<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.84 1.86 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
<title>Amazon's Software Is Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/proprietary/proprietary.css" media="screen,print" />
 <!--#include virtual="/proprietary/po/malware-amazon.translist" -->
<style type="text/css" media="print,screen"><!--
div.toc { width: 100%; padding: 1.3em 3%; }
div.toc h3 { display: inline; margin: 0 1.5%; }
div.toc ul { display: inline; margin: 0; }
div.toc li {
   display: inline;
   list-style: none;
   font-size: 1.3em;
   margin: 0 1.5%;
<!--#include virtual="/server/banner.html" -->
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<div class="article">
<p class="edu-breadcrumb">
<a href="/proprietary/proprietary.html">Proprietary malware</a> →
<!--#if expr="$OUTDATED_SINCE" --><!--#else -->
<!--#if expr="$LANGUAGE_SUFFIX" -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="no" -->
<!--#include virtual="/server/top-addendum.html" -->
<!--#endif -->
<!--#endif -->
<h2 id="main-heading">Amazon's Software Is Malware</h2>

<p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p>

<div class="highlight-para">
Malware and nonfree id="about-dir">
<hr class="thin" />
<p>Nonfree (proprietary) software are two different issues.  Malware means
the program is designed very often malware (designed to
mistreat or harm users when it runs.  The
difference between <a href="/philosophy/free-sw.html">free
software</a> and nonfree the user). Nonfree software is controlled by its developers,
which puts them in
<a href="/philosophy/free-software-even-more-important.html">
whether the users have control of the program or vice versa</a>.  It's
not directly a question position of what power over the program <em>does</em> when it
runs.  However, in practice nonfree software users; <a
href="/philosophy/free-software-even-more-important.html">that is often malware, because the developer's awareness
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users would be powerless they ought to fix any serve.</p>

<p>This typically takes the form of malicious functionalities tempts functionalities.</p>
<hr class="thin" />

<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the developer URL of a trustworthy reference or two
to impose some.
</p> serve as specific substantiation.</p>

<div class="toc c">
  <h3>Type of product:</h3> id="TOC">
    <li><a href="#swindle">Kindle Swindle</a></li>
    <li><a href="#echo">Echo</a></li>
  <li> <a href="#swindle">Kindle Swindle</a> </li>
  <li> <a href="#echo">Echo</a> </li>
  <li> <a href="#misc">Other products</a> </li>

<h2 id="swindle">Malware in the Kindle Swindle</h2>

<div class="big-section">
  <h3 id="swindle">Kindle Swindle</h3>
<div style="clear: left;"></div>

<p>We refer to this product as the
<a href="/philosophy/why-call-it-the-swindle.html">Amazon Swindle</a>
because it has <a href="/proprietary/proprietary-drm.html">Digital restrictions
management (DRM)</a>  and <a href="/philosophy/ebooks.html">
other malicious functionalities</a>.</p>

<div class="summary" style="margin-top: 1em">
    <h3>Type of malware</h3>
      <li><a href="#back-doors">Back doors</a></li>
      <!--<li><a href="#censorship">Censorship</a></li>-->
      <!--<li><a href="#insecurity">Insecurity</a></li>-->
      <!--<li><a href="#sabotage">Sabotage</a></li>-->
      <!--<li><a href="#interference">Interference</a></li>-->
      <li><a href="#surveillance">Surveillance</a></li>
      <li><a href="#drm">Digital restrictions
	  management</a> or “DRM” means functionalities designed
	to restrict what users can do with

<h4 id="back-doors">Back Doors</h4>

<ul class="blurbs">
  <li id="M201503210">
    <p>Amazon <a
    downgraded the data software in their computers.</li>
      <!--<li><a href="#jails">Jails</a>—systems
	  that impose censorship on application programs.</li>-->
      <!--<li><a href="#tyrants">Tyrants</a>—systems users' Swindles</a> so that reject any operating system not “authorized” by the

<h3 id="back-doors">Amazon Kindle Swindle Back Doors</h3>
  <li> those already
    rooted would cease to function at all.</p>

  <li id="M201210220.1">
    <p>The Amazon Kindle-Swindle has a back door that has been used to <a
    remotely erase books</a>.  One of the books erased was 1984,
    <cite>1984</cite>, by George Orwell.
    </p> Orwell.</p>

    <p>Amazon responded to criticism by saying it
    would delete books only following orders from the
    state.  However, that policy didn't last.  In 2012 it <a href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">wiped
    wiped a user's Kindle-Swindle and deleted her account</a>, then
    offered her kafkaesque “explanations.”</p>

  <li id="M200700000">
    <p>The Kindle also has a <a
    universal back door</a>.</p>
    <p>Amazon <a href="https://www.techdirt.com/articles/20150321/13350230396/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices.shtml">
	downgraded the software in users' Swindles</a>
      so that those already rooted would cease to function at all.</p></li>

<h3 id="surveillance">Amazon Kindle Swindle Surveillance</h3>

<h4 id="surveillance">Surveillance</h4>

<ul class="blurbs">
  <li id="M202001290">
    <p>The Amazon Ring app does <a
    surveillance for other companies as well as for Amazon</a>.</p>

  <li id="M201212030.1">
    <p>The Electronic Frontier Foundation has examined and found <a
    kinds of surveillance in the Swindle and other e-readers</a>.</p></li> e-readers</a>.</p>

<h3 id="drm">Amazon Kindle Swindle DRM</h3>
  <li><p><a href="http://techin.oureverydaylife.com/kindle-drm-17841.html">

<h4 id="drm">DRM</h4>

<ul class="blurbs">
  <li id="M201704130.1">
    <p><a href="https://itstillworks.com/kindle-drm-17841.html">
    The Amazon Kindle has DRM</a>.  That article is flawed in that it
    fails to treat DRM as an ethical question; it takes for granted that
    whatever Amazon might do to its users is legitimate.  It refers to
    DRM as digital “rights” management, which is the spin
    term used to promote DRM.  Nonetheless it serves as a reference for
      facts.</p></li> facts.</p>

<h2 id="echo">Malware in the Echo</h2>

<h3>Amazon Echo Back Doors</h3>

<div class="big-section">
  <h3 id="echo">Echo</h3>
<div style="clear: left;"></div>

<h4 id="echo-back-doors">Back Doors</h4>

<ul class="blurbs">
  <li id="M201606060">
    <p>The Amazon Echo appears to have a universal back door, since <a
    it installs “updates” automatically</a>.</p>

    <p>We have found nothing explicitly documenting the lack of any way
    to disable remote changes to the software, so we are not completely
    sure there isn't one, but it this seems pretty clear.</p>

<h4 id="echo-surveillance">Surveillance</h4>

<ul class="blurbs">
  <li id="M201905061">
    <p>Amazon Alexa collects a lot more information from users
    than is necessary for correct functioning (time, location,
    recordings made without a legitimate prompt), and sends
    it to Amazon's servers, which store it indefinitely. Even
    worse, Amazon forwards it to third-party companies. Thus,
    even if users request deletion of their data from Amazon's servers, <a
    the data remain on other servers</a>, where they can be accessed by
    advertising companies and government agencies. In other words,
    deleting the collected information doesn't cancel the wrong of
    collecting it.</p>

    <p>Data collected by devices such as the Nest thermostat, the Philips
    Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
    speakers are likewise stored longer than necessary on the servers
    the devices are tethered to. Moreover, they are made available to
    Alexa. As a result, Amazon has a very precise picture of users' life
    at home, not only in the present, but in the past (and, who knows,
    in the future too?)</p>

  <li id="M201904240">
    <p>Some of users' commands to the Alexa service are <a
    recorded for Amazon employees to listen to</a>. The Google and Apple
    voice assistants do similar things.</p>

    <p>A fraction of the Alexa service staff even has access to <a
    location and other personal data</a>.</p>

    <p>Since the client program is nonfree, and data processing is done
    “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
    the cloud</a>” (a soothing way of saying “We won't
    tell you how and where it's done”), users have no way
    to know what happens to the recordings unless human eavesdroppers <a
    break their non-disclosure agreements</a>.</p>

  <li id="M201808120">
    <p>Crackers found a way to break the security of an Amazon device,
    and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
    turn it into a listening device</a> for them.</p>

    <p>It was very difficult for them to do this. The job would be much
    easier for Amazon. And if some government such as China or the US
    told Amazon to do this, or cease to sell the product in that country,
    do you think Amazon would have the moral fiber to say no?</p>

    <p><small>(These crackers are probably hackers too, but please <a
    href="https://stallman.org/articles/on-hacking.html"> don't use
    “hacking” to mean “breaking security”</a>.)</small></p>

<div class="big-section">
  <h3 id="misc">Other products</h3>
<div style="clear: left;"></div>

<ul class="blurbs">
  <li id="M201912170">
    <p>Some security breakers (wrongly referred in this article as <a
    managed to interfere the Amazon Ring proprietary system, and <a
    its camera, speakers and microphones</a>.</p>

  <li id="M201902270">
    <p>The Ring (now Amazon) doorbell camera is designed so that the
    manufacturer (now Amazon) can watch all the time. Now it turns out
    that <a
    anyone else can also watch, and fake videos too</a>.</p>

    <p>The third party vulnerability is presumably
    unintentional and Amazon will probably fix it. However, we
    do not expect Amazon to change the design that <a
    Amazon to watch</a>.</p>

  <li id="M201901100">
    <p>Amazon Ring “security” devices <a
    send the video they capture to Amazon servers</a>, which save it

    <p>In many cases, the video shows everyone that comes near, or merely
    passes by, the user's front door.</p>

    <p>The article focuses on how Ring used to let individual employees look
    at the videos freely.  It appears Amazon has tried to prevent that
    secondary abuse, but the primary abuse—that Amazon gets the
    video—Amazon expects society to surrender to.</p>

  <li id="M201711200">
    <p>Amazon recently invited consumers to be suckers and <a
    allow delivery staff to open their front doors</a>. Wouldn't you know
    it, the system has a grave security flaw.</p>

  <li id="M201411090">
    <p>The Amazon “Smart” TV is <a
    snooping all the time</a>.</p>


</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">

        <p>For information on coordinating and submitting translations of
        our web pages, see <a
        README</a>. -->
Please see the <a
README</a> for information on coordinating and submitting translations
of this article.</p>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2014, 2015, 2016, 2017 2017, 2018, 2019, 2020 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2020/04/14 07:33:07 $
<!-- timestamp end -->
</div><!-- for class="inner", starts in the banner include -->