<!--#include virtual="/server/header.html" --> <!-- Parent-Version:1.851.96 --> <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Tethers - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <!--#include virtual="/proprietary/po/proprietary-tethers.translist" --> <!--#include virtual="/server/banner.html" --> <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <p class="breadcrumb"> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By type / </p> </div> <!--GNUN: OUT-OF-DATE NOTICE--> <!--#if expr="$OUTDATED_SINCE" --><!--#else --> <!--#if expr="$LANGUAGE_SUFFIX" --> <!--#set var="DISABLE_TOP_ADDENDUM" value="no" --> <!--#include virtual="/server/top-addendum.html" --> <!--#endif --> <!--#endif --> <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Proprietary Tethers</h2><p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p><div class="infobox"> <hr class="full-width" /> <p>Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.</p> <p>This typically takes the form of malicious functionalities.</p> <hr class="full-width" /> </div> <div class="article"> <p>Tethering a product or program means designing it to work only by communicating with a specificserverserver. That is always an injustice since it means you can't use the program without that server. It is also a secondary injustice if you can't communicate with the server initself.another way.</p> <p>In some cases, tethering is used to do specific nasty things to the users. This page reports instances where tethering was used to harm the users directly.</p> <div class="important"> <p>If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two topresent the specifics.</p> <ul> <li>serve as specific substantiation.</p> </div> <div class="column-limit" id="proprietary-tethers"></div> <ul class="blurbs"> <li id="M202007280"> <!--#set var="DATE" value='<small class="date-tag">2020-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Thegame Metal Gear RisingFocals eyeglass display, with snooping microphone, has been eliminated. Google eliminated it by buying the manufacturer and shutting it down. It also <a href="https://www.ctvnews.ca/sci-tech/canadian-smart-glasses-going-offline-weeks-after-company-bought-by-google-1.5042010">shut down the server these devices depend on</a>, which caused the ones already sold to cease to function.</p> <p>It may be a good thing to wipe out this product—for “smart,” read “snoop”—but Google didn't do that forMacOSthe sake of privacy. Rather, it was eliminating competition for its own snooping product.</p> </li> <li id="M202007270"> <!--#set var="DATE" value='<small class="date-tag">2020-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Mellow sous-vide cooker is tethered to a server. The company suddenly <ahref="http://www.gamerevolution.com/news/400087-metal-gear-rising-mac-unplayable-drm">href="https://www.slashgear.com/mellow-sous-vide-owners-get-unwelcome-subscription-surprise-27630842/"> turned this tethering into a subscription</a>, forbidding users from taking advantage of the “advanced features” of the cooker unless they pay a monthly fee.</p> </li> <li id="M202005070"> <!--#set var="DATE" value='<small class="date-tag">2020-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Wink sells a “smart” home hub that is tethered to a server. In May 2020, it ordered the purchasers to start <a href="https://www.techhive.com/article/3542631/wink-users-revolt-following-its-sudden-shift-to-a-subscription-model.html"> paying a monthly fee for the use of that server</a>. Because of the tethering, the hub is useless without that.</p> </li> <li id="M201909061"> <!--#set var="DATE" value='<small class="date-tag">2019-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Best Buy made controllable appliances and <a href="https://www.theverge.com/2019/9/6/20853671/best-buy-connect-insignia-smart-plug-wifi-freezer-mobile-app-shutdown-november-6"> shut down the service to control them through</a>.</p> <p>While it is laudable that Best Buy recognized it was mistreating the customers by doing so, this doesn't alter the facts that tethering the device to a particular server is a path to screwing the users, and that it is a consequence of having nonfree software in the device.</p> </li> <li id="M201904260"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Jibo robot toys were tethered to the manufacturer's server, and <a href="https://www.apnews.com/99c9ec8ebad242ca88178e22c7642648"> the company made them allcopies stopped working</a>.</p>cease to work</a> by shutting down that server.</p> <p>The shutdown might ironically be good for their users, since the product was designed to manipulate people by presenting a phony semblance of emotions, and was most certainly spying on them.</p> </li> <li id="M201904040"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Ebooks “bought” from Microsoft's store check that their DRM is valid by connecting to the store every time their “owner” wants to read them. Microsoft is going to close this store, <a href="https://www.bbc.com/news/technology-47810367"> bricking all DRM'ed ebooks it has ever “sold”</a>. (The article additionally highlights the pitfalls of DRM.)</p> <p>This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said it will refund customers, but this is no excuse for selling them restricted books.</p> </li><li><li id="M201903250"> <!--#set var="DATE" value='<small class="date-tag">2019-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>The British supermarket Tesco sold tablets which were tethered to Tesco's server for reinstalling default settings. Tesco <a href="https://www.theguardian.com/money/2019/mar/25/tesco-hudl-tablet-support-kill-fix"> turned off the server for old models</a>, so now if you try to reinstall the default settings, it bricks them instead.</p> </li> <li id="M201809260"> <!--#set var="DATE" value='<small class="date-tag">2018-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Honeywell's “smart” thermostats communicate only through the company's server. They have all the nasty characteristics of such devices: <a href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9"> surveillance, and danger of sabotage</a> (of a specific user, or of all users at once), as well as the risk of an outage (which is what just happened).</p> <p>In addition, setting the desired temperature requires running nonfree software. With an old-fashioned thermostat, you can do it using controls right on the thermostat.</p> </li> <li id="M201807050"> <!--#set var="DATE" value='<small class="date-tag">2018-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Jawbone fitness tracker was tethered to a proprietary phone app. In 2017, the company shut down and made the app stop working. <a href="https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which">All the existing trackers stopped working forever</a>.</p> <p>The article focuses on a further nasty fillip, that sales of the broken devices continued. ButIwe think that is a secondary issue; it made the nasty consequences extend to some additional people. The fundamental wrong was to design the devices to depend on something else that didn't respect users' freedom.</p> </li><li><li id="M201806250"> <!--#set var="DATE" value='<small class="date-tag">2018-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>The game Metal Gear Rising for MacOS was tethered to a server. The company <a href="http://www.gamerevolution.com/news/400087-metal-gear-rising-mac-unplayable-drm"> shut down the server, and all copies stopped working</a>.</p> </li> <li id="M201711080"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Logitech will sabotage all Harmony Link household control devices by <a href="https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/"> turning off the server through which the products' supposed owners communicate with them</a>.</p> <p>The owners suspect this is to pressure them to buy a newer model. If they are wise, they will learn, rather, to distrust any product that requires users to talk with them through some specialized service.</p> </li><li><li id="M201711010"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Sony has brought back its robotic pet Aibo, this time <ahref="https://motherboard.vice.com/en_us/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet">href="https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet"> with a universal back door, and tethered to a server that requires a subscription</a>.</p> </li><li><li id="M201710040.1"> <!--#set var="DATE" value='<small class="date-tag">2017-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Canary home surveillance camera has been sabotaged by its manufacturer, <a href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change"> turning off many features unless the user starts paying for a subscription</a>.</p> <p>With manufacturers like these, who needs security breakers?</p> <p>The purchasers should learn the larger lesson and reject connected appliances with embedded proprietary software. Every such product is a temptation to commit sabotage.</p> </li><li><li id="M201708310"> <!--#set var="DATE" value='<small class="date-tag">2017-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The recent versions of Microsoft Office require the user to <a href="https://products.office.com/en-us/microsoft-office-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372"> connect to Microsoft servers at least every thirty-one days</a>. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.</p> </li> <li id="M201705180"> <!--#set var="DATE" value='<small class="date-tag">2017-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Bird and rabbit pets were implemented for Second Life by a company that tethered their food to a server. <a href="https://www.rockpapershotgun.com/2017/05/19/second-life-ozimals-pet-rabbits-dying"> It shut down the server and the pets more or less died</a>.</p> </li><li><li id="M201704120"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Anova sabotaged users' cooking devices with a downgrade that tethered them to a remote server. <ahref="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unlesshref="https://web.archive.org/web/20170415145520/https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/">Unless users create an account on Anova's servers, their cookers won'tfunction.</a></p>function</a>.</p> </li><li><li id="M201611070"> <!--#set var="DATE" value='<small class="date-tag">2016-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>nVidia's proprietary GeForce Experience <a href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes users identify themselves and then sends personal data about them to nVidia servers</a>.</p> </li><li> <p>Adobe applications <a href="https://web.archive.org/web/20160308062844/http://www.wired.com/2013/05/adobe-creative-cloud-petition/">require periodic connection to a server</a>.</p> </li> <li><li id="M201609280"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>The iMessage app on iThings <a href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells a server every phone number that the user types into it</a>; the server records these numbers for at least 30 days.</p> </li><li><li id="M201607280"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>A half-blind security critique of a tracking app: it found that <a href="http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/"> blatant flaws allowed anyone to snoop on a user's personal data</a>. The critique fails entirely to express concern that the app sends the personal data to a server, where the <em>developer</em> gets it all. This “service” is for suckers!</p> <p>The server surely has a “privacy policy,” and surely it is worthless since nearly all of them are.</p> </li><li> <p>Google/Alphabet <a href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be"> intentionally broke Revolv home automatic control products<li id="M201604050"> <!--#set var="DATE" value='<small class="date-tag">2016-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Revolv is a device thatdependedmanaged “smart home” operations: switching lights, operate motion sensors, regulating temperature, etc. Its proprietary software depends on aserver</a>remote server tofunction,do these tasks. On May 15th, 2016, Google/Alphabet <a href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">intentionally broke it by shutting down theserver. The lesson is, reject all such products.server</a>.</p> <p>If it were free software, users would have the ability to make it work again, differently, and then have a freedom-respecting home instead of a “smart” home. Don't let proprietary software control your devices and turn them into $300 out-of-warranty bricks. Insist on self-contained computers that run free software!</p> </li> <li id="M201305100"> <!--#set var="DATE" value='<small class="date-tag">2013-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Adobe applications <a href="https://www.wired.com/2013/05/adobe-creative-cloud-petition/"> require periodic connection to a server</a>.</p> </li> </ul></div><!-- for id="content", starts in the include above</div> </div> <!--#include virtual="/proprietary/proprietary-menu.html" --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright ©2016, 2017, 20182016-2021 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2021/03/15 13:39:27 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>