Results of 1 - 1 of about 725 for Android 12 (1.945 sec.)
android (2801), 12 (27798)
- /proprietary/proprietary-surveillance.html-diff
- #score: 5143
- @digest: 4d483cf965f4062a9947afd35ddd638a
- @id: 113684
- @lang: en
- @mdate: 2019-06-10T19:32:11Z
- @size: 241709
- @type: text/html
- content-type: text/html; charset=utf-8
- #keywords: spyware (47501), theguardian (36749), snooping (25972), consent (20737), href (20187), li (20132), apps (19047), surveillance (18106), anchor (18063), span (16391), subsection (14723), android (14698), https (14265), privacy (14107), spying (13704), smart (13041), facebook (12600), phones (12246), tracking (11061), technology (10798), google (10284), phone (10142), personal (10045), apple (9883), proprietary (9388), mobile (8414), malware (8025), com (7495), app (7484), windows (7377), users (7341), company (6524)
- <!--#include virtual="/server/header.html" --> <!-- Parent-Version: 1.84 1.86 --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Surveillance - GNU Project - Free Software Foundation</title> <style type="text/css" media="print,screen"><!-- .announcement { background: none; } #surveillance div.toc { width: 24.5em; max-width: 94%; margin-bottom: 1em; margin: 1em 0; } @media (min-width: 48em) { #surveillance div.toc { float: left; width: auto; max-width: 48%; margin: .2em 1.2em 0 1em; } #surveillance .medium { width: 43%; margin: 7em 0 1em 1.5em; } } --></style> <!-- GNUN: localize URL /graphics/dog.small.jpg --> <!--#include virtual="/proprietary/po/proprietary-surveillance.translist" --> <!--#include virtual="/server/banner.html" --> <h2>Proprietary Surveillance</h2> <p><a href="/proprietary/proprietary.html"> Other examples of proprietary malware</a></p> <div class="comment"> <p>Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.</p> <div class="announcement"> <p>This document attempts <p>One common form of mistreatment is to track snoop on the user. This page records <strong>clearly established cases of proprietary software that spies on or tracks users</strong>.</p> <p><a href="/proprietary/proprietary.html"> Other examples users</strong>. Manufacturers even refuse to <a href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say whether they snoop on users for the state</a>.</p> <p>All appliances and applications that are tethered to a specific server are snoopers by nature. We do not list them in this page because they have their own page: <a href="/proprietary/proprietary-tethers.html">Proprietary Tethers</a>.</p> <div class="important" style="margin-bottom: 2em"> <p>If you know of proprietary malware</a></p> an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.</p> </div> </div> <div id="surveillance"> <div class="pict medium"> <a href="/graphics/dog.html"> <img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a> <p>“How did they find out I'm a dog?”</p> </div> <div class="toc"> <h3 id="TableOfContents">Table of Contents</h3> <ul> <li><a href="#Introduction">Introduction</a></li> <li><a href="#OSSpyware">Spyware in Operating Systems</a> Laptops and Desktops</a> <ul> <li><a href="#SpywareInWindows">Spyware in Windows</a></li> href="#SpywareInWindows">Windows</a></li> <li><a href="#SpywareInMacOS">Spyware in MacOS</a></li> href="#SpywareInMacOS">MacOS</a></li> <li><a href="#SpywareInAndroid">Spyware in Android</a></li> href="#SpywareInBIOS">BIOS</a></li> </ul> </li> <li><a href="#SpywareOnMobiles">Spyware on Mobiles</a> <ul> <li><a href="#SpywareIniThings">Spyware in iThings</a></li> href="#SpywareInTelephones">All “Smart” Phones</a></li> <li><a href="#SpywareInTelephones">Spyware in Telephones</a></li> href="#SpywareIniThings">iThings</a></li> <li><a href="#SpywareInMobileApps">Spyware in Mobile Applications</a></li> href="#SpywareInAndroid">Android Telephones</a></li> <li><a href="#SpywareInToys">Spyware in Toys</a></li> href="#SpywareInElectronicReaders">E-Readers</a></li> </ul> </li> <li><a href="#SpywareOnSmartWatches">Spyware on Smart Watches</a></li> <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a> href="#SpywareInApplications">Spyware in Applications</a> <ul> <li><a href="#SpywareInBIOS">Spyware in BIOS</a></li> </ul> </li> href="#SpywareInDesktopApps">Desktop Apps</a></li> <li><a href="#SpywareAtWork">Spyware at Work</a> <ul> href="#SpywareInMobileApps">Mobile Apps</a></li> <li><a href="#SpywareInSkype">Spyware in Skype</a></li> href="#SpywareInSkype">Skype</a></li> <li><a href="#SpywareInGames">Games</a></li> </ul> </li> <li><a href="#SpywareOnTheRoad">Spyware on the Road</a> href="#SpywareInEquipment">Spyware in Connected Equipment</a> <ul> <li><a href="#SpywareInCameras">Spyware in Cameras</a></li> href="#SpywareInTVSets">TV Sets</a></li> <li><a href="#SpywareInElectronicReaders">Spyware in e-Readers</a></li> href="#SpywareInCameras">Cameras</a></li> <li><a href="#SpywareInVehicles">Spyware in Vehicles</a></li> </ul> </li> href="#SpywareInToys">Toys</a></li> <li><a href="#SpywareAtHome">Spyware at Home</a> href="#SpywareInDrones">Drones</a></li> <li><a href="#SpywareAtHome">Other Appliances</a></li> <li><a href="#SpywareOnWearables">Wearables</a> <ul> <li><a href="#SpywareInTVSets">Spyware in TV Sets</a></li> href="#SpywareOnSmartWatches">“Smart” Watches</a></li> </ul> </li> <li><a href="#SpywareInGames">Spyware in Games</a></li> href="#SpywareInVehicles">Vehicles</a></li> <li><a href="#SpywareInRecreation">Spyware in Recreation</a></li> href="#SpywareInVR">Virtual Reality</a></li> </ul> </li> <li><a href="#SpywareOnTheWeb">Spyware on the Web</a> <ul> <li><a href="#SpywareInChrome">Spyware in Chrome</a></li> href="#SpywareInChrome">Chrome</a></li> <li><a href="#SpywareInFlash">Spyware in JavaScript and Flash</a></li> href="#SpywareInJavaScript">JavaScript</a></li> <li><a href="#SpywareInFlash">Flash</a></li> </ul> </li> <li><a href="#SpywareInDrones">Spyware href="#SpywareInNetworks">Spyware in Drones</a></li> <li><a href="#SpywareEverywhere">Spyware Everywhere</a></li> <li><a href="#SpywareInVR">Spyware In VR</a></li> Networks</a></li> </ul> </div> </div> <div style="clear: left;"></div> <!-- #Introduction --> </div> <div class="big-section"> <h3 id="Introduction">Introduction</h3> </div> <div style="clear: left;"></div> <p>For decades, the Free Software movement has been denouncing the abusive surveillance machine of <a href="/proprietary/proprietary.html">proprietary software</a> companies such as <a href="/proprietary/malware-microsoft.html">Microsoft</a> and <a href="/proprietary/malware-apple.html">Apple</a>. In the recent years, this tendency to watch people has spread across industries, not only in the software business, but also in the hardware. Moreover, it also spread dramatically away from the keyboard, in the mobile computing industry, in the office, at home, in transportation systems, and in the classroom.</p> <h3 <h4 id="AggregateInfoCollection">Aggregate or anonymized data</h3> data</h4> <p>Many companies, in their privacy policy, have a clause that claims they share aggregate, non-personally identifiable information with third parties/partners. Such claims are worthless, for several reasons:</p> <ul> <li>They could change the policy at any time.</li> <li>They can twist the words by distributing an “aggregate” of “anonymized” data which can be reidentified and attributed to individuals.</li> <li>The raw data they don't normally distribute can be taken by data breaches.</li> <li>The raw data they don't normally distribute can be taken by subpoena.</li> </ul> <p>Therefore, we must not be distracted by companies' statements of what they will <em>do</em> with the data they collect. The wrong is that they collect it at all.</p> <h3 <h4 id="LatestAdditions">Latest additions</h3> <p>Latest additions additions</h4> <p>Entries in each category are found in reverse chronological order, based on top under each category.</p> <!-- #OSSpyware --> <!-- WEBMASTERS: make sure to place new items the dates of publication of linked articles. The latest additions are listed on top under each subsection --> the <a href="/proprietary/proprietary.html#latest">main page</a> of the Malware section.</p> <div class="big-section"> <h3 id="OSSpyware">Spyware in Operating Systems</h3> Laptops and Desktops</h3> <span class="anchor-reference-id">(<a href="#OSSpyware">#OSSpyware</a>)</span> </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInWindows">Spyware in Windows</h4> id="SpywareInWindows">Windows</h4> <span class="anchor-reference-id">(<a href="#SpywareInWindows">#SpywareInWindows</a>)</span> </div> <ul> <li><p>Windows <ul class="blurbs"> <li id="M201712110"> <p>HP's proprietary operating system <a href="http://www.bbc.com/news/technology-42309371">includes a proprietary keyboard driver with a key logger in it</a>.</p> </li> <li id="M201710134"> <p>Windows 10 telemetry program sends information to Microsoft about the user's computer and their use of the computer.</p> <p>Furthermore, for users who installed the fourth stable build of Windows 10, called the “Creators Update,” Windows maximized the surveillance<a surveillance <a href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law"> by force setting the telemetry mode to “Full”</a>.</p> <p>The <a href="https://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization#full-level"> href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level"> “Full” telemetry mode</a> allows Microsoft Windows engineers to access, among other things, registry keys <a href="https://technet.microsoft.com/en-us/library/cc939702.aspx">which can contain sensitive information like administrator's login password</a>.</p></li> <li><p>Windows DRM password</a>.</p> </li> <li id="M201702020"> <p>DRM-restricted files <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can can be used to <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users"> identify people browsing through Tor</a>. The vulnerability exists only if you use Windows. </p></li> <li><p>By Windows.</p> </li> <li id="M201611240"> <p>By default, Windows 10 <a href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends debugging information to Microsoft, including core dumps</a>. Microsoft now distributes them to another company.</p></li> <li>In company.</p> </li> <li id="M201608170.1"> <p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate" href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive"> blatantly disregards user choice and privacy</a>. privacy</a>.</p> </li> <li><p><a <li id="M201603170"> <p><a href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security"> Windows 10 comes with 13 screens of snooping options</a>, all enabled by default, and turning them off would be daunting to most users.</p></li> <li><p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> Microsoft has already backdoored its disk encryption</a>.</p></li> <li>It users.</p> </li> <li id="M201601050"> <p>It appears <a href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/"> Windows 10 sends data to Microsoft about what applications are running</a>.</li> <li><p>A downgrade to Windows 10 deleted surveillance-detection applications. Then another running</a>.</p> </li> <li id="M201512280"> <p>Microsoft has <a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> backdoored its disk encryption</a>.</p> </li> <li id="M201511264"> <p>A downgrade to Windows 10 deleted surveillance-detection applications. Then another downgrade inserted a general spying program. Users noticed this and complained, so Microsoft renamed it <a href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"> href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/"> to give users the impression it was gone</a>.</p> <p>To use proprietary software is to invite such treatment.</p> </li> <li><p> <li id="M201508180"> <p><a href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping"> Intel devices will be able to listen for speech all the time, even when “off.”</a></p> </li> <li id="M201508130"> <p><a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10 sends identifiable information to Microsoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.</p> </li> <li id="M201507300"> <p>Windows 10 <a href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/"> href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/"> ships with default settings that show no regard for the privacy of its users</a>, giving Microsoft the “right” to snoop on the users' files, text input, voice input, location info, contacts, calendar records and web browsing history, as well as automatically connecting the machines to open hotspots and showing targeted ads.</p></li> <li><p> <a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/"> Windows 10 sends identifiable information to Microsoft</a>, even if a user turns off its Bing search and Cortana features, and activates the privacy-protection settings.</p></li> <li><p> ads.</p> <p>We can suppose Microsoft look at users' files for the US government on demand, though the “privacy policy” does not explicitly say so. Will it look at users' files for the Chinese government on demand?</p> </li> <li id="M201506170"> <p>Microsoft uses Windows 10's “privacy policy” to overtly impose a “right” to look at users' files at any time. Windows 10 full disk encryption <a href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/"> gives Microsoft a key</a>.</p> <p>Thus, Windows is overt malware in regard to surveillance, as in other issues.</p> <p>We can suppose Microsoft look at users' files for the US government on demand, though the “privacy policy” does not explicit say so. Will it look at users' files for the Chinese government on demand?</p> <p>The unique “advertising ID” for each user enables other companies to track the browsing of each specific user.</p> <p>It's as if Microsoft has deliberately chosen to make Windows 10 maximally evil on every dimension; to make a grab for total power over anyone that doesn't drop Windows now.</p></li> <li><p>It now.</p> </li> <li id="M201410040"> <p>It only gets worse with time. <a href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html"> Windows 10 requires users to give permission for total snooping</a>, including their files, their commands, their text input, and their voice input.</p> </li> <li><p><a href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"> <li id="M201401150"> <p id="baidu-ime"><a href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/"> Baidu's Japanese-input and Chinese-input apps spy on users</a>.</p> </li> <li id="M201307080"> <p>Spyware in older versions of Windows: <a href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/"> Windows Update snoops on the user</a>. <a href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html"> Windows 8.1 snoops on local searches.</a>.</p> </li> <li><p>And searches</a>. And there's a <a href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA key in Windows</a>, whose functions we don't know.</p> </li> <li>HP's proprietary operating system <a href="http://www.bbc.com/news/technology-42309371">includes a proprietary keyboard driver with a key logger in it</a>.</li> </ul> <p>Microsoft's snooping on users did not start with Windows 10. There's a lot more <a href="/proprietary/malware-microsoft.html"> Microsoft malware</a>.</p> <div class="big-subsection"> <h4 id="SpywareInMacOS">Spyware in MacOS</h4> id="SpywareInMacOS">MacOS</h4> <span class="anchor-reference-id">(<a href="#SpywareInMacOS">#SpywareInMacOS</a>)</span> </div> <ul> <li><p><a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/"> MacOS automatically sends to Apple servers unsaved documents being edited</a>. The <ul class="blurbs"> <li id="M201809070"> <p>Adware Doctor, an ad blocker for MacOS, <a href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/"> things you have not decided to save are even more sensitive than href="https://motherboard.vice.com/en_us/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports the things you have stored in files</a>.</p> user's browsing history</a>.</p> </li> <li><p>Apple <li id="M201411040"> <p>Apple has made various <a href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud"> MacOS programs send files to Apple servers without asking permission</a>. This exposes the files to Big Brother and perhaps to other snoops.</p> <p>It also demonstrates how you can't trust proprietary software, because even if today's version doesn't have a malicious functionality, tomorrow's version might add it. The developer won't remove the malfeature unless many users push back hard, and the users can't remove it themselves.</p> </li> <li><p>Various operations in <a href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540"> the latest <li id="M201410300"> <p> MacOS send reports automatically <a href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/"> sends to Apple</a> servers.</p> Apple servers unsaved documents being edited</a>. The things you have not decided to save are <a href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/"> even more sensitive</a> than the things you have stored in files.</p> </li> <li><p>Apple <li id="M201410220"> <p>Apple admits the <a href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/"> spying in a search facility</a>, but there's a lot <a href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping that Apple has not talked about</a>.</p> </li> <li><p><a href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> Spotlight search</a> sends users' search terms to Apple.</p> </li> </ul> <li id="M201410200"> <p>Various operations in <a href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540"> the latest MacOS send reports to Apple</a> servers.</p> </li> <li id="M201401100.1"> <p><a href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> Spotlight search</a> sends users' search terms to Apple.</p> </li> </ul> <p>There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and <a href="/proprietary/malware-apple.html">Apple malware</a>.</p> <div class="big-subsection"> <span id="SpywareAtLowLevel"></span> <h4 id="SpywareInAndroid">Spyware in Android</h4> id="SpywareInBIOS">BIOS</h4> <span class="anchor-reference-id">(<a href="#SpywareInAndroid">#SpywareInAndroid</a>)</span> href="#SpywareInBIOS">#SpywareInBIOS</a>)</span> </div> <ul> <li> <p>20 dishonest Android apps recorded <a href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone calls and sent them and text messages <ul class="blurbs"> <li id="M201509220"> <p><a href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html"> Lenovo stealthily installed crapware and emails to snoopers</a>.</p> <p>Google did not intend to make these apps spy; spyware via BIOS</a> on Windows installs. Note that the contrary, it worked in various ways to prevent that, and deleted these apps after discovering what they did. So we cannot blame Google specifically for the snooping of these apps.</p> <p>On the other hand, Google redistributes nonfree Android apps, and therefore shares specific sabotage method Lenovo used did not affect GNU/Linux; also, a “clean” Windows install is not really clean since <a href="/proprietary/malware-microsoft.html">Microsoft puts in the responsibility for the injustice of their being nonfree. It also distributes its own nonfree apps, such as Google Play, <a href="/philosophy/free-software-even-more-important.html">which are malicious</a>.</p> <p>Could Google have done a better job malware</a>.</p> </li> </ul> <div class="big-section"> <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3> <span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span> </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInTelephones">All “Smart” Phones</h4> <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span> </div> <ul class="blurbs"> <li id="M201601110"> <p>The natural extension of preventing apps from cheating? There monitoring people through “their” phones is no systematic way for Google, or Android users, to inspect executable <a href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html"> proprietary apps software to see what make sure they do.</p> <p>Google could demand the source code for these apps, and study can't “fool” the source code somehow monitoring</a>.</p> </li> <li id="M201510050"> <p>According to determine whether they mistreat users in various ways. If it did a good job of this, it could more or less prevent such snooping, except when the app developers are clever enough Edward Snowden, <a href="http://www.bbc.com/news/uk-34444233">agencies can take over smartphones</a> by sending hidden text messages which enable them to outsmart turn the checking.</p> <p>But since Google itself develops malicious apps, we cannot trust Google to protect us. We must demand release of source code phones on and off, listen to the public, so we can depend on each other.</p> </li> <li> <p>A <a href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf"> research paper</a> that investigated microphone, retrieve geo-location data from the privacy GPS, take photographs, read text messages, read call, location and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, web browsing history, and anonymity given by read the majority of VPN apps—millions of users may be unawarely subject contact list. This malware is designed to poor security guarantees disguise itself from investigation.</p> </li> <li id="M201311120"> <p><a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and abusive practices inflicted by VPN apps.”</p> <p>Following BlackBerry</a>. While there is a non-exhaustive list of proprietary VPN apps from the research paper not much detail here, it seems that tracks and infringes this does not operate via the privacy universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone"> lots of users:</p> <dl> <dt>SurfEasy</dt> <dd>Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads.</dd> <dt>sFly Network Booster</dt> <dd>Requests bugs in the <code>READ_SMS</code> phones' radio software</a>.</p> </li> <li id="M201307000"> <p>Portable phones with GPS <a href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers"> will send their GPS location on remote command, and <code>SEND_SMS</code> permissions upon installation, meaning users cannot stop them</a>. (The US says it has full access will eventually require all new portable phones to users' text messages.</dd> <dt>DroidVPN and TigerVPN</dt> <dd>Requests the <code>READ_LOGS</code> permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this.</dd> <dt>HideMyAss</dt> <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested.</dd> <dt>VPN Services HotspotShield</dt> <dd>Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection GPS.)</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareIniThings">iThings</h4> <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span> </div> <ul class="blurbs"> <li id="M201906030"> <p>Apple can <a href="https://www.macrumors.com/2019/06/03/apples-new-find-my-app/"> track iMonsters even when they are suspended</a>.</p> <p>This distributed bluetooth network is said to display ads. Uses roughly 5 tracking libraries. Also, be “secure,” but it redirects the user's traffic through valueclick.com (an advertising website).</dd> <dt>WiFi Protector VPN</dt> <dd>Injects JavaScript code into HTML pages, and also uses roughly 5 tracking libraries. Developers of this app have confirmed is obviously <em>not</em> secure from Apple or from governments that can command Apple's obedience (such as the non-premium version of the app does JavaScript injection for tracking US and display ads.</dd> </dl> China).</p> </li> <li> <p><a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study in 2015</a> found that 90% <li id="M201905280"> <p>In spite of the top-ranked gratis proprietary Android Apple's supposed commitment to privacy, iPhone apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%.</p> contain trackers that are busy at night <a href="https://freediggz.com/2019/05/28/perspective-its-the-middle-of-the-night-do-you-know-who-your-iphone-is-talking-to/"> sending users' personal information to third parties</a>.</p> <p>The article confusingly describes gratis mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as “free”, but most phone fingerprint, exact location, email address, phone number or even delivery address (in the case of them are not in fact <a href="/philosophy/free-sw.html">free software</a>. It also uses DoorDash). Once this information is collected by the ugly word “monetize”. A good replacement for that word company, there is “exploit”; nearly always that no telling what it will fit perfectly.</p> be used for.</p> </li> <li> <p>Apps for BART <li id="M201711250"> <p>The DMCA and the EU Copyright Directive make it <a href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html"> illegal to study how iOS cr…apps spy on users</a>.</p> <p>With free software apps, users could <em>make sure</em> that they don't snoop.</p> <p>With proprietary apps, one can only hope that they don't.</p> users</a>, because this would require circumventing the iOS DRM.</p> </li> <li> <p>A study found 234 Android apps that track users by <li id="M201709210"> <p>In the latest iThings system, “turning off” WiFi and Bluetooth the obvious way <a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off"> doesn't really turn them off</a>. A more advanced way really does turn them off—only until 5am. That's Apple for you—“We know you want to ultrasound from beacons placed in stores or played by TV programs</a>. </p> be spied on”.</p> </li> <li> <p>Pairs of Android apps can collude <li id="M201702150"> <p>Apple proposes <a href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a fingerprint-scanning touch screen</a>—which would mean no way to transmit users' personal data use it without having your fingerprints taken. Users would have no way to servers. tell whether the phone is snooping on them.</p> </li> <li id="M201611170"> <p>iPhones <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send lots of pairs that collude</a>.</p> personal data to Apple's servers</a>. Big Brother can get them from there.</p> </li> <li> <p>Google Play intentionally sends <li id="M201609280"> <p>The iMessage app developers on iThings <a href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the personal details of users href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells a server every phone number that install the app</a>.</p> <p>Merely asking user types into it</a>; the “consent” of users is not enough server records these numbers for at least 30 days.</p> </li> <li id="M201509240"> <p>iThings automatically upload to legitimize actions like this. At this point, most users have stopped reading Apple's servers all the “Terms photos and Conditions” that spell out what videos they are “consenting” to. Google should clearly and honestly identify the information it collects on users, instead of hiding it in an obscurely worded EULA.</p> <p>However, to truly protect people's privacy, we must prevent Google make.</p> <blockquote><p> iCloud Photo Library stores every photo and other companies from getting this personal information in the first place!</p> </li> <li> <p>Google Play (a component of Android) <a href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks the users' movements without their permission</a>.</p> <p>Even if video you disable Google Maps take, and location tracking, you must disable Google Play itself keeps them up to completely stop the tracking. This date on all your devices. Any edits you make are automatically updated everywhere. […] </p></blockquote> <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud information</a> as accessed on 24 Sep 2015.) The iCloud feature is yet another example <a href="https://support.apple.com/en-us/HT202033">activated by the startup of nonfree software pretending iOS</a>. The term “cloud” means “please don't ask where.”</p> <p>There is a way to obey the user, when <a href="https://support.apple.com/en-us/HT201104"> deactivate iCloud</a>, but it's actually doing something else. Such active by default so it still counts as a thing would be almost unthinkable with free software.</p> </li> <li><p>More than 73% surveillance functionality.</p> <p>Unknown people apparently took advantage of the most popular Android apps this to <a href="http://jots.pub/a/2015103001/index.php">share personal, behavioral and location information</a> href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get nude photos of their users with third parties.</p> </li> <li><p>“Cryptic communication,” unrelated many celebrities</a>. They needed to the app's functionality, was break Apple's security to get at them, but NSA can access any of them through <a href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"> found in href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p> </li> <li id="M201409220"> <p>Apple can, and regularly does, <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data from iPhones for the 500 most popular gratis Android apps</a>.</p> <p>The article should not state</a>.</p> <p>This may have described these apps as “free”—they are improved with <a href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html"> iOS 8 security improvements</a>; but <a href="https://firstlook.org/theintercept/2014/09/22/apple-data/"> not free software. The clear way as much as Apple claims</a>.</p> </li> <li id="M201407230"> <p><a href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services"> Several “features” of iOS seem to say “zero price” is “gratis.”</p> <p>The article takes exist for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any possible purpose other snooping.</p> </li> <li><p>Gratis Android apps (but not than surveillance</a>. Here is the <a href="/philosophy/free-sw.html">free software</a>) connect to 100 href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf"> Technical presentation</a>.</p> </li> <li id="M201401100"> <p>The <a href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking class="not-a-duplicate" href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> iBeacon</a> lets stores determine exactly where the iThing is, and advertising</a> URLs, get other info too.</p> </li> <li id="M201312300"> <p><a href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep"> Either Apple helps the NSA snoop on all the average.</p> </li> <li><p>Spyware is present data in some Android devices when they are sold. Some Motorola phones modify Android to an iThing, or it is totally incompetent</a>.</p> </li> <li id="M201308080"> <p>The iThing also <a href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> send personal data to Motorola</a>.</p> href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/"> tells Apple its geolocation</a> by default, though that can be turned off.</p> </li> <li><p>Some manufacturers add <li id="M201210170"> <p>There is also a feature for web sites to track users, which is <a href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package such as Carrier IQ.</a></p> href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/"> enabled by default</a>. (That article talks about iOS 6, but it is still true in iOS 7.)</p> </li> <li><p><a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access <li id="M201204280"> <p>Users cannot make an Apple ID (<a href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary to any file on install even gratis apps</a>) without giving a valid email address and receiving the system.</p> verification code Apple sends to it.</p> </li> </ul> <!-- #SpywareOnMobiles --> <!-- WEBMASTERS: make sure to place new items on top under each subsection --> <div class="big-section"> <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3> <span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span> </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareIniThings">Spyware in iThings</h4> id="SpywareInAndroid">Android Telephones</h4> <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span> href="#SpywareInAndroid">#SpywareInAndroid</a>)</span> </div> <ul> <li><p>The DMCA and <ul class="blurbs"> <li id="M201904130"> <p>Google tracks the EU Copyright Directive make it movements of Android phones, and sometimes <a href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html"> illegal href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html"> saves the data for years</a>.</p> <p>Nonfree software in the phone has to study how iOS cr...apps spy on users</a>, because this would require circumventing be responsible for sending the iOS DRM.</p> location data to Google.</p> </li> <li><p>In <li id="M201812060"> <p>Facebook's app got “consent” to <a href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent"> upload call logs automatically from Android phones</a> while disguising what the latest iThings system, “turning off” WiFi and Bluetooth “consent” was for.</p> </li> <li id="M201811230"> <p>An Android phone was observed to track location even while in airplane mode. It didn't send the obvious way location data while in airplane mode. Instead, <a href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off"> doesn't really turn them off</a>. A more advanced way really does turn href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/"> it saved up the data, and sent them off—only until 5am. That's Apple for you—“We know you want to be spied on”.</p> all later</a>.</p> </li> <li><p>Apple proposes <li id="M201711210"> <p>Android tracks location for Google <a href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a fingerprint-scanning touch screen</a> — which would mean no way to use it without having your fingerprints taken. Users would have no way to tell whether href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml"> even when “location services” are turned off, even when the phone is snooping on them.</p></li> <li><p>iPhones has no SIM card</a>.</p> </li> <li id="M201611150"> <p>Some portable phones <a href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lots of personal data to Apple's servers</a>. Big Brother can get them from there.</p> China</a>.</p> </li> <li><p>The iMessage app on iThings <li id="M201609140"> <p>Google Play (a component of Android) <a href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells a server every phone number that the user types into it</a>; href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks the server records these numbers for at least 30 days.</p> </li> <li><p>Users cannot make an Apple ID <a href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary to install even gratis apps)</a> users' movements without giving a valid email address their permission</a>.</p> <p>Even if you disable Google Maps and receiving the code Apple sends location tracking, you must disable Google Play itself to it.</p> </li> <li><p>Around 47% of completely stop the most popular iOS apps <a class="not-a-duplicate" href="http://jots.pub/a/2015103001/index.php">share personal, behavioral and location information</a> tracking. This is yet another example of their users with third parties.</p> </li> <li><p>iThings automatically upload nonfree software pretending to Apple's servers all obey the photos user, when it's actually doing something else. Such a thing would be almost unthinkable with free software.</p> </li> <li id="M201507030"> <p>Samsung phones come with <a href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps that users can't delete</a>, and videos they make.</p> <blockquote><p> iCloud Photo Library stores every photo and video you take, and keeps them up to date on all your devices. Any edits you make are automatically updated everywhere. [...] </p></blockquote> <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud information</a> as accessed on 24 Sep 2015.) The iCloud feature send so much data that their transmission is <a href="https://support.apple.com/en-us/HT202033">activated a substantial expense for users. Said transmission, not wanted or requested by the startup user, clearly must constitute spying of iOS</a>. The term “cloud” means “please don't ask where.”</p> <p>There is a way some kind.</p> </li> <li id="M201403120"> <p><a href="/proprietary/proprietary-back-doors.html#samsung"> Samsung's back door</a> provides access to <a href="https://support.apple.com/en-us/HT201104"> deactivate iCloud</a>, but it's active any file on the system.</p> </li> <li id="M201308010"> <p>Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by default so it still counts as a surveillance functionality.</p> <p>Unknown people apparently took advantage of this to paywall) reports that <a href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get nude photos of many celebrities</a>. They needed to break Apple's security to get at them, but NSA can access any of them through <a href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>. </p></li> <li><p>Spyware in iThings: href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the <a class="not-a-duplicate" href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html"> iBeacon</a> lets stores determine exactly where FBI can remotely activate the iThing is, GPS and get other info too.</p> </li> <li><p>There is also a feature for web sites to track users, which microphone in Android phones and laptops</a>. (I suspect this means Windows laptops.) Here is <a href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/"> enabled by default</a>. (That article talks about iOS 6, but it href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p> </li> <li id="M201307280"> <p>Spyware is still true present in iOS 7.)</p> </li> <li><p>The iThing also <a href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/"> tells Apple its geolocation</a> some Android devices when they are sold. Some Motorola phones, made when this company was owned by default, though Google, use a modified version of Android that can be turned off.</p> </li> <li><p>Apple can, and regularly does, <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> sends personal data from iPhones to Motorola</a>.</p> </li> <li id="M201307250"> <p>A Motorola phone <a href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/"> listens for voice all the state</a>.</p> time</a>.</p> </li> <li><p><a href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep"> Either Apple helps <li id="M201302150"> <p>Google Play intentionally sends app developers <a href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the NSA snoop on all personal details of users that install the data in an iThing, or it is totally incompetent.</a></p> </li> <li><p><a href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services"> Several “features” app</a>.</p> <p>Merely asking the “consent” of iOS seem to exist for no possible purpose other than surveillance</a>. Here users is not enough to legitimize actions like this. At this point, most users have stopped reading the <a href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf"> Technical presentation</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInTelephones">Spyware in Telephones</h4> <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span> </div> <ul> <li><p>Tracking software in popular Android apps is pervasive “Terms and sometimes very clever. Some trackers can <a href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/"> follow a user's movements around a physical store by noticing WiFi networks</a>.</p> </li> <li><p>Android tracks location for Google <a href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml"> even when “location services” Conditions” that spell out what they are turned off, even when “consenting” to. Google should clearly and honestly identify the phone has no SIM card</a>.</p></li> <li><p>Some portable phones <a href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are sold with spyware sending lots information it collects on users, instead of data to China</a>.</p></li> <li><p>According to Edward Snowden, <a href="http://www.bbc.com/news/uk-34444233">agencies can take over smartphones</a> by sending hidden text messages which enable them hiding it in an obscurely worded EULA.</p> <p>However, to turn the phones on truly protect people's privacy, we must prevent Google and off, listen to the microphone, retrieve geo-location data other companies from getting this personal information in the GPS, take photographs, read text messages, read call, location and web browsing history, and read the contact list. This malware is designed to disguise itself from investigation.</p> first place!</p> </li> <li><p>Samsung phones come with <li id="M201111170"> <p>Some manufacturers add a <a href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps that users can't delete</a>, href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/"> hidden general surveillance package such as Carrier IQ</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInElectronicReaders">E-Readers</h4> <span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span> </div> <ul class="blurbs"> <li id="M201603080"> <p>E-books can contain JavaScript code, and they <a href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds"> sometimes this code snoops on readers</a>.</p> </li> <li id="M201410080"> <p>Adobe made “Digital Editions,” the e-reader used by most US libraries, <a href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/"> send so much lots of data that their transmission is a substantial expense for users. Said transmission, not wanted or requested by to Adobe</a>. Adobe's “excuse”: it's needed to check DRM!</p> </li> <li id="M201212030"> <p>Spyware in many e-readers—not only the user, clearly must constitute spying of some kind.</p></li> <li><p>A Motorola phone Kindle: <a href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/"> listens for voice all href="https://www.eff.org/pages/reader-privacy-chart-2012"> they report even which page the user reads at what time</a>.</p> </li> <li><p>Spyware </ul> <div class="big-section"> <h3 id="SpywareInApplications">Spyware in Android phones (and Windows? laptops): Applications</h3> <span class="anchor-reference-id">(<a href="#SpywareInApplications">#SpywareInApplications</a>)</span> </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInDesktopApps">Desktop Apps</h4> <span class="anchor-reference-id">(<a href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>)</span> </div> <ul class="blurbs"> <li id="M201811020"> <p>Foundry's graphics software <a href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/"> reports information to identify who is running it</a>. The Wall Street Journal (in an article blocked from us by result is often a paywall) reports legal threat demanding a lot of money.</p> <p>The fact that <a href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the FBI can remotely activate the GPS and microphone in Android phones and laptops</a>. (I suspect this means Windows laptops.) Here is <a href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p> </li> <li><p>Portable phones with GPS will send their GPS location on remote command and users cannot stop them: <a href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers"> http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>. (The US says used for repression of forbidden sharing makes it will eventually require all new portable phones to have GPS.)</p> </li> <li><p>The even more vicious.</p> <p>This illustrates that making unauthorized copies of nonfree Snapchat app's principal purpose software is to restrict not a cure for the use injustice of data on nonfree software. It may avoid paying for the user's computer, nasty thing, but cannot make it does surveillance too: <a href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"> it tries to get the user's list of other people's phone numbers.</a></p> less nasty.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4> id="SpywareInMobileApps">Mobile Apps</h4> <span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span> </div> <ul> <li> <ul class="blurbs"> <li id="M201905300"> <p>The moviepass Femm “fertility” app and dis-service spy on users even more than users expected. It <a href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records where they travel before and after going to is secretly a movie</a>. </p> <p>Don't be tracked — pay cash!</p> </li> <li><p>AI-powered driving apps can <a href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move"> track your every move</a>.</p> href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"> tool for propaganda</a> by natalist Christians. It spreads distrust for contraception.</p> <p>It snoops on users, too, as you must expect from nonfree programs.</p> </li> <li><p>The Sarahah app <li id="M201905060"> <p>BlizzCon 2019 imposed a <a href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/"> uploads all href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/"> requirement to run a proprietary phone numbers and email addresses</a> in user's address book app</a> to developer's server. Note that this article misuses be allowed into the words “<a href="/philosophy/free-sw.html">free software</a>” referring to zero price.</p> </li> <li> <p>Facebook's event.</p> <p>This app listens all the time, <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to is a spyware that can snoop on what people are listening a lot of sensitive data, including user's location and contact list, and has <a href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/"> near-complete control</a> over the phone.</p> </li> <li id="M201904131"> <p>Data collected by menstrual and pregnancy monitoring apps is often <a href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance"> available to or watching</a>. In addition, employers and insurance companies</a>. Even though the data is “anonymized and aggregated,” it may can easily be analyzing people's conversations traced back to serve them with targeted advertisements.</p> </li> <li> <p>Faceapp appears the woman who uses the app.</p> <p>This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do lots so. A free-software app that does more or less the same thing without spying on you is available from <a href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a href="https://www.bloomberg.com/news/audio/2019-04-10/building-a-better-period-tracking-app-podcast"> a new one is being developed</a>.</p> </li> <li id="M201903251"> <p>Many Android phones come with a huge number of surveillance, judging by <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much href="https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html"> preinstalled nonfree apps that have access it demands to personal sensitive data in without users' knowledge</a>. These hidden apps may either call home with the device</a>. </p> </li> <li> <p>Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that data, or pass it will</a> pre-install on some of its phones. The app will give Verizon the same information about the users' searches to user-installed apps that Google normally gets when they use its search engine.</p> <p>Currently, have access to the app is <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installed network but no direct access to the data. This results in massive surveillance on only one phone</a>, and which the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware.</p> has absolutely no control.</p> </li> <li><p>The Meitu photo-editing app <li id="M201903201"> <p>A study of 24 “health” apps found that 19 of them <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends user href="https://motherboard.vice.com/en_us/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows"> send sensitive personal data to a Chinese company</a>.</p></li> <li><p>A pregnancy test controller application not only third parties</a>, which can <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy on many sorts of data in the phone, and in server accounts, use it can alter them too</a>. </p></li> <li><p>The Uber app tracks <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients' movements before and after the ride</a>.</p> <p>This example illustrates how “getting the user's consent” for surveillance is inadequate as a protection invasive advertising or discriminating against massive surveillance.</p> people in poor medical condition.</p> <p>Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping.</p> </li> <li><p>Google's new voice messaging app <li id="M201902230"> <p>Facebook offered a convenient proprietary library for building mobile apps, which also <a href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs all conversations</a>.</p> </li> <li><p>Apps href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html"> sent personal data to Facebook</a>. Lots of companies built apps that include <a href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/"> Symphony surveillance software snoop on what radio way and TV programs are playing nearby</a>. Also on what users post on various sites such released them, apparently not realizing that all the personal data they collected would go to Facebook as Facebook, Google+ and Twitter.</p> well.</p> <p>It shows that no one can trust a nonfree program, not even the developers of other nonfree programs.</p> </li> <li><p>Facebook's new Magic Photo app <li id="M201902140"> <p>The AppCensus database gives information on <a href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"> scans your mobile phone's photo collections for known faces</a>, href="https://www.appcensus.mobi"> how Android apps use and suggests you misuse users' personal data</a>. As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the <a href="/proprietary/proprietary-surveillance.html#M201812290"> Advertising ID</a> to share other companies, and <a href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/"> 18,000 (23% of the picture you take according total) link this ID to who hardware identifiers</a>, so that users cannot escape tracking by resetting it.</p> <p>Collecting hardware identifiers is in the frame.</p> <p>This spyware feature apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to require online access to some known-faces database, which means the pictures are likely to be sent across take action. This proves that the wire to Facebook's servers and face-recognition algorithms.</p> <p>If so, none policies of Facebook users' pictures a development platform are private anymore, even if ineffective at preventing nonfree software developers from including malware in their programs.</p> </li> <li id="M201902060"> <p>Many nonfree apps have a surveillance feature for <a href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/"> recording all the user didn't “upload” them to users' actions</a> in interacting with the service.</p> app.</p> </li> <li><p>Like most “music screaming” disservices, Spotify is based <li id="M201902041.1"> <p>Twenty nine “beauty camera” apps that used to be on proprietary malware (DRM and snooping). In August 2015 it Google Play had one or more malicious functionalities, such as <a href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy"> demanded users submit to increased snooping</a>, href="https://www.teleanalysis.com/news/national/these-29-beauty-camera-apps-steal-private-photo-29923"> stealing users' photos</a> instead of “beautifying” them, pushing unwanted and some are starting often malicious ads on users, and redirecting them to realize phishing sites that it is nasty.</p> <p>This article shows stole their credentials. Furthermore, the <a href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/"> twisted ways that they present snooping as a way to “serve” users better</a>—never mind whether they want that. This is a typical example user interface of the attitude most of the proprietary software industry towards those they have subjugated.</p> <p>Out, out, damned Spotify!</p> </li> <li><p>Many proprietary them was designed to make uninstallation difficult.</p> <p>Users should of course uninstall these dangerous apps for mobile devices report which other if they haven't yet, but they should also stay away from nonfree apps the user has installed. <a href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this in general. <em>All</em> nonfree apps carry a way that at least potential risk because there is visible and optional</a>. Not as bad as no easy way of knowing what the others they really do.</p> </li> <li><p>FTC says <li id="M201902010"> <p>An investigation of the 150 most mobile popular gratis VPN apps for children don't respect privacy: in Google Play found that <a href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/"> http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p> </li> <li><p>Widely href="https://www.top10vpn.com/free-vpn-android-app-risk-index/"> 25% fail to protect their users' privacy</a> due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used <a href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary QR-code scanner apps snoop for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well.</p> <p>Moreover, a previous investigation had found that <a href="https://www.top10vpn.com/free-vpn-app-investigation/">half of the user</a>. This top 10 gratis VPN apps have lousy privacy policies</a>.</p> <p>It is in addition unfortunate that these articles talk about “free apps.” These apps are gratis, but they are <em>not</em> <a href="/philosophy/free-sw.html">free software</a>.</p> </li> <li id="M201901050"> <p>The Weather Channel app <a href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling"> stored users' locations to the snooping done by the phone company, and perhaps by company's server</a>. The company is being sued, demanding that it notify the OS in users of what it will do with the phone.</p> <p>Don't be distracted by data.</p> <p>I think that lawsuit is about a side issue. What the question of whether company does with the app developers get users to say “I agree”. That data is no excuse for malware.</p> a secondary issue. The principal wrong here is that the company gets that data at all.</p> <p><a href="https://motherboard.vice.com/en_us/article/gy77wy/stop-using-third-party-weather-apps"> Other weather apps</a>, including Accuweather and WeatherBug, are tracking people's locations.</p> </li> <li><p>The Brightest Flashlight app <li id="M201812290"> <p>Around 40% of gratis Android apps <a href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers"> sends user data, including geolocation, for use by companies.</a></p> <p>The FTC criticized this app because it asked href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report"> report on the user user's actions to approve sending personal Facebook</a>.</p> <p>Often they send the machine's “advertising ID,” so that Facebook can correlate the data to it obtains from the app developer but did not ask same machine via various apps. Some of them send Facebook detailed information about sending it to other companies. This shows the weakness user's activities in the app; others only say that the user is using that app, but that alone is often quite informative.</p> <p>This spying occurs regardless of whether the reject-it-if-you-dislike-snooping “solution” to surveillance: why should user has a flashlight app send any information to anyone? A free software flashlight app would not.</p> Facebook account.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInToys">Spyware in Toys</h4> <span class="anchor-reference-id">(<a href="#SpywareInToys">#SpywareInToys</a>)</span> </div> <ul> <li> <p>A remote-control sex toy was found to make <li id="M201810244"> <p>Some Android apps <a href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio recordings of href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/"> track the conversation between two users</a>.</p> phones of users that have deleted them</a>.</p> </li> <li id="M201808030"> <p>Some Google apps on Android <a href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile"> record the user's location even when users disable “location tracking”</a>.</p> <p>There are other ways to turn off the other kinds of location tracking, but most users will be tricked by the misleading control.</p> </li> <li id="M201806110"> <p>The Spanish football streaming app <a href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks the user's movements and listens through the microphone</a>.</p> <p>This makes them act as spies for licensing enforcement.</p> <p>I expect it implements DRM, too—that there is no way to save a recording. But I can't be sure from the article.</p> <p>If you learn to care much less about sports, you will benefit in many ways. This is one more.</p> </li> <li id="M201804160"> <p>More than <a href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50% of the 5,855 Android apps studied by researchers were found to snoop and collect information about its users</a>. 40% of the apps were found to insecurely snitch on its users. Furthermore, they could detect only some methods of snooping, in these proprietary apps whose source code they cannot look at. The other apps might be snooping in other ways.</p> <p>This is evidence that proprietary apps generally work against their users. To protect their privacy and freedom, Android users need to get rid of the proprietary software—both proprietary Android by <a href="https://replicant.us">switching to Replicant</a>, and the proprietary apps by getting apps from the free software only <a href="https://f-droid.org/">F-Droid store</a> that <a href="https://f-droid.org/wiki/page/Antifeatures"> prominently warns the user if an app contains anti-features</a>.</p> </li> <li id="M201804020"> <p>Grindr collects information about <a href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status"> which users are HIV-positive, then provides the information to companies</a>.</p> <p>Grindr should not have so much information about its users. It could be designed so that users communicate such info to each other but not to the server's database.</p> </li> <li id="M201803050"> <p>The moviepass app and dis-service spy on users even more than users expected. It <a href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records where they travel before and after going to a movie</a>.</p> <p>Don't be tracked—pay cash!</p> </li> <li id="M201711240"> <p>Tracking software in popular Android apps is pervasive and sometimes very clever. Some trackers can <a href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/"> follow a user's movements around a physical store by noticing WiFi networks</a>.</p> </li> <li id="M201708270"> <p>The Sarahah app <a href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/"> uploads all phone numbers and email addresses</a> in user's address book to developer's server. Note that this article misuses the words “<a href="/philosophy/free-sw.html">free software</a>” referring to zero price.</p> </li> <li id="M201707270"> <p>20 dishonest Android apps recorded <a href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone calls and sent them and text messages and emails to snoopers</a>.</p> <p>Google did not intend to make these apps spy; on the contrary, it worked in various ways to prevent that, and deleted these apps after discovering what they did. So we cannot blame Google specifically for the snooping of these apps.</p> <p>On the other hand, Google redistributes nonfree Android apps, and therefore shares in the responsibility for the injustice of their being nonfree. It also distributes its own nonfree apps, such as Google Play, <a href="/philosophy/free-software-even-more-important.html">which are malicious</a>.</p> <p>Could Google have done a better job of preventing apps from cheating? There is no systematic way for Google, or Android users, to inspect executable proprietary apps to see what they do.</p> <p>Google could demand the source code for these apps, and study the source code somehow to determine whether they mistreat users in various ways. If it did a good job of this, it could more or less prevent such snooping, except when the app developers are clever enough to outsmart the checking.</p> <p>But since Google itself develops malicious apps, we cannot trust Google to protect us. We must demand release of source code to the public, so we can depend on each other.</p> </li> <li id="M201705230"> <p>Apps for BART <a href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/"> snoop on users</a>.</p> <p>With free software apps, users could <em>make sure</em> that they don't snoop.</p> <p>With proprietary apps, one can only hope that they don't.</p> </li> <li id="M201705040"> <p>A study found 234 Android apps that track users by <a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening to ultrasound from beacons placed in stores or played by TV programs</a>.</p> </li> <li id="M201704260"> <p>Faceapp appears to do lots of surveillance, judging by <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/"> how much access it demands to personal data in the device</a>.</p> </li> <li id="M201704190"> <p>Users are suing Bose for <a href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a spyware app for its headphones</a>. Specifically, the app would record the names of the audio files users listen to along with the headphone's unique serial number.</p> <p>The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should be flat out <a href="/philosophy/surveillance-vs-democracy.html"> illegal to design the app to snoop at all</a>.</p> </li> <li id="M201704074"> <p>Pairs of Android apps can collude to transmit users' personal data to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found tens of thousands of pairs that collude</a>.</p> </li> <li id="M201703300"> <p>Verizon <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones"> announced an opt-in proprietary search app that it will</a> pre-install on some of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine.</p> <p>Currently, the app is <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware"> being pre-installed on only one phone</a>, and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware.</p> </li> <li id="M201701210"> <p>The Meitu photo-editing app <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends user data to a Chinese company</a>.</p> </li> <li id="M201611280"> <p>The Uber app tracks <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients' movements before and after the ride</a>.</p> <p>This example illustrates how “getting the user's consent” for surveillance is inadequate as a protection against massive surveillance.</p> </li> <li id="M201611160"> <p>A <a href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf"> research paper</a> that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.”</p> <p>Following is a non-exhaustive list, taken from the research paper, of some proprietary VPN apps that track users and infringe their privacy:</p> <dl class="compact"> <dt>SurfEasy</dt> <dd>Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads.</dd> <dt>sFly Network Booster</dt> <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code> permissions upon installation, meaning it has full access to users' text messages.</dd> <dt>DroidVPN and TigerVPN</dt> <dd>Requests the <code>READ_LOGS</code> permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this.</dd> <dt>HideMyAss</dt> <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested.</dd> <dt>VPN Services HotspotShield</dt> <dd>Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly five tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website).</dd> <dt>WiFi Protector VPN</dt> <dd>Injects JavaScript code into HTML pages, and also uses roughly five tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking the user and displaying ads.</dd> </dl> </li> <li id="M201609210"> <p>Google's new voice messaging app <a href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs all conversations</a>.</p> </li> <li id="M201606050"> <p>Facebook's new Magic Photo app <a href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/"> scans your mobile phone's photo collections for known faces</a>, and suggests you to share the picture you take according to who is in the frame.</p> <p>This spyware feature seems to require online access to some known-faces database, which means the pictures are likely to be sent across the wire to Facebook's servers and face-recognition algorithms.</p> <p>If so, none of Facebook users' pictures are private anymore, even if the user didn't “upload” them to the service.</p> </li> <li id="M201605310"> <p>Facebook's app listens all the time, <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to snoop on what people are listening to or watching</a>. In addition, it may be analyzing people's conversations to serve them with targeted advertisements.</p> </li> <li id="M201604250"> <p>A pregnancy test controller application not only can <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security"> spy on many sorts of data in the phone, and in server accounts, it can alter them too</a>.</p> </li> <li id="M201601130"> <p>Apps that include <a href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/"> Symphony surveillance software snoop on what radio and TV programs are playing nearby</a>. Also on what users post on various sites such as Facebook, Google+ and Twitter.</p> </li> <li id="M201511190"> <p>“Cryptic communication,” unrelated to the app's functionality, was <a href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119"> found in the 500 most popular gratis Android apps</a>.</p> <p>The article should not have described these apps as “free”—they are not free software. The clear way to say “zero price” is “gratis.”</p> <p>The article takes for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any other snooping.</p> </li> <li id="M201510300"> <p>More than 73% and 47% of mobile applications, from Android and iOS respectively <a href="https://techscience.org/a/2015103001/">share personal, behavioral and location information</a> of their users with third parties.</p> </li> <li id="M201508210"> <p>Like most “music screaming” disservices, Spotify is based on proprietary malware (DRM and snooping). In August 2015 it <a href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy"> demanded users submit to increased snooping</a>, and some are starting to realize that it is nasty.</p> <p>This article shows the <a href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/"> twisted ways that they present snooping as a way to “serve” users better</a>—never mind whether they want that. This is a typical example of the attitude of the proprietary software industry towards those they have subjugated.</p> <p>Out, out, damned Spotify!</p> </li> <li id="M201506264"> <p><a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study in 2015</a> found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%.</p> <p>The article confusingly describes gratis apps as “free”, but most of them are not in fact <a href="/philosophy/free-sw.html">free software</a>. It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly.</p> </li> <li id="M201505060"> <p>Gratis Android apps (but not <a href="/philosophy/free-sw.html">free software</a>) connect to 100 <a href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking and advertising</a> URLs, on the average.</p> </li> <li id="M201504060"> <p>Widely used <a href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary QR-code scanner apps snoop on the user</a>. This is in addition to the snooping done by the phone company, and perhaps by the OS in the phone.</p> <p>Don't be distracted by the question of whether the app developers get users to say “I agree”. That is no excuse for malware.</p> </li> <li id="M201411260"> <p>Many proprietary apps for mobile devices report which other apps the user has installed. <a href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter is doing this in a way that at least is visible and optional</a>. Not as bad as what the others do.</p> </li> <li id="M201401150.1"> <p>The Simeji keyboard is a smartphone version of Baidu's <a href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr title="Input Method Editor">IME</abbr></a>.</p> </li> <li id="M201312270"> <p>The nonfree Snapchat app's principal purpose is to restrict the use of data on the user's computer, but it does surveillance too: <a href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"> it tries to get the user's list of other people's phone numbers</a>.</p> </li> <li id="M201312060"> <p>The Brightest Flashlight app <a href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers"> sends user data, including geolocation, for use by companies</a>.</p> <p>The FTC criticized this app because it asked the user to approve sending personal data to the app developer but did not ask about sending it to other companies. This shows the weakness of the reject-it-if-you-dislike-snooping “solution” to surveillance: why should a flashlight app send any information to anyone? A free software flashlight app would not.</p> </li> <li id="M201212100"> <p>FTC says most mobile apps for children don't respect privacy: <a href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/"> http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInSkype">Skype</h4> <span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span> </div> <ul class="blurbs"> <li id="M201307110"> <p>Skype contains <a href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>. Microsoft changed Skype <a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data"> specifically for spying</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInGames">Games</h4> <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span> </div> <ul class="blurbs"> <li id="M201806240"> <p>Red Shell is a spyware that is found in many proprietary games. It <a href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/"> tracks data on users' computers and sends it to third parties</a>.</p> </li> <li id="M201804144"> <p>ArenaNet surreptitiously installed a spyware program along with an update to the massive multiplayer game Guild Wars 2. The spyware allowed ArenaNet <a href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave"> to snoop on all open processes running on its user's computer</a>.</p> </li> <li id="M201711070"> <p>The driver for a certain gaming keyboard <a href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends information to China</a>.</p> </li> <li id="M201512290"> <p>Many <a href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/"> video game consoles snoop on their users and report to the internet</a>—even what their users weigh.</p> <p>A game console is a computer, and you can't trust a computer with a nonfree operating system.</p> </li> <li id="M201509160"> <p>Modern gratis game cr…apps <a href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/"> collect a wide range of data about their users and their users' friends and associates</a>.</p> <p>Even nastier, they do it through ad networks that merge the data collected by various cr…apps and sites made by different companies.</p> <p>They use this data to manipulate people to buy things, and hunt for “whales” who can be led to spend a lot of money. They also use a back door to manipulate the game play for specific players.</p> <p>While the article describes gratis games, games that cost money can use the same tactics.</p> </li> <li id="M201401280"> <p>Angry Birds <a href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html"> spies for companies, and the NSA takes advantage to spy through it too</a>. Here's information on <a href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html"> more spyware apps</a>.</p> <p><a href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data"> More about NSA app spying</a>.</p> </li> <li id="M200510200"> <p>Blizzard Warden is a hidden “cheating-prevention” program that <a href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware"> spies on every process running on a gamer's computer and sniffs a good deal of personal data</a>, including lots of activities which have nothing to do with cheating.</p> </li> </ul> <div class="big-section"> <h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3> <span class="anchor-reference-id">(<a href="#SpywareInEquipment">#SpywareInEquipment</a>)</span> </div> <div style="clear: left;"></div> <ul class="blurbs"> <li id="M201708280"> <p>The bad security in many Internet of Stings devices allows <a href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs to snoop on the people that use them</a>.</p> <p>Don't be a sucker—reject all the stings.</p> <p>It is unfortunate that the article uses the term <a href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInTVSets">TV Sets</h4> <span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span> </div> <p>Emo Phillips made a joke: The other day a woman came up to me and said, “Didn't I see you on television?” I said, “I don't know. You can't see out the other way.” Evidently that was before Amazon “smart” TVs.</p> <ul class="blurbs"> <li id="M201901070"> <p>Vizio TVs <a href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019"> collect “whatever the TV sees,”</a> in the own words of the company's CTO, and this data is sold to third parties. This is in return for “better service” (meaning more intrusive ads?) and slightly lower retail prices.</p> <p>What is supposed to make this spying acceptable, according to him, is that it is opt-in in newer models. But since the Vizio software is nonfree, we don't know what is actually happening behind the scenes, and there is no guarantee that all future updates will leave the settings unchanged.</p> <p>If you already own a Vizio smart TV (or any smart TV, for that matter), the easiest way to make sure it isn't spying on you is to disconnect it from the Internet, and use a terrestrial antenna instead. Unfortunately, this is not always possible. Another option, if you are technically oriented, is to get your own router (which can be an old computer running completely free software), and set up a firewall to block connections to Vizio's servers. Or, as a last resort, you can replace your TV with another model.</p> </li> <li id="M201804010"> <p>Some “Smart” TVs automatically <a href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928"> load downgrades that install a surveillance app</a>.</p> <p>We link to the article for the facts it presents. It is too bad that the article finishes by advocating the moral weakness of surrendering to Netflix. The Netflix app <a href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is malware too</a>.</p> </li> <li id="M201702060"> <p>Vizio “smart” <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs report everything that is viewed on them, and not just broadcasts and cable</a>. Even if the image is coming from the user's own computer, the TV reports what it is. The existence of a way to disable the surveillance, even if it were not hidden as it was in these TVs, does not legitimize the surveillance.</p> </li> <li id="M201511130"> <p>Some web and TV advertisements play inaudible sounds to be picked up by proprietary malware running on other devices in range so as to determine that they are nearby. Once your Internet devices are paired with your TV, advertisers can correlate ads with Web activity, and other <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/"> cross-device tracking</a>.</p> </li> <li id="M201511060"> <p>Vizio goes a step further than other TV manufacturers in spying on their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you"> “smart” TVs analyze your viewing habits in detail and link them your IP address</a> so that advertisers can track you across devices.</p> <p>It is possible to turn this off, but having it enabled by default is an injustice already.</p> </li> <li id="M201511020"> <p>Tivo's alliance with Viacom adds 2.3 million households to the 600 millions social media profiles the company already monitors. Tivo customers are unaware they're being watched by advertisers. By combining TV viewing information with online social media participation, Tivo can now <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102"> correlate TV advertisement with online purchases</a>, exposing all users to new combined surveillance by default.</p> </li> <li> <p>The <li id="M201507240"> <p>Vizio “smart” toys My Friend Cayla TVs recognize and i-Que transmit <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's conversations to Nuance Communications</a>, a speech recognition company based in the U.S.</p> <p>Those toys also contain major security vulnerabilities; crackers can remotely control the toys with href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what people are watching</a>, even if it isn't a mobile phone. This would enable crackers to listen in TV channel.</p> </li> <li id="M201505290"> <p>Verizon cable TV <a href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"> snoops on a child's speech, what programs people watch, and even speak into the toys themselves.</p> what they wanted to record</a>.</p> </li> <li> <p>A computerized vibrator <li id="M201504300"> <p>Vizio <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack"> was snooping on href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html"> used a firmware “upgrade” to make its TVs snoop on what users through the proprietary control app</a>.</p> watch</a>. The TVs did not do that when first sold.</p> </li> <li id="M201502090"> <p>The app was reporting the temperature of Samsung “Smart” TV <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm"> transmits users' voice on the vibrator minute by minute (thus, indirectly, whether internet to another company, Nuance</a>. Nuance can save it was surrounded by a person's body), as well as the vibration frequency.</p> <p>Note the totally inadequate proposed response: a labeling standard with which manufacturers and would make statements about their products, rather than free software which users could then have checked and changed.</p> <p>The company that made the vibrator <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit"> was sued for collecting lots of personal information about how people used it</a>.</p> <p>The company's statement that to give it was anonymizing to the data may US or some other government.</p> <p>Speech recognition is not to be true, but it doesn't really matter. If trusted unless it had sold the data to a data broker, the is done by free software in your own computer.</p> <p>In its privacy policy, Samsung explicitly confirms that <a href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice data broker would have been able containing sensitive information will be transmitted to figure out who the user was.</p> <p>Following this lawsuit, third parties</a>.</p> </li> <li id="M201411090"> <p>The Amazon “Smart” TV is <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"> href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance"> snooping all the company has been ordered to pay a total of C$4m</a> to its customers.</p> time</a>.</p> </li> <li><p> “CloudPets” toys with microphones <li id="M201409290"> <p>More or less all “smart” TVs <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak childrens' conversations href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy on their users</a>.</p> <p>The report was as of 2014, but we don't expect this has got better.</p> <p>This shows that laws requiring products to the manufacturer</a>. Guess what? <a href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers found get users' formal consent before collecting personal data are totally inadequate. And what happens if a way to access the data</a> collected by the manufacturer's snooping.</p> <p>That the manufacturer and user declines consent? Probably the FBI could listen TV will say, “Without your consent to these conversations was unacceptable by itself.</p></li> <li><p>Barbie <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is going tracking, the TV will not work.”</p> <p>Proper laws would say that TVs are not allowed to spy on children and adults</a>.</p> report what the user watches—no exceptions!</p> </li> </ul> <!-- #SpywareOnSmartWatches --> <!-- WEBMASTERS: make sure to place new items on top under each subsection --> <div class="big-section"> <h3 id="SpywareOnSmartWatches">Spyware on “Smart” Watches</h3> <span class="anchor-reference-id"> (<a href="#SpywareOnSmartWatches">#SpywareOnSmartWatches</a>)</span> </div> <div style="clear: left;"></div> <ul> <li> <p>An <li id="M201405200"> <p>Spyware in LG “smart” watch is designed TVs <a href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html"> to report its location to someone else href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html"> reports what the user watches, and the switch to transmit conversations too</a>.</p> </li> <li> <p>A very cheap “smart watch” comes with an Android app <a href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/"> turn this off has no effect</a>. (The fact that the transmission reports a 404 error really means nothing; the server could save that connects to an unidentified site in China</a>.</p> <p>The article says this is data anyway.)</p> <p>Even worse, it <a href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/"> snoops on other devices on the user's local network</a>.</p> <p>LG later said it had installed a back door, patch to stop this, but that any product could be a misunderstanding. However, it is certainly surveillance, at least.</p> spy this way.</p> <p>Meanwhile, LG TVs <a href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml"> do lots of spying anyway</a>.</p> </li> </ul> <!-- #SpywareAtLowLevel --> <!-- WEBMASTERS: make sure <li id="M201212170"> <p id="break-security-smarttv"><a href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html"> Crackers found a way to place new items break security on top under each subsection --> <div class="big-section"> <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3> <span class="anchor-reference-id">(<a href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span> </div> <div style="clear: left;"></div> a “smart” TV</a> and use its camera to watch the people who are watching TV.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInBIOS">Spyware in BIOS</h4> id="SpywareInCameras">Cameras</h4> <span class="anchor-reference-id">(<a href="#SpywareInBIOS">#SpywareInBIOS</a>)</span> href="#SpywareInCameras">#SpywareInCameras</a>)</span> </div> <ul> <li><p> <ul class="blurbs"> <li id="M201901100"> <p>Amazon Ring “security” devices <a href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html"> Lenovo stealthily installed crapware and spyware via BIOS</a> on Windows installs. Note href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/"> send the video they capture to Amazon servers</a>, which save it long-term.</p> <p>In many cases, the video shows everyone that comes near, or merely passes by, the specific sabotage method Lenovo user's front door.</p> <p>The article focuses on how Ring used did not affect GNU/Linux; also, to let individual employees look at the videos freely. It appears Amazon has tried to prevent that secondary abuse, but the primary abuse—that Amazon gets the video—Amazon expects society to surrender to.</p> </li> <li id="M201810300"> <p>Nearly all “home security cameras” <a href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/"> give the manufacturer an unencrypted copy of everything they see</a>. “Home insecurity camera” would be a “clean” Windows install is better name!</p> <p>When Consumer Reports tested them, it suggested that these manufacturers promise not really clean since <a href="/proprietary/malware-microsoft.html">Microsoft puts to look at what's in its own malware</a>. </p></li> </ul> <!-- #SpywareAtWork --> <!-- WEBMASTERS: make the videos. That's not security for your home. Security means making sure they don't get to place new items on top under each subsection --> <div class="big-section"> <h3 id="SpywareAtWork">Spyware at Work</h3> <span class="anchor-reference-id">(<a href="#SpywareAtWork">#SpywareAtWork</a>)</span> </div> <div style="clear: left;"></div> <ul> <li><p>Investigation Shows see through your camera.</p> </li> <li id="M201603220"> <p>Over 70 brands of network-connected surveillance cameras have <a href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"> security bugs that allow anyone to watch through them</a>.</p> </li> <li id="M201511250"> <p>The Nest Cam “smart” camera is <a href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ Using US Companies, NSA To Route Around Domestic Surveillance Restrictions</a>.</p> <p>Specifically, href="http://www.bbc.com/news/technology-34922712">always watching</a>, even when the “owner” switches it can collect “off.”</p> <p>A “smart” device means the emails of members of Parliament this way, because they pass manufacturer is using it through Microsoft.</p></li> <li><p>Spyware in Cisco TNP IP phones: <a href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html"> http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p> to outsmart you.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInSkype">Spyware in Skype</h4> id="SpywareInToys">Toys</h4> <span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span> href="#SpywareInToys">#SpywareInToys</a>)</span> </div> <ul> <li><p>Spyware in Skype: <ul class="blurbs"> <li id="M201711244"> <p>The Furby Connect has a <a href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/"> http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>. Microsoft changed Skype href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect"> universal back door</a>. If the product as shipped doesn't act as a listening device, remote changes to the code could surely convert it into one.</p> </li> <li id="M201711100"> <p>A remote-control sex toy was found to make <a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data"> specifically for spying</a>.</p> href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio recordings of the conversation between two users</a>.</p> </li> </ul> <!-- #SpywareOnTheRoad --> <!-- WEBMASTERS: <li id="M201703140"> <p>A computerized vibrator <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack"> was snooping on its users through the proprietary control app</a>.</p> <p>The app was reporting the temperature of the vibrator minute by minute (thus, indirectly, whether it was surrounded by a person's body), as well as the vibration frequency.</p> <p>Note the totally inadequate proposed response: a labeling standard with which manufacturers would make sure statements about their products, rather than free software which users could have checked and changed.</p> <p>The company that made the vibrator <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit"> was sued for collecting lots of personal information about how people used it</a>.</p> <p>The company's statement that it was anonymizing the data may be true, but it doesn't really matter. If it had sold the data to a data broker, the data broker would have been able to figure out who the user was.</p> <p>Following this lawsuit, <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"> the company has been ordered to pay a total of C$4m</a> to place new items on top under each subsection --> <div class="big-section"> <h3 id="SpywareOnTheRoad">Spyware on The Road</h3> <span class="anchor-reference-id">(<a href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span> </div> <div style="clear: left;"></div> <div class="big-subsection"> <h4 id="SpywareInCameras">Spyware in Cameras</h4> <span class="anchor-reference-id">(<a href="#SpywareInCameras">#SpywareInCameras</a>)</span> </div> <ul> <li> <p>Every “home security” camera, if its manufacturer can communicate customers.</p> </li> <li id="M201702280"> <p>“CloudPets” toys with it, is a surveillance device. microphones <a href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change"> Canary camera is an example</a>.</p> <p>The article describes wrongdoing by href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults"> leak childrens' conversations to the manufacturer, based on manufacturer</a>. Guess what? <a href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings"> Crackers found a way to access the fact that data</a> collected by the device is tethered to a server.</p> <p><a href="/proprietary/proprietary-tethers.html">More about proprietary tethering</a>.</p> <p>But it also demonstrates that manufacturer's snooping.</p> <p>That the device gives manufacturer and the company surveillance capability.</p> FBI could listen to these conversations was unacceptable by itself.</p> </li> <li> <li id="M201612060"> <p>The Nest Cam “smart” camera is toys My Friend Cayla and i-Que transmit <a href="http://www.bbc.com/news/technology-34922712">always watching</a>, even when href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's conversations to Nuance Communications</a>, a speech recognition company based in the “owner” switches it “off.”</p> <p>A “smart” device means U.S.</p> <p>Those toys also contain major security vulnerabilities; crackers can remotely control the manufacturer is using it toys with a mobile phone. This would enable crackers to outsmart you.</p> listen in on a child's speech, and even speak into the toys themselves.</p> </li> <li id="M201502180"> <p>Barbie <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is going to spy on children and adults</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4> id="SpywareInDrones">Drones</h4> <span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span> href="#SpywareInDrones">#SpywareInDrones</a>)</span> </div> <ul> <li><p>E-books can contain JavaScript code, and <a href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes this code snoops on readers</a>.</p> </li> <li><p>Spyware in many e-readers—not only the Kindle: <a href="https://www.eff.org/pages/reader-privacy-chart-2012"> they report even which page the user reads at what time</a>.</p> </li> <li><p>Adobe made “Digital Editions,” the e-reader used by most US libraries, <a href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/"> send lots of data to Adobe</a>. Adobe's “excuse”: it's needed <ul class="blurbs"> <li id="M201708040"> <p>While you're using a DJI drone to check DRM!</p> snoop on other people, DJI is in many cases <a href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping on you</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInVehicles">Spyware in Vehicles</h4> <span id="SpywareAtHome">Other Appliances</h4><span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span> href="#SpywareAtHome">#SpywareAtHome</a>)</span> </div> <ul> <li><p>Computerized cars with nonfree software are <a href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html"> snooping devices</a>.</p> </li> <ul class="blurbs"> <li id="nissan-modem"><p>The Nissan Leaf has id="M201905061"> <p>Amazon Alexa collects a built-in cell phone modem which allows effectively anyone <a href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to access its computers remotely lot more information from users than is necessary for correct functioning (time, location, recordings made without a legitimate prompt), and make changes in various settings</a>.</p> <p>That's easy sends it to do because the system has no authentication when accessed through the modem. However, Amazon's servers, which store it indefinitely. Even worse, Amazon forwards it to third-party companies. Thus, even if it asked for authentication, you couldn't users request deletion of their data from Amazon's servers, <a href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php"> the data remain on other servers</a>, where they can be confident that Nissan accessed by advertising companies and government agencies. In other words, deleting the collected information doesn't cancel the wrong of collecting it.</p> <p>Data collected by devices such as the Nest thermostat, the Philips Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos speakers are likewise stored longer than necessary on the servers the devices are tethered to. Moreover, they are made available to Alexa. As a result, Amazon has no access. The software a very precise picture of users' life at home, not only in the car is proprietary, present, but in the past (and, who knows, in the future too?)</p> </li> <li id="M201904240"> <p>Some of users' commands to the Alexa service are <a href="/philosophy/free-software-even-more-important.html">which means it demands blind faith from its users</a>.</p> <p>Even if no one connects href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html"> recorded for Amazon employees to listen to</a>. The Google and Apple voice assistants do similar things.</p> <p>A fraction of the car remotely, Alexa service staff even has access to <a href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788"> location and other personal data</a>.</p> <p>Since the cell phone modem enables client program is nonfree, and data processing is done “<a href="/philosophy/words-to-avoid.html#CloudComputing">in the phone company cloud</a>” (a soothing way of saying “We won't tell you how and where it's done”), users have no way to track the car's movements all the time; it is possible know what happens to physically remove the cell phone modem though.</p> recordings unless human eavesdroppers <a href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033"> break their non-disclosure agreements</a>.</p> </li> <li id="records-drivers"><p>Proprietary software in cars id="M201902080"> <p>The HP <a href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records information about drivers' movements</a>, which is made available href="https://boingboing.net/2019/02/08/inkjet-dystopias.html"> “ink subscription” cartridges have DRM that constantly communicates with HP servers</a> to car manufacturers, insurance companies, and others.</p> <p>The case of toll-collection systems, mentioned in this article, make sure the user is not really a matter of proprietary surveillance. These systems are an intolerable invasion of privacy, still paying for the subscription, and should be replaced with anonymous payment systems, but hasn't printed more pages than were paid for.</p> <p>Even though the invasion isn't done by malware. The other cases mentioned are done by proprietary malware ink subscription program may be cheaper in some specific cases, it spies on users, and involves totally unacceptable restrictions in the car.</p></li> <li><p>Tesla cars allow the company use of ink cartridges that would otherwise be in working order.</p> </li> <li id="M201808120"> <p>Crackers found a way to extract data remotely and determine break the car's location at any time. (See <a href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf"> Section 2, paragraphs b security of an Amazon device, and c.</a>). The company says <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html"> turn it doesn't store this information, but into a listening device</a> for them.</p> <p>It was very difficult for them to do this. The job would be much easier for Amazon. And if some government such as China or the state orders it US told Amazon to get do this, or cease to sell the data and hand it over, product in that country, do you think Amazon would have the state can store it.</p> </li> </ul> <!-- #SpywareAtHome --> <!-- WEBMASTERS: make sure moral fiber to place new items on top under each subsection --> <div class="big-section"> <h3 id="SpywareAtHome">Spyware at Home</h3> <span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span> </div> <div style="clear: left;"></div> <ul> <li><p>Lots say no?</p> <p>These crackers are probably hackers too, but please <a href="https://stallman.org/articles/on-hacking.html"> don't use “hacking” to mean “breaking security”</a>.</p> </li> <li id="M201804140"> <p>A medical insurance company <a href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next"> offers a gratis electronic toothbrush that snoops on its user by sending usage data back over the Internet</a>.</p> </li> <li id="M201706204"> <p>Lots of “smart” products are designed <a href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to listen to everyone in the house, all the time</a>.</p> <p>Today's technological practice does not include any way of making a device that can obey your voice commands without potentially spying on you. Even if it is air-gapped, it could be saving up records about you for later examination.</p> </li> <li><p>Nest <li id="M201407170"> <p id="nest-thermometers">Nest thermometers send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of data about the user</a>.</p> </li> <li><p><a <li id="M201310260"> <p><a href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm"> Rent-to-own computers were programmed to spy on their renters</a>.</p> </li> </ul> <div class="big-subsection"> <h4 id="SpywareInTVSets">Spyware in TV Sets</h4> id="SpywareOnWearables">Wearables</h4> <span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span> href="#SpywareOnWearables">#SpywareOnWearables</a>)</span> </div> <p>Emo Phillips made a joke: The other day a woman came up to me and said, “Didn't I see you on television?” I said, “I don't know. You can't see out the other way.” Evidently that was before Amazon “smart” TVs.</p> <ul> <li> <p>Vizio “smart” <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs report everything that is viewed on them, and not just broadcasts and cable</a>. Even if the image is coming from the user's own computer, the TV reports what it is. The existence of a way to disable the surveillance, even if it were not hidden as it was in these TVs, does not legitimize the surveillance.</p> </li> <li><p>More or less all “smart” TVs <ul class="blurbs"> <li id="M201807260"> <p>Tommy Hilfiger clothing <a href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy on their users</a>.</p> <p>The report was as of 2014, but we don't expect this has got better.</p> href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will monitor how often people wear it</a>.</p> <p>This shows that laws requiring products to get users' formal consent before collecting personal data are totally inadequate. And what happens if a user declines consent? Probably the TV will say, “Without your consent to tracking, teach the TV will not work.”</p> <p>Proper laws would say that TVs are not allowed sheeple to report find it normal that companies monitor every aspect of what the user watches — no exceptions!</p> they do.</p> </li> <li><p>Vizio goes a step further than other TV manufacturers in spying on their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you"> “smart” TVs analyze your viewing habits in detail and link them your IP address</a> so </ul> <h5 id="SpywareOnSmartWatches">“Smart” Watches</h5> <ul class="blurbs"> <li id="M201603020"> <p>A very cheap “smart watch” comes with an Android app <a href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/"> that advertisers can track you across devices.</p> <p>It is possible connects to turn an unidentified site in China</a>.</p> <p>The article says this off, is a back door, but having that could be a misunderstanding. However, it enabled by default is an injustice already.</p> certainly surveillance, at least.</p> </li> <li><p>Tivo's alliance with Viacom adds 2.3 million households to the 600 millions social media profiles the company already monitors. Tivo customers are unaware they're being watched by advertisers. By combining TV viewing information with online social media participation, Tivo can now <li id="M201407090"> <p>An LG “smart” watch is designed <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate TV advertisement with online purchases</a>, exposing all users to new combined surveillance by default.</p></li> <li><p>Some web and TV advertisements play inaudible sounds href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html"> to be picked up by proprietary malware running on other devices in range so as report its location to determine that they are nearby. Once your Internet devices are paired with your TV, advertisers can correlate ads with Web activity, someone else and other <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device tracking</a>.</p> to transmit conversations too</a>.</p> </li> <li><p>Vizio “smart” TVs recognize </ul> <div class="big-subsection"> <h4 id="SpywareInVehicles">Vehicles</h4> <span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span> </div> <ul class="blurbs"> <li id="M201903290"> <p>Tesla cars collect lots of personal data, and <a href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what people are watching</a>, even if it isn't href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html"> when they go to a TV channel.</p> </li> <li><p>The Amazon “Smart” TV <a href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is snooping all junkyard the time</a>.</p> driver's personal data goes with them</a>.</p> </li> <li><p>The Samsung “Smart” TV <li id="M201902011"> <p>The FordPass Connect feature of some Ford vehicles has <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits users' voice on href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html"> near-complete access to the internet internal car network</a>. It is constantly connected to another company, Nuance</a>. Nuance can save it the cellular phone network and sends Ford a lot of data, including car location. This feature operates even when the ignition key is removed, and would then users report that they can't disable it.</p> <p>If you own one of these cars, have to give it to you succeeded in breaking the US connectivity by disconnecting the cellular modem, or some other government.</p> <p>Speech recognition wrapping the antenna in aluminum foil?</p> </li> <li id="M201811300"> <p>In China, it is not mandatory for electric cars to be trusted unless it is done by free software in your own computer.</p> <p>In its privacy policy, Samsung explicitly confirms equipped with a terminal that <a href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice data containing sensitive information will be transmitted href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca"> transfers technical data, including car location, to third parties</a>.</p> </li> <li><p>Spyware in a government-run platform</a>. In practice, <a href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html"> LG “smart” TVs</a> reports what the user watches, and the switch to turn href="/proprietary/proprietary-surveillance.html#car-spying"> manufacturers collect this off has no effect. (The fact that data</a> as part of their own spying, then forward it to the transmission reports a 404 error really means nothing; government-run platform.</p> </li> <li id="M201810230"> <p>GM <a href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html"> tracked the server choices of radio programs</a> in its “connected” cars, minute by minute.</p> <p>GM did not get users' consent, but it could save have got that data anyway.)</p> <p>Even worse, easily by sneaking it <a href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/"> snoops on other devices on into the user's local network.</a></p> <p>LG later said it had installed a patch to stop this, but any product could spy this way.</p> <p>Meanwhile, LG TVs <a href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml"> do contract that users sign for some digital service or other. A requirement for consent is effectively no protection.</p> <p>The cars can also collect lots of spying anyway</a>.</p> </li> <li> <p><a href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon cable TV snoops on what programs people watch, and even what they wanted other data: listening to record.</a></p> </li> </ul> <!-- #SpywareInGames --> <div class="big-section"> <h3 id="SpywareInGames">Spyware in Games</h3> <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span> </div> <div style="clear: left;"></div> <ul> <li> <p>The driver for a certain gaming keyboard you, watching you, following your movements, tracking passengers' cell phones. <em>All</em> such data collection should be forbidden.</p> <p>But if you really want to be safe, we must make sure the car's hardware cannot collect any of that data, or that the software is free so we know it won't collect any of that data.</p> </li> <li id="M201711230"> <p>AI-powered driving apps can <a href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends information to China</a>.</p> href="https://motherboard.vice.com/en_us/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move"> track your every move</a>.</p> </li> <li><p>nVidia's proprietary GeForce Experience <li id="M201607160"> <p id="car-spying">Computerized cars with nonfree software are <a href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes users identify themselves and then sends personal data about them to nVidia servers</a>.</p> href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html"> snooping devices</a>.</p> </li> <li><p>Angry Birds <li id="M201602240"> <p id="nissan-modem">The Nissan Leaf has a built-in cell phone modem which allows effectively anyone to <a href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html"> spies for companies, href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/"> access its computers remotely and the NSA takes advantage make changes in various settings</a>.</p> <p>That's easy to spy do because the system has no authentication when accessed through the modem. However, even if it too</a>. Here's information on <a href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html"> more spyware apps</a>.</p> <p><a href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data"> More about NSA app spying</a>.</p> </li> <li><p>Many asked for authentication, you couldn't be confident that Nissan has no access. The software in the car is proprietary, <a href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/"> video game consoles snoop on their users and report href="/philosophy/free-software-even-more-important.html">which means it demands blind faith from its users</a>.</p> <p>Even if no one connects to the internet</a>— even what their users weigh.</p> <p>A game console car remotely, the cell phone modem enables the phone company to track the car's movements all the time; it is a computer, and you can't trust a computer with a nonfree operating system.</p> possible to physically remove the cell phone modem, though.</p> </li> <li><p>Modern gratis game cr…apps <a href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/"> collect a wide range of <li id="M201306140"> <p>Tesla cars allow the company to extract data about their users remotely and their users' friends determine the car's location at any time. (See Section 2, paragraphs b and associates</a>.</p> <p>Even nastier, they do c of the <a href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf"> privacy statement</a>.) The company says it through ad networks that merge doesn't store this information, but if the state orders it to get the data collected by various cr…apps and sites hand it over, the state can store it.</p> </li> <li id="M201303250"> <p id="records-drivers">Proprietary software in cars <a href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/"> records information about drivers' movements</a>, which is made by different companies.</p> <p>They use this data to manipulate people available to buy things, car manufacturers, insurance companies, and hunt for “whales” who can be led to spend a lot others.</p> <p>The case of money. They also use toll-collection systems, mentioned in this article, is not really a back door to manipulate the game play for specific players.</p> <p>While matter of proprietary surveillance. These systems are an intolerable invasion of privacy, and should be replaced with anonymous payment systems, but the article describes gratis games, games that cost money can use invasion isn't done by malware. The other cases mentioned are done by proprietary malware in the same tactics.</p> car.</p> </li> </ul> <!-- #SpywareAtRecreation --> <div class="big-section"> <h3 id="SpywareAtRecreation">Spyware at Recreation</h3> class="big-subsection"> <h4 id="SpywareInVR">Virtual Reality</h4> <span class="anchor-reference-id"> (<a href="#SpywareAtRecreation">#SpywareAtRecreation</a>)</span> class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span> </div> <div style="clear: left;"></div> <ul> <li><p>Users are suing Bose for <a href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a spyware app for its headphones</a>. Specifically, the app would record <ul class="blurbs"> <li id="M201612230"> <p>VR equipment, measuring every slight motion, creates the names of potential for the audio files users listen most intimate surveillance ever. All it takes to along with the headphone's unique serial number. </p> <p>The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should be flat out this potential real <a href="/philosophy/surveillance-vs-democracy.html"> illegal to design href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is software as malicious as many other programs listed in this page</a>.</p> <p>You can bet Facebook will implement the app to snoop at all</a>. </p> maximum possible surveillance on Oculus Rift devices. The moral is, never trust a VR system with nonfree software in it.</p> </li> </ul> <!-- #SpywareOnTheWeb --> <div class="big-section"> <h3 id="SpywareOnTheWeb">Spyware on the Web</h3> <span class="anchor-reference-id">(<a href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span> </div> <div style="clear: left;"></div> <p>In addition, many web sites spy on their visitors. Web sites are not programs, so it <a href="/philosophy/network-services-arent-free-or-nonfree.html"> makes no sense to call them “free” or “proprietary”</a>, but the surveillance is an abuse all the same.</p> <ul> <li><p>When <ul class="blurbs"> <li id="M201904210"> <p>As of April 2019, it is <a href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no longer possible to disable an unscrupulous tracking anti-feature</a> that <a href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports users when they follow ping links</a> in Apple Safari, Google Chrome, Opera, Microsoft Edge and also in the upcoming Microsoft Edge that going to be based on Chromium.</p> </li> <li id="M201901101"> <p>Until 2015, any tweet that listed a geographical tag <a href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/"> sent the precise GPS location to Twitter's server</a>. It still contains these GPS locations.</p> </li> <li id="M201805170"> <p>The Storyful program <a href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies on the reporters that use it</a>.</p> </li> <li id="M201701060"> <p>When a page uses Disqus for comments, <a href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">the the proprietary Disqus software loads <a href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
...
-
http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/proprietary-surveillance.de-diff.html
- [detail]
- [similar]
PREV
NEXT