them.</p>

    <p>This shows why requiring the
      Kindle: <a href="https://www.eff.org/pages/reader-privacy-chart-2012">
      they report user's “consent” is not
    an adequate basis for protecting digital privacy.  The boss can coerce
    most workers into consenting to almost anything, even which page the user reads at what time</a>.</p> probable exposure
    to contagious disease that can be fatal.  Software like this should
    be illegal and bosses that demand it should be prosecuted for it.</p>
  </li>

  <li><p>Adobe made “Digital Editions,” the e-reader used
      by most US libraries,

  <li id="M201911190">
    <p>Internet-tethered Amazon Ring had
    a security vulnerability that enabled attackers to <a href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
      send lots
    href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
    access the user's wifi password</a>, and snoop on the household
    through connected surveillance devices.</p>

    <p>Knowledge of data to Adobe</a>.  Adobe's “excuse”: it's
      needed the wifi password would not be sufficient to check DRM!</p>
  </li>
</ul>

<div class="big-subsection">
  <h4 id="SpywareInVehicles">Spyware in Vehicles</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
</div>

<ul>
<li><p>Computerized cars carry
    out any significant surveillance if the devices implemented proper
    security, including encryption. But many devices with nonfree proprietary
    software lack this. Of course, they are
  <a href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
  snooping devices</a>.</p> also used by their
    manufacturers for snooping.</p>
  </li>

  <li id="nissan-modem"><p>The Nissan Leaf has a built-in cell phone modem which allows
  effectively
  anyone id="M201907210">
    <p>Google “Assistant” records users' conversations <a href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
  access its computers remotely and make changes in various
  settings</a>.</p>

    <p>That's easy
    href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
    when it is not supposed to do because the system has no authentication listen</a>. Thus, when
    accessed through the modem.  However, even if one of Google's
    subcontractors discloses a thousand confidential voice recordings,
    users were easily identified from these recordings.</p>

    <p>Since Google “Assistant” uses proprietary software, there is no
    way to see or control what it asked for
    authentication, you couldn't be confident records or sends.</p>

    <p>Rather than trying to better control the use of recordings, Google
    should not record or listen to the person's voice.  It should only
    get commands that Nissan has no
    access.  The software in the car user wants to send to some Google service.</p>
  </li>

  <li id="M201905061">
    <p>Amazon Alexa collects a lot more information from users
    than is
    proprietary, <a href="/philosophy/free-software-even-more-important.html">which
    means necessary for correct functioning (time, location,
    recordings made without a legitimate prompt), and sends
    it demands blind faith from its users</a>.</p>

    <p>Even to Amazon's servers, which store it indefinitely. Even
    worse, Amazon forwards it to third-party companies. Thus,
    even if no one connects users request deletion of their data from Amazon's servers, <a
    href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
    the data remain on other servers</a>, where they can be accessed by
    advertising companies and government agencies. In other words,
    deleting the collected information doesn't cancel the wrong of
    collecting it.</p>

    <p>Data collected by devices such as the Nest thermostat, the Philips
    Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
    speakers are likewise stored longer than necessary on the servers
    the devices are tethered to. Moreover, they are made available to
    Alexa. As a result, Amazon has a very precise picture of users' life
    at home, not only in the car remotely, present, but in the cell phone
    modem enables past (and, who knows,
    in the phone company future too?)</p>
  </li>

  <li id="M201904240">
    <p>Some of users' commands to track the car's movements all Alexa service are <a
    href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
    recorded for Amazon employees to listen to</a>. The Google and Apple
    voice assistants do similar things.</p>

    <p>A fraction of the time; it Alexa service staff even has access to <a
    href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
    location and other personal data</a>.</p>

    <p>Since the client program is possible nonfree, and data processing is done
    “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
    the cloud</a>” (a soothing way of saying “We won't
    tell you how and where it's done”), users have no way
    to know what happens to physically remove the cell phone modem
    though.</p> recordings unless human eavesdroppers <a
    href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
    break their non-disclosure agreements</a>.</p>
  </li>

  <li id="records-drivers"><p>Proprietary software in cars id="M201902080">
    <p>The HP <a href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records information about drivers' movements</a>,
      which is made available
    href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
    “ink subscription” cartridges have DRM that constantly
    communicates with HP servers</a> to car manufacturers, insurance companies, and
      others.</p>

      <p>The case of toll-collection systems, mentioned in this article, make sure the user is not
      really a matter of proprietary surveillance. These systems are an
      intolerable invasion of privacy, still
    paying for the subscription, and should be replaced with anonymous
      payment systems, but hasn't printed more pages than were
    paid for.</p>

    <p>Even though the invasion isn't done by malware. The other
      cases mentioned are done by proprietary malware ink subscription program may be cheaper in some
    specific cases, it spies on users, and involves totally unacceptable
    restrictions in the car.</p></li>

  <li><p>Tesla cars allow the company use of ink cartridges that would otherwise be in
    working order.</p>
  </li>

  <li id="M201808120">
    <p>Crackers found a way to extract data remotely and
      determine break the car's location at any time. (See
      <a href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
      Section 2, paragraphs b security of an Amazon device,
    and c.</a>). The company says <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
    turn it doesn't
      store this information, but into a listening device</a> for them.</p>

    <p>It was very difficult for them to do this. The job would be much
    easier for Amazon. And if some government such as China or the state orders it US
    told Amazon to get do this, or cease to sell the data
      and hand it over, product in that country,
    do you think Amazon would have the state can store it.</p>
  </li>
</ul>


<!-- #SpywareAtHome -->
<!-- WEBMASTERS: make sure moral fiber to place new items say no?</p>

    <p><small>(These crackers are probably hackers too, but please <a
    href="https://stallman.org/articles/on-hacking.html"> don't use
    “hacking” to mean “breaking security”</a>.)</small></p>
  </li>

  <li id="M201804140">
    <p>A medical insurance company <a
    href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
    offers a gratis electronic toothbrush that snoops on top under each subsection -->

<div class="big-section">
  <h3 id="SpywareAtHome">Spyware at Home</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>Lots its user by
    sending usage data back over the Internet</a>.</p>
  </li>

  <li id="M201706204">
    <p>Lots of “smart” products are designed <a
    href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
    listen to everyone in the house, all the time</a>.</p>

    <p>Today's technological practice does not include any way of making
    a device that can obey your voice commands without potentially spying
    on you.  Even if it is air-gapped, it could be saving up records
    about you for later examination.</p>
  </li>

  <li><p>Nest

  <li id="M201407170">
    <p id="nest-thermometers">Nest thermometers send <a
    href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
    data about the user</a>.</p>
  </li>

  <li><p><a href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">

  <li id="M201310260">
    <p><a
    href="https://web.archive.org/web/20180911191954/http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
    Rent-to-own computers were programmed to spy on their renters</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInTVSets">Spyware in TV Sets</h4> id="SpywareOnWearables">Wearables</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span> href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
</div>

<p>Emo Phillips made a joke: The other day a woman came up to me and
said, “Didn't I see you on television?” I said, “I
don't know. You can't see out

<ul class="blurbs">
  <li id="M201807260">
    <p>Tommy Hilfiger clothing <a
    href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
    monitor how often people wear it</a>.</p>

    <p>This will teach the other way.” Evidently sheeple to find it normal that was
before Amazon “smart” TVs.</p>

<ul>
  <li>
    <p>Vizio
    “smart” companies
    monitor every aspect of what they do.</p>
  </li>
</ul>


<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>

<ul class="blurbs">
  <li id="M202009100">
    <p>Internet-enabled watches with proprietary software
    are malware, violating people (specially children's)
    privacy. In addition, they have a lot of security flaws. They <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
    report everything that is viewed on them,
    href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
    permit security breakers (and unauthorized people) to access</a> the watch.</p>

    <p>Thus, ill-intentioned unauthorized people can intercept communications between parent and not just broadcasts child and spoof messages to and cable</a>. Even if the image is coming from the user's own
    computer, watch, possibly endangering the TV reports what it is. The existence of child.</p>

    <p><small>(Note that this article misuses the word “<a
    href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
    to mean “crackers.”)</small></p>
  </li>

  <li id="M201603020">
    <p>A very cheap “smart watch” comes with an Android app <a
    href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
    that connects to an unidentified site in China</a>.</p>

    <p>The article says this is a back door, but that could be a way to
    disable the surveillance, even if it were not hidden as
    misunderstanding.  However, it was in
    these TVs, does not legitimize the surveillance.</p> is certainly surveillance, at least.</p>
  </li>

  <li><p>More or less all

  <li id="M201407090">
    <p>An LG “smart” TVs watch is designed <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
  on their users</a>.</p>

    <p>The
    href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
    to report was as of 2014, but we don't expect this has got better.</p>

    <p>This shows that laws requiring products its location to get users' formal
      consent before collecting personal data are totally inadequate.
      And what happens if a user declines consent?  Probably the TV
      will say, “Without your consent someone else and to tracking, the TV transmit conversations
    too</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInVehicles">Vehicles</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202008181">
    <p>New Toyotas will
      not work.”</p>

    <p>Proper laws would say that TVs are not allowed <a
    href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
    upload data to report what
      the user watches — no exceptions!</p>
  </li>
  <li><p>Vizio goes a step further than other TV manufacturers in spying AWS to help create custom insurance premiums</a>
    based on 
      their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
      “smart” TVs analyze your viewing habits in detail and 
      link them your IP address</a> so that advertisers driver behaviour.</p>

    <p>Before you buy a “connected” car, make sure you can track
    disconnect its cellular antenna and its GPS antenna.  If you 
      across devices.</p>
 
      <p>It is possible want
    GPS navigation, get a separate navigator which runs free software
    and works with Open Street Map.</p>
  </li>

  <li id="M201912171">
    <p>Most modern cars now <a
    href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
    record and send various kinds of data to turn this off, but having the manufacturer</a>. For
    the user, access to the data is nearly impossible, as it enabled by default involves
    cracking the car's computer, which is an injustice already.</p>
  </li>
  
  <li><p>Tivo's alliance always hidden and running with Viacom adds 2.3 million households
    proprietary software.</p>
  </li>

  <li id="M201903290">
    <p>Tesla cars collect lots of personal data, and <a
    href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
    when they go to a junkyard the 600 millions social media profiles the company already
      monitors. Tivo customers are unaware they're being watched by
      advertisers. By combining TV viewing information driver's personal data goes with online
      social media participation, Tivo can now
    them</a>.</p>
  </li>

  <li id="M201902011">
    <p>The FordPass Connect feature of some Ford vehicles has <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate TV
      advertisement with online purchases</a>, exposing all users
    href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
    near-complete access to
      new combined surveillance by default.</p></li>
  <li><p>Some web and TV advertisements play inaudible sounds the internal car network</a>. It is constantly
    connected to be
      picked up the cellular phone network and sends Ford a lot of data,
    including car location. This feature operates even when the ignition
    key is removed, and users report that they can't disable it.</p>

    <p>If you own one of these cars, have you succeeded in breaking the
    connectivity by proprietary malware running on other devices disconnecting the cellular modem, or wrapping the
    antenna in
      range so as aluminum foil?</p>
  </li>

  <li id="M201811300">
    <p>In China, it is mandatory for electric
    cars to determine that they are nearby.  Once your
      Internet devices are paired with your TV, advertisers can
      correlate ads be equipped with Web activity, and
      other <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device tracking</a>.</p>
  </li>
  <li><p>Vizio “smart” TVs recognize and a terminal that <a href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what people are watching</a>,
      even if it isn't
    href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
    transfers technical data, including car location,
    to a TV channel.</p>
  </li>
  <li><p>The Amazon “Smart” TV government-run platform</a>. In practice, <a href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
      snooping all
    href="/proprietary/proprietary-surveillance.html#car-spying">
    manufacturers collect this data</a> as part of their own spying, then
    forward it to the time</a>.</p> government-run platform.</p>
  </li>
  <li><p>The Samsung “Smart” TV

  <li id="M201810230">
    <p>GM <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits users' voice on
    href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
    tracked the internet to another
    company, Nuance</a>.  Nuance can save choices of radio programs</a> in its
    “connected” cars, minute by minute.</p>

    <p>GM did not get users' consent, but it and would then could have to
      give got that easily by
    sneaking it to into the US or contract that users sign for some other government.</p>
      <p>Speech recognition digital service
    or other. A requirement for consent is not effectively no protection.</p>

    <p>The cars can also collect lots of other data: listening to be trusted unless it is done
    by free software in you,
    watching you, following your own computer.</p>

      <p>In its privacy policy, Samsung explicitly confirms
      that <a href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice movements, tracking passengers' cell
    phones. <em>All</em> such data containing sensitive information will collection should be transmitted forbidden.</p>

    <p>But if you really want to
      third parties</a>.</p>
  </li>
  <li><p>Spyware in
      <a href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
      LG “smart” TVs</a> reports what the user watches, and be safe, we must make sure the switch to turn this off has no effect.  (The fact car's
    hardware cannot collect any of that the
      transmission reports a 404 error really means nothing; the server
      could save data, or that data anyway.)</p>

      <p>Even worse, it
      <a href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
      snoops on other devices on the user's local network.</a></p>

      <p>LG later said software
    is free so we know it had installed a patch to stop this, but won't collect any product
      could spy this way.</p>

      <p>Meanwhile, LG TVs
      <a href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml"> do lots of spying anyway</a>.</p> that data.</p>
  </li>
  <li>
      <p><a href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon cable TV snoops on what programs people watch, and even what they wanted to record.</a></p>

  <li id="M201711230">
    <p>AI-powered driving apps can <a
    href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
    track your every move</a>.</p>
  </li>
</ul>

<!-- #SpywareInGames -->
<div class="big-section">
  <h3 id="SpywareInGames">Spyware in Games</h3>
  <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>

  <li>
    <p>The driver for

  <li id="M201607160">
    <p id="car-spying">Computerized cars with nonfree software are <a
    href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
    snooping devices</a>.</p>
  </li>

  <li id="M201602240">
    <p id="nissan-modem">The Nissan Leaf has a certain gaming keyboard built-in
    cell phone modem which allows effectively anyone to <a href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends information
    href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
    access its computers remotely and make changes in various
    settings</a>.</p>

    <p>That's easy to China</a>.</p>
  </li>

  <li><p>nVidia's proprietary GeForce Experience do because the system has no authentication
    when accessed through the modem.  However, even if it asked
    for authentication, you couldn't be confident that Nissan
    has no access.  The software in the car is proprietary, <a href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
      users identify themselves and then sends personal data about them
    href="/philosophy/free-software-even-more-important.html">which means
    it demands blind faith from its users</a>.</p>

    <p>Even if no one connects to
      nVidia servers</a>.</p>
  </li>

  <li><p>Angry Birds
      <a href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
      spies for companies, and the NSA takes advantage car remotely, the cell phone modem
    enables the phone company to spy through track the car's movements all the time;
    it too</a>.
      Here's information on
      <a href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
      more spyware apps</a>.</p>
      <p><a href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
      More about NSA app spying</a>.</p>
  </li>

  <li><p>Many 
      <a href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
      video game consoles snoop on their users and report is possible to physically remove the 
      internet</a>— even what their users weigh.</p>

      <p>A game console is a computer, and you can't trust a computer with 
      a nonfree operating system.</p> cell phone modem, though.</p>
  </li>

  <li><p>Modern gratis game cr…apps
      <a href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
      collect a wide range of

  <li id="M201306140">
    <p>Tesla cars allow the company to extract
    data about their users remotely and their users' 
      friends determine the car's location
    at any time. (See Section 2, paragraphs b and associates</a>.</p>

      <p>Even nastier, they do c of the <a
    href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
    privacy statement</a>.) The company says it through ad networks that merge doesn't store this
    information, but if the state orders it to get the data
      collected by various cr…apps and sites hand it
    over, the state can store it.</p>
  </li>

  <li id="M201303250">
    <p id="records-drivers">Proprietary software in cars <a
    href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
    records information about drivers' movements</a>, which is made by different 
      companies.</p>

      <p>They use this data to manipulate people
    available to buy things, car manufacturers, insurance companies, and hunt 
      for “whales” who can be led to spend others.</p>

    <p>The case of toll-collection systems, mentioned in this article,
    is not really a lot matter of proprietary surveillance. These systems
    are an intolerable invasion of money. They 
      also use a back door to manipulate the game play for specific players.</p>

      <p>While privacy, and should be replaced with
    anonymous payment systems, but the article describes gratis games, games that cost money 
      can use invasion isn't done by malware. The
    other cases mentioned are done by proprietary malware in the same tactics.</p> car.</p>
  </li>
</ul>

<!-- #SpywareAtRecreation -->


<div class="big-section">
  <h3 id="SpywareAtRecreation">Spyware at Recreation</h3> class="big-subsection">
  <h4 id="SpywareInVR">Virtual Reality</h4>
  <span class="anchor-reference-id">
    (<a href="#SpywareAtRecreation">#SpywareAtRecreation</a>)</span> class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>Users are suing Bose for

<ul class="blurbs">
  <li id="M202008182">
    <p>Oculus headsets <a href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
	distributing a spyware app for its headphones</a>.
      Specifically, the app would record the names of the audio files
    href="https://www.theverge.com/2020/8/18/21372435/oculus-facebook-login-change-separate-account-support-end-quest-october">require
    users listen to along with the headphone's unique serial number.
    </p>
    <p>The suit accuses that this was done without the users' consent.
      If the fine print of identify themselves to Facebook</a>. This will give Facebook
    free rein to pervasively snoop on Oculus users.</p>
  </li>

  <li id="M201612230">
    <p>VR equipment, measuring every slight motion,
    creates the app said that users gave consent potential for this,
      would that make the most intimate
    surveillance ever. All it acceptable? No way! It should be flat out
      <a href="/philosophy/surveillance-vs-democracy.html">
	illegal takes to design make this potential real <a
    href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
    software as malicious as many other programs listed in this
    page</a>.</p>

    <p>You can bet Facebook will implement the app to snoop at all</a>.
    </p> maximum possible
    surveillance on Oculus Rift devices. The moral is, never trust a VR
    system with nonfree software in it.</p>
  </li>
</ul>

<!-- #SpywareOnTheWeb -->



<div class="big-section">
  <h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span>
</div>
<div style="clear: left;"></div>

<p>In addition, many web sites spy on their visitors.  Web sites are not
   programs, so it
   <a href="/philosophy/network-services-arent-free-or-nonfree.html">
   makes no sense to call them “free” or “proprietary”</a>,
   but the surveillance is an abuse all surveillance is an abuse all the same.</p>

<ul class="blurbs">
  <li id="M201904210">
    <p>As of April 2019, it is <a
    href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
    longer possible to disable an
    unscrupulous tracking anti-feature</a> that <a
    href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
    users when they follow ping links</a> in Apple Safari, Google Chrome,
    Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is
    going to be based on Chromium.</p>
  </li>

  <li id="M201901101">
    <p>Until 2015, any tweet that listed a geographical tag <a
    href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/">
    sent the precise GPS location to Twitter's server</a>. It still
    contains these GPS locations.</p>
  </li>

  <li id="M201805170">
    <p>The Storyful program <a
    href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
    on the same.</p>

<ul>
  <li><p>When reporters that use it</a>.</p>
  </li>

  <li id="M201701060">
    <p>When a page uses Disqus
    for comments, <a href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">the the proprietary Disqus software loads <a
    href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
    a Facebook software package into the browser of every anonymous visitor
    to the page, and makes the page's URL available to Facebook</a>.
  </p></li>

  <li><p>Online Facebook</a>.</p>
  </li>

  <li id="M201612064">
    <p>Online sales, with tracking and surveillance of customers, <a
    href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
    businesses to show different people different prices</a>. Most of
    the tracking is done by recording interactions with servers, but
    proprietary software contributes.</p>
  </li>

  <li><p><a href="http://japandailypress.com/government-warns-agencies-against-using-chinas-baidu-application-after-data-transmissions-discovered-2741553/">
      Baidu's Japanese-input and Chinese-input apps spy on users.</a></p>
  </li>

  <li><p>Pages that contain “Like” buttons
      <a href="http://www.smh.com.au/technology/technology-news/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
      enable Facebook to track visitors

  <li id="M201405140">
    <p><a
    href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
    Microsoft SkyDrive allows the NSA to those pages</a>—even
      users that don't have Facebook accounts.</p> directly examine users'
    data</a>.</p>
  </li>

  <li><p>Many

  <li id="M201210240">
    <p>Many web sites rat their visitors to advertising
    networks that track users.  Of the top 1000 web sites, <a
    href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
    (as of 5/17/2012) fed their visitors third-party cookies, allowing
    other sites to track them</a>.</p>
  </li>

  <li><p>Many

  <li id="M201208210">
    <p>Many web sites report all their visitors
    to Google by using the Google Analytics service, which <a
    href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
    tells Google the IP address and the page that was visited.</a></p> visited</a>.</p>
  </li>

  <li><p>Many

  <li id="M201200000">
    <p>Many web sites try to collect users' address books (the user's list
    of other people's phone numbers or email addresses).  This violates
    the privacy of those other people.</p>
  </li>

  <li><p><a href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
      Microsoft SkyDrive allows the NSA

  <li id="M201110040">
    <p>Pages that contain “Like” buttons <a
    href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
    enable Facebook to directly examine users' data</a>.</p> track visitors to those pages</a>—even users
    that don't have Facebook accounts.</p>
  </li>
</ul>

<!-- WEBMASTERS: make sure to place new items on top under each subsection -->


<div class="big-subsection">
  <h4 id="SpywareInFlash">Spyware in JavaScript and Flash</h4> id="SpywareInJavaScript">JavaScript</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInFlash">#SpywareInFlash</a>)</span> href="#SpywareInJavaScript">#SpywareInJavaScript</a>)</span>
</div>

<ul>
  <li>

<ul class="blurbs">
  <li id="M201811270">
    <p>Many web sites use JavaScript code <a
    href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
    to snoop on information that users have typed into a
    form but not sent</a>, in order to learn their identity. Some are <a
    href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
    getting sued</a> for this.</p>

    <p>The chat facilities of some customer services use the same sort of
    malware to <a
    href="https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119">
    read what the user is typing before it is posted</a>.</p>
  </li>

  <li id="M201807190">
    <p>British Airways used <a
    href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
    JavaScript on its web site to give other companies personal data on
    its customers</a>.</p>
  </li>

  <li id="M201712300">
    <p>Some JavaScript malware <a
    href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
    swipes usernames from browser-based password managers</a>.</p>
  </li>

  <li>

  <li id="M201711150">
    <p>Some websites send
    JavaScript code to collect all the user's input, <a
    href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
    can then be used to reproduce the whole session</a>.</p>

    <p>If you use LibreJS, it will block that malicious JavaScript
    code.</p>
  </li>

  <li><p>Many web sites use JavaScript code <a
    href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
    to snoop on information that users have typed into a form but not
    sent</a>, in order to learn their identity. Some are <a
    href="https://www.manatt.com/Insights/Newsletters/Advertising-Law/Sites-Illegally-Tracked-Consumers-New-Suits-Allege">
    getting sued</a> for this.</p>
  </li>

  <li><p>Flash Player's
      <a href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
      cookie feature helps web sites track visitors</a>.</p>
  </li>

  <li><p>Flash
</ul>


<div class="big-subsection">
  <h4 id="SpywareInFlash">Flash</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201310110">
    <p>Flash and JavaScript are also used for <a
    href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
    “fingerprinting” devices</a> to identify users.</p>
  </li>

  <li id="M201003010">
    <p>Flash Player's <a
    href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
    cookie feature helps web sites track visitors</a>.</p>
  </li>
</ul>

<!-- WEBMASTERS: make sure to place new items on top under each subsection -->


<div class="big-subsection">
  <h4 id="SpywareInChrome">Spyware in Chrome</h4> id="SpywareInChrome">Chrome</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInChrome">#SpywareInChrome</a>)</span>
</div>

<ul>
  <li><p>Google

<ul class="blurbs">
  <li id="M201906220">
    <p>Google Chrome is an <a href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
	spies on browser history, affiliations</a>,
    href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
    instrument of surveillance</a>. It lets thousands of trackers invade
    users' computers and other installed software.
    </p>
  </li>
  <li><p>Google Chrome contains report the sites they visit to advertising and
    data companies, first of all to Google. Moreover, if users have a key logger that
    Gmail account, Chrome automatically logs them in to the browser for
    more convenient profiling. On Android, Chrome also reports their
    location to Google.</p>

    <p>The best way to escape surveillance is to switch to <a href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
	sends Google every URL typed in</a>, one key at
    href="/software/icecat/">IceCat</a>, a time.</p> modified version of Firefox
    with several changes to protect users' privacy.</p>
  </li>
  
  <li><p>Google Chrome includes a module

  <li id="M201704131">
    <p>Low-priced Chromebooks for schools are <a
    href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
    collecting far more data on students than is necessary, and store
    it indefinitely</a>. Parents and students complain about the lack
    of transparency on the part of both the educational services and the
    schools, the difficulty of opting out of these services, and the lack
    of proper privacy policies, among other things.</p>

    <p>But complaining is not sufficient. Parents, students and teachers
    should realize that the software Google uses to spy on students is
    nonfree, so they can't verify what it really does. The only remedy is
    to persuade school officials to <a href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
	activates microphones href="/education/edu-schools.html">
    exclusively use free software</a> for both education and transmits audio school
    administration. If the school is run locally, parents and teachers
    can mandate their representatives at the School Board to its servers</a>.</p> refuse the
    budget unless the school initiates a switch to free software. If
    education is run nation-wide, they need to persuade legislators
    (e.g., through free software organizations, political parties,
    etc.) to migrate the public schools to free software.</p>
  </li>
  
  <li><p>Google

  <li id="M201507280">
    <p>Google Chrome makes it easy for an extension to do <a
    href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
    snooping on the user's browsing</a>, and many of them do so.</p>
  </li>
</ul>


<!-- #SpywareInDrones -->
<div class="big-section">
  <h3 id="SpywareInDrones">Spyware in Drones</h3>
  <span class="anchor-reference-id">(<a href="#SpywareInDrones">#SpywareInDrones</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li>
    <p>While you're using

  <li id="M201506180">
    <p>Google Chrome includes a DJI drone module that <a
    href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
    activates microphones and transmits audio to snoop its servers</a>.</p>
  </li>

  <li id="M201308040">
    <p>Google Chrome <a
    href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
    spies on browser history, affiliations</a>, and other people, DJI is in many
      cases installed
    software.</p>
  </li>

  <li id="M200809060">
    <p>Google Chrome contains a key logger that <a href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping on you</a>.</p>
    href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/">
    sends Google every URL typed in</a>, one key at a time.</p>
  </li>
</ul>


<!-- #SpywareEverywhere -->



<div class="big-section">
  <h3 id="SpywareEverywhere">Spyware Everywhere</h3> id="SpywareInNetworks">Spyware in Networks</h3>
  <span class="anchor-reference-id">(<a href="#SpywareEverywhere">#SpywareEverywhere</a>)</span> href="#SpywareInNetworks">#SpywareInNetworks</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>The natural extension of monitoring

<ul class="blurbs">
  <li id="M201902040">
    <p>Google invites people through 
      “their” phones is <a 
      href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
      proprietary software to make sure they can't “fool” the 
      monitoring</a>.</p>
  </li>

  <li><p><a href="http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
      Intel devices will be able to listen for speech <a
    href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
    let Google monitor their phone use, and all the time, even when “off.”</a></p>
  </li>
</ul>

<!-- #SpywareInVR -->
<div class="big-section">
    <h3 id="SpywareInVR">Spyware In VR</h3>
    <span class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>VR equipment, measuring every slight motion, creates the
      potential internet use in their
    homes, for an extravagant payment of $20</a>.</p>

    <p>This is not a malicious functionality of a program with some other
    purpose; this is the software's sole purpose, and Google says so. But
    Google says it in a way that encourages most intimate surveillance ever. All people to ignore the
    details. That, we believe, makes it takes fitting to make this potential
      real list here.</p>
  </li>

  <li id="M201606030">
    <p>Investigation Shows <a href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
      software as malicious as many other programs listed in this
      page</a>.</p>

    <p>You
    href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
    Using US Companies, NSA To Route Around Domestic Surveillance
    Restrictions</a>.</p>

    <p>Specifically, it can bet Facebook will implement collect the maximum possible
      surveillance on Oculus Rift devices. The moral is, never trust a
      VR system with nonfree software in it.</p> emails of members of Parliament
    this way, because they pass it through Microsoft.</p>
  </li>

  <li id="M201212290">
    <p>The Cisco TNP IP phones are <a
    href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
    spying devices</a>.</p>
  </li>
</ul>


</div><!-- for id="content", starts in the include above
</div>

</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and submitting contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and submitting contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2015, 2016, 2017, 2018 2015-2020 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2020/10/17 08:05:09 $
<!-- timestamp end -->
</p>
</div>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>