<!--#include virtual="/server/header.html" virtual="/server/html5-header.html" -->
<!-- Parent-Version: 1.84 1.96 -->
<!-- This page is derived from /server/standards/boilerplate.html -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Software
- GNU Project - Free Software Foundation</title>
 <!--#include virtual="/proprietary/po/proprietary.translist" -->
<style type="text/css" media="print,screen">
div.companies
<!--
#skiplinks .button { float: right; margin-bottom: left; margin: .5em; }
div.malfunctions
#skiplinks .button a { display: inline-block; }
#about-section { font-size: 1.1em; font-style: italic; }
table#TOC {
   display: block;
   max-width: 27em; 100%; width: max-content;
   overflow: auto;
   border: .2em solid #e0dfda;
   margin: 2.5em auto;
}
<!--
div.toc h3
#TOC th, #TOC td {
   text-align: left;
   font-size: 1.2em; center;
   padding: 0 .83em; .7em;
   border-collapse: collapse;
}
#TOC th {
   vertical-align: middle;
   font-size: 1.1em;
   font-weight: bold;
   background: #fffae0;
}
#TOC td {
   vertical-align: top;
}
#TOC ul { padding-top: .5em; margin: .5em 1.5% 1em; 0; }
div.toc
#TOC ul li { padding-bottom: .5em; margin: 0; list-style: none; margin-bottom: 1em; }
div.toc
#TOC ol { margin-top: 1em; text-align: left; margin: 0; }
--></style>
#TOC ol li { margin: .5em 5%; }
#TOC a, #TOC a:visited,
 #skiplinks a, #skiplinks a:visited {
   color: #004caa;
   text-decoration: none;
}
#TOC a { text-decoration: none; }
#TOC a:hover { text-decoration: underline; }
-->
</style>
<style type="text/css" media="print,screen">
  .reduced-width { width: 55em; }
</style>
<!--#include virtual="/server/banner.html" -->
<div class="reduced-width">

<h2>Proprietary Software Is Often Malware</h2>

<div id="skiplinks">
<p class="button"><a href="#TOC">Table of contents</a></p>
<p class="button"><a href="#latest">Latest additions</a></p>
</div>
<div style="clear: both"></div>

<div id="about-section">
<p>Proprietary software, also called nonfree software,
means software that doesn't
<a href="/philosophy/free-sw.html">respect users' freedom and
community</a>.  A proprietary program puts its developer or owner
<a href="/philosophy/free-software-even-more-important.html">
in a position of power over its users.</a>
This power is in itself an injustice.</p>

<p>The point of this page directory is to show by examples that the initial
injustice of proprietary software often leads to further injustices:
malicious functionalities.</p>

<p>Power corrupts; the proprietary program's developer is tempted to
design the program to mistreat its users.  (Software whose functioning designed to
function in a way that mistreats the user is called <em>malware</em>.)
Of course, the developer usually does not do this out of malice, but
rather to profit more at the users' expense.  That does not make it
any less nasty or more legitimate.</p>

<p>Yielding to that temptation has become ever more frequent; nowadays
it is standard practice.  Modern proprietary software is typically
an opportunity to be tricked, harmed, bullied or swindled.</p>

<p>Online services are not released software, but in regard to all the
bad aspects, using a way service is equivalent to using a copy of released
software.  In particular, a service can be had.</p> designed to mistreat the
user, and many services do that.  However, we do not list instances of
malicious dis-services here, for two reasons.  First, a service
(whether malicious or not) is not a program that one could install a
copy of, and there is no way at all for users to change it.  Second,
it is so obvious that a service can mistreat users if the owner wishes
that we hardly need to prove it.</p>

<p>However, most online services require the user to run a nonfree
app.  The app <em>is</em> released software, so we do list malicious
functionalities of these apps.  Mistreatment by the service itself is
imposed by use of the app, so sometimes we mention those mistreatments
too—but we try to state explicitly what is done by the app and
what is done by the dis-service.</p>

<p>When a web site provides access to a service, it very likely sends
nonfree JavaScript software to execute in the user's browser.  Such
JavaScript code is released software, and it's morally equivalent to
other nonfree apps.  If it does malicious things, we want to mention
them here.</p>

<p>When talking about mobile phones, we do
list <a href="/proprietary/malware-mobiles.html#phone-communications">one
other malicious characteristic, location tracking</a> which is caused
by the underlying radio system rather than by the specific software in
them.</p>
</div>

<p>As of April, 2017, September, 2022, the files pages in this directory list around 300 550
instances of malicious functionalities, functionalities (with more than 670 references to
back them up), but there are surely thousands more we don't know about.</p>

<div class="toc">
<div class="companies">
<h3>Company

<p>Ideally we would list every instance.  If you come across an
instance which we do not list, please write to webmasters@gnu.org to
tell us about it.  Please include a reference to a reputable article
that describes the malicious behavior clearly; we won't list an item
without documentation to point to.</p>

<p>If you want to be notified when we add new items or type of product</h3>
<ul> make other changes,
subscribe to the <a
href="https://lists.gnu.org/mailman/listinfo/www-malware-commits">mailing list
<www-malware-commits@gnu.org></a>.</p>

<table id="TOC">
 <tr>
  <th>Injustices or techniques</th>
  <th>Products or companies</th>
 </tr>
 <tr>
  <td>
   <ul class="columns">
    <li><a href="/proprietary/malware-apple.html">Apple Malware</a></li> href="/proprietary/proprietary-addictions.html">Addictions</a></li>
    <li><a href="/proprietary/malware-microsoft.html">Microsoft Malware</a></li> href="/proprietary/proprietary-back-doors.html">Back doors</a> (<a href="#f1">1</a>)</li>
    <li><a href="/proprietary/malware-google.html">Google Malware</a></li> href="/proprietary/proprietary-censorship.html">Censorship</a></li>
    <li><a href="/proprietary/malware-adobe.html">Adobe Malware</a></li> href="/proprietary/proprietary-coercion.html">Coercion</a></li>
    <li><a href="/proprietary/malware-amazon.html">Amazon Malware</a></li> href="/proprietary/proprietary-coverups.html">Coverups</a></li>
    <li><a href="/proprietary/malware-webpages.html">Malware in webpages</a></li> href="/proprietary/proprietary-deception.html">Deception</a></li>
    <li><a href="/proprietary/malware-mobiles.html">Malware in mobile devices</a></li> href="/proprietary/proprietary-drm.html">DRM</a> (<a href="#f2">2</a>)</li>
    <li><a href="/proprietary/malware-games.html">Malware in games</a></li> href="/proprietary/proprietary-fraud.html">Fraud</a></li>
    <li><a href="/proprietary/malware-appliances.html">Malware in appliances</a></li> href="/proprietary/proprietary-incompatibility.html">Incompatibility</a></li>
    <li><a href="/proprietary/malware-cars.html">Malware in cars</a></li> href="/proprietary/proprietary-insecurity.html">Insecurity</a></li>
    <li><a href="/proprietary/proprietary-interference.html">Interference</a></li>
    <li><a href="/proprietary/proprietary-jails.html">Jails</a> (<a href="#f3">3</a>)</li>
    <li><a href="/proprietary/proprietary-manipulation.html">Manipulation</a></li>
    <li><a href="/proprietary/proprietary-obsolescence.html">Obsolescence</a></li>
    <li><a href="/proprietary/proprietary-sabotage.html">Sabotage</a></li>
    <li><a href="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li>
    <li><a href="/proprietary/proprietary-surveillance.html">Surveillance</a></li>
    <li><a href="/proprietary/proprietary-tethers.html">Tethers</a> (<a href="#f4">4</a>)</li>
    <li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a> (<a href="#f5">5</a>)</li>
    <li><a href="/proprietary/potential-malware.html">In the pipe</a></li>
   </ul>
</div>

<div class="malfunctions">
<h3>Type of malware</h3>
  </td>
  <td>
   <ul>
    <li><a href="/proprietary/proprietary-back-doors.html">Back doors</a></li> href="/proprietary/malware-appliances.html">Appliances</a></li>
    <li><a href="/proprietary/proprietary-censorship.html">Censorship</a></li> href="/proprietary/malware-cars.html">Cars</a></li>
    <li><a href="/proprietary/proprietary-coverups.html">Coverups</a></li> href="/proprietary/malware-in-online-conferencing.html">Conferencing</a></li>
    <li><a href="/proprietary/proprietary-deception.html">Deception</a></li> href="/proprietary/malware-edtech.html">EdTech</a></li>
    <li><a href="/proprietary/proprietary-incompatibility.html">Incompatibility</a></li> href="/proprietary/malware-games.html">Games</a></li>
    <li><a href="/proprietary/proprietary-insecurity.html">Insecurity</a></li> href="/proprietary/malware-mobiles.html">Mobiles</a></li>
    <li><a href="/proprietary/proprietary-interference.html">Interference</a></li> href="/proprietary/malware-webpages.html">Webpages</a></li>
    
   </ul>
   <ul>
    <li><a href="/proprietary/proprietary-sabotage.html">Sabotage</a></li> href="/proprietary/malware-adobe.html">Adobe</a></li>
    <li><a href="/proprietary/proprietary-surveillance.html">Surveillance</a></li> href="/proprietary/malware-amazon.html">Amazon</a></li>
    <li><a href="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li> href="/proprietary/malware-apple.html">Apple</a></li>
    <li><a href="/proprietary/proprietary-tethers.html">Tethers</a> to
servers</li> href="/proprietary/malware-google.html">Google</a></li>
    <li><a href="/proprietary/proprietary-drm.html">Digital href="/proprietary/malware-microsoft.html">Microsoft</a></li>
   </ul>
  </td>
 </tr>
 <tr>
  <td colspan="2">
   <ol>
    <li id="f1"><em>Back door:</em>  any feature of a program
     that enables someone who is not supposed to be in control of the
     computer where it is installed to send it commands.</li>

    <li id="f2"><em>Digital restrictions
    management</a> management, or “DRM” means
     “DRM”:</em>  functionalities designed to restrict
     what users can do with the data in their computers.</li>
<li><a href="/proprietary/proprietary-jails.html">Jails</a>—systems

    <li id="f3"><em>Jail:</em>  system that impose imposes censorship on
     application programs.</li>
<li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a>—systems

    <li id="f4"><em>Tether:</em>  functionality that requires
     permanent (or very frequent) connection to a server.</li>

    <li id="f5"><em>Tyrant:</em>  system that reject rejects any operating
     system not “authorized” by the manufacturer.</li>
<li><a href="/proprietary/potential-malware.html">Potential Malware</a></li>
</ul>
</div>
</div>
   </ol>
  </td>
 </tr>
</table>

<p>Users of proprietary software are defenseless against these forms
of mistreatment.  The way to avoid them is by insisting on
<a href="/philosophy/free-software-even-more-important.html">free
(freedom-respecting) software.</a> software</a>.  Since free software is controlled
by its users, they have a pretty good defense against malicious
software functionality.</p>

<h3 id="latest">Latest additions</h3>

<p style="margin-bottom: .5em">
  <!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
  --><!--#echo encoding="none" var="DATE" --></p>
<p id="uefi-rootkit" class="important" style="margin-top: 0">
  <strong><a href="/proprietary/proprietary-insecurity.html#uefi-rootkit">
  UEFI makes computers vulnerable to advanced persistent threats that are almost impossible
  to detect once installed...</a></strong></p>

<ul class="blurbs">
  <li id="M202301230">
    <!--#set var="DATE" value='<small class="date-tag">2023-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A dispute between Blizzard and one of its partners caused <a
    href="https://www.theguardian.com/world/2023/jan/23/world-of-warcraft-offline-china-millions-gamers-bereft">
    World of Wordcraft to go offline in China</a>. The shutdown may not be
    permanent, but even if it is not, the fact that a business disagreement
    can stop all users in China from playing the game illustrates the
    injustice of requiring the use of a specific server.</p>

    <p>We expect that users must pay to use that server, but whether that
    is the case is a side issue.  Even if use of that server is gratis,
    the harm comes from the fact that the program doesn't allow people
    to make and use other servers for that job.</p>

    <p>Let's hope game fans in China learn the importance of <a
    href="https://gnu.org/philosophy/nonfree-games.html">rejecting nonfree
    games</a>.</p>
  </li>

  <li id="M202211301">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Hackers discovered <a
    href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
    of flaws in the security (in the usual narrow sense) of many brands
    of automobiles</a>.</p>

    <p>Security in the usual narrow sense means security against unknown
    third parties. We are more concerned with security in the broader
    sense—against the manufacturer as well as against unknown
    third parties. It is clear that each of these vulnerabilities can
    be exploited by the manufacturer too, and by any government that
    can threaten the manufacturer enough to compel the manufacturer's
    cooperation.</p>
  </li>

  <li id="M202211140">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558">
    The iMonsters' app store client programs collect many kinds of data</a>
    about the user's actions and private communications. “Do not
    track” options are available, but tracking doesn't stop if
    the user activates them: Apple keeps on collecting data for itself,
    although it claims not to share it with third parties.</p>

    <p><a
    href="https://www.theregister.com/2022/11/14/apple_data_collection_lawsuit/">
    Apple is being sued</a> for that.</p>
  </li>

  <li id="M202210140">
    <!--#set var="DATE" value='<small class="date-tag">2022-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/">
    The Microsoft Office encryption is weak</a>, and susceptible to
    attack.</p>

    <p>Encryption is a tricky field, and easy to mess up. It is wise
    to insist on encryption software that is (1) free software and (2)
    studied by experts.</p>
  </li>

  <li id="M202211300">
    <!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="https://www.techarp.com/mobile/apple-china-limit-airdrop/">
    Obeying a demand by the Chinese government, Apple restricted the
    use of AirDrop in China</a>. It imposed a ten-minute time limit
    during which users can receive files from non contacts. This makes
    it nearly impossible to use AirDrop for its intended purpose, which
    is to exchange files with strangers between iMonsters in physical
    proximity. This happened after it became known that dissenters
    were using the app to distribute digital anti-government fliers
    anonymously.</p>
  </li>
</ul>
<p class="button right-align">
<a href="/proprietary/all.html">More items…</a></p>
</div>

</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer"> id="footer" role="contentinfo">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and submitting contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and submitting contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2013, 2014, 2015, 2016, 2017, 2018 2013-2023 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2023/01/29 12:32:14 $
<!-- timestamp end -->
</p>
</div>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>