<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.79 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Surveillance - GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<style type="text/css" media="print,screen"><!--
.announcement media="screen,print"><!--
.pict { 
   background: none;
    width: 18em;
    margin: 2em auto;
}
#surveillance div.toc
.pict p {
   width: 24.5em; max-width: 94%;
   margin-bottom: 1em;
    font-size: .9em;
}
@media (min-width: 48em) {
   #surveillance div.toc 46em) {
      float: left;
      width: auto; max-width: 48%;
      margin: .2em 0 1em;
   }
   #surveillance .medium
    .pict {
        width: 43%; 18em;
        float: right;
        margin: 7em .3em 0 1em 1.5em; 2em;
    }
}
--></style>
<!-- GNUN: localize URL /graphics/dog.small.jpg -->
<!--#include virtual="/proprietary/po/proprietary-surveillance.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
 <img id="side-menu-icon" height="32"
      src="/graphics/icons/side-menu.png"
      title="Section contents"
      alt=" [Section contents] " />
</a>

<p class="breadcrumb">
 <a href="/"><img src="/graphics/icons/home.png" height="24"
    alt="GNU Home" title="GNU Home" /></a> /
 <a href="/proprietary/proprietary.html">Malware</a> /
 By type /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Proprietary Surveillance</h2>

<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>

<div  class="announcement">

<p>This document attempts to
track <strong>clearly established cases of proprietary software that
spies on or tracks users</strong>.</p>

<p><a href="/proprietary/proprietary.html">
   Other examples typically takes the form of proprietary malware</a></p> malicious functionalities.</p>
<hr class="full-width" />
</div>

<div id="surveillance">

<div class="pict medium"> id="surveillance" class="pict">
<a href="/graphics/dog.html">
<img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a>
<p>“How did they find out I'm a dog?”</p>
</div>

<div class="toc"> class="article">
<p>A common malicious functionality is to snoop on the user.  This page
records <strong>clearly established cases of proprietary software that
spies on or tracks users</strong>.  Manufacturers even refuse
to <a href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say
whether they snoop on users for the state</a>.</p>

<p>All appliances and applications that are tethered to a specific
server are snoopers by nature.  We do not list them here because they
have their own page: <a
href="/proprietary/proprietary-tethers.html#about-page">Proprietary
    Tethers</a>.</p>

<p>There is a similar site named <a href="https://spyware.neocities.org">Spyware Watchdog</a> that classifies spyware programs, so that users can be more aware that they are installing spyware.</p>

<div class="important" style="clear: both">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>

<div id="TOC" class="toc-inline">
    <h3 id="TableOfContents">Table of Contents</h3>
  <ul>
    <li><a href="#Introduction">Introduction</a></li>
    <li><a
    <h4><a href="#Introduction">Introduction</a></h4>
    <h4><a href="#OSSpyware">Spyware in Operating Systems</a> Laptops and Desktops</a></h4>
    <ul>
      <li><a href="#SpywareInWindows">Spyware in Windows</a></li> href="#SpywareInWindows">Windows</a></li>
      <li><a href="#SpywareInMacOS">Spyware in MacOS</a></li> href="#SpywareInMacOS">MacOS</a></li>
      <li><a href="#SpywareInAndroid">Spyware in Android</a></li> href="#SpywareInBIOS">BIOS</a></li>
    </ul>
    </li>
    <li><a
    <h4><a href="#SpywareOnMobiles">Spyware on Mobiles</a> Mobiles</a></h4>
    <ul>
      <li><a href="#SpywareIniThings">Spyware in iThings</a></li> href="#SpywareInTelephones">All “Smart” Phones</a></li>
      <li><a href="#SpywareInTelephones">Spyware in Telephones</a></li> href="#SpywareIniThings">iThings</a></li>
      <li><a href="#SpywareInMobileApps">Spyware in Mobile Applications</a></li> href="#SpywareInAndroid">Android Telephones</a></li>
      <li><a href="#SpywareInGames">Spyware href="#SpywareInElectronicReaders">E-Readers</a></li>
     </ul>
    <h4><a href="#SpywareInApplications">Spyware in Games</a></li> Applications</a></h4>
    <ul>
      <li><a href="#SpywareInToys">Spyware in Toys</a></li>
      </ul>
    </li> href="#SpywareInDesktopApps">Desktop Apps</a></li>
      <li><a href="#SpywareAtLowLevel">Spyware at Low Level</a>
      <ul> href="#SpywareInMobileApps">Mobile Apps</a></li>
      <li><a href="#SpywareInBIOS">Spyware in BIOS</a></li>
    <!-- href="#SpywareInSkype">Skype</a></li>
      <li><a href="#SpywareInFirmware">Spyware in Firmware</a></li> --> href="#SpywareInGames">Games</a></li>
    </ul>
    </li>
    <li><a href="#SpywareAtWork">Spyware at Work</a>
    <h4><a href="#SpywareInEquipment">Spyware in Connected Equipment</a></h4>
    <ul>
      <li><a href="#SpywareInSkype">Spyware in Skype</a></li>
      </ul>
    </li> href="#SpywareInTVSets">TV Sets</a></li>
      <li><a href="#SpywareOnTheRoad">Spyware on the Road</a>
      <ul> href="#SpywareInCameras">Cameras</a></li>
      <li><a href="#SpywareInCameras">Spyware in Cameras</a></li> href="#SpywareInToys">Toys</a></li>
      <li><a href="#SpywareInElectronicReaders">Spyware in e-Readers</a></li> href="#SpywareInDrones">Drones</a></li>
      <li><a href="#SpywareInVehicles">Spyware in Vehicles</a></li>
      </ul>
    </li> href="#SpywareAtHome">Other Appliances</a></li>
      <li><a href="#SpywareAtHome">Spyware at Home</a> href="#SpywareOnWearables">Wearables</a>
        <ul>
          <li><a href="#SpywareInTVSets">Spyware in TV Sets</a></li> href="#SpywareOnSmartWatches">“Smart” Watches</a></li>
        </ul>
      </li>
      <li><a href="#SpywareAtPlay">Spyware at Play</a></li> href="#SpywareInVehicles">Vehicles</a></li>
      <li><a href="#SpywareInVR">Virtual Reality</a></li>
    </ul>
    <h4><a href="#SpywareOnTheWeb">Spyware on the Web</a> Web</a></h4>
    <ul>
      <li><a href="#SpywareInChrome">Spyware in Chrome</a></li>
        <li><a href="#SpywareInFlash">Spyware in Flash</a></li>
      </ul>
    </li> href="#SpywareInChrome">Chrome</a></li>
      <li><a href="#SpywareEverywhere">Spyware Everywhere</a></li> href="#SpywareInJavaScript">JavaScript</a></li>
      <li><a href="#SpywareInVR">Spyware In VR</a></li> href="#SpywareInFlash">Flash</a></li>
    </ul>
    <h4><a href="#SpywareInNetworks">Spyware in Networks</a></h4>
</div>

</div>
<div style="clear: left;"></div>

<!-- #Introduction -->

<div class="big-section">
  <h3 id="Introduction">Introduction</h3>
</div>
<div style="clear: left;"></div>

<p>For decades, the Free Software movement has been denouncing the
abusive surveillance machine of
<a href="/proprietary/proprietary.html">proprietary software</a>
companies such as
<a href="/proprietary/malware-microsoft.html">Microsoft</a>
and
<a href="/proprietary/malware-apple.html">Apple</a>.

In the recent years, this tendency to watch people has spread across
industries, not only in the software business, but also in the
hardware.  Moreover, it also spread dramatically away from the
keyboard, in the mobile computing industry, in the office, at home, in
transportation systems, and in the classroom.</p>

<h3

<h4 id="AggregateInfoCollection">Aggregate Information Collection</h3> or anonymized data</h4>

<p>Many companies, in their privacy policy, have a clause that claims
they share aggregate, non-personally identifiable information with
third parties/partners. Such claims are worthless, for several
reasons:</p>

<ul>
    <li>They could change the policy at any time.</li>
    <li>They can twist the words by distributing an “aggregate” of
        “anonymized” data which can be reidentified and attributed to
        individuals.</li>
    <li>The raw data they don't normally distribute can be taken by
        data breaches.</li>
    <li>The raw data they don't normally distribute can be taken by
        subpoena.</li>
</ul>

<p>Therefore, we must never pay any attention to not be distracted by companies' statements of
what companies say they will <em>do</em> with the data they collect. The wrong is that
they collect it at all.</p>

<h3

<h4 id="LatestAdditions">Latest additions</h3>

<p>Latest additions additions</h4>

<p>Entries in each category are found in reverse chronological order, based
on top under each category.</p>

<!-- #OSSpyware -->
<!-- WEBMASTERS: make sure to place new items the dates of publication of linked articles.
The latest additions are listed on top under each subsection --> the <a
href="/proprietary/proprietary.html#latest">main page</a> of the
Malware section.</p>



<div class="big-section">
  <h3 id="OSSpyware">Spyware in Operating Systems</h3> Laptops and Desktops</h3>
  <span class="anchor-reference-id">(<a href="#OSSpyware">#OSSpyware</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInWindows">Spyware in Windows</h4> id="SpywareInWindows">Windows</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInWindows">#SpywareInWindows</a>)</span>
</div>

<ul>
  <li><p>Windows DRM
  files

<ul class="blurbs">
  <li id="M201912160">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft is <a
    href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
    users to create an account on their network</a> to be able to install
    and use the Windows operating system, which is malware. The account can
    be used for surveillance and/or violating people's rights in many ways,
    such as turning their purchased software to a subscription product.</p>
  </li>

  <li id="M201712110">
    <!--#set var="DATE" value='<small class="date-tag">2017-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>HP's proprietary operating system <a
    href="http://www.bbc.com/news/technology-42309371">includes a
    proprietary keyboard driver with a key logger in it</a>.</p>
  </li>

  <li id="M201710134">
    <!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Windows 10 telemetry program sends information to Microsoft about
    the user's computer and their use of the computer.</p>

    <p>Furthermore, for users who installed the
    fourth stable build of Windows 10, called the
    “Creators Update,” Windows maximized the surveillance <a
    href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
    by force setting the telemetry mode to “Full”</a>.</p>

    <p>The <a
    href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
    “Full” telemetry mode</a> allows Microsoft Windows
    engineers to access, among other things, registry keys <a href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">can
    href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)">
    which can contain sensitive information like administrator's login
    password</a>.</p>
  </li>

  <li id="M201702020">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>DRM-restricted files can be used to <a
    href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
    identify people browsing through Tor</a>. The vulnerability exists
    only if you use Windows.
  </p></li>

  <li><p>By Windows.</p>
  </li>

  <li id="M201611240">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>By default, Windows 10 <a
    href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
    debugging information to Microsoft, including core dumps</a>. Microsoft
    now distributes them to another company.</p></li>

  <li><p>Some portable phones <a href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
      sold with spyware sending lots of data to China</a>.</p></li>

<li>In company.</p>
  </li>

  <li id="M201608170.1">
    <!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate" 
    href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
    blatantly disregards user choice and privacy</a>. privacy</a>.</p>
  </li>

  <li><p><a

  <li id="M201603170">
    <!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
    Windows 10 comes with 13 screens of snooping options</a>, all enabled
    by default, and turning them off would be daunting to most users.</p></li>

  <li><p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
      Microsoft has already backdoored its disk encryption</a>.</p></li>

  <li>It users.</p>
  </li>

  <li id="M201601050">
    <!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>It appears <a
    href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
    Windows 10 sends data to Microsoft about what applications are 
      running</a>.</li>
  <li><p>A
    running</a>.</p>
  </li>

  <li id="M201512280">
    <!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft has <a
    href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
    backdoored its disk encryption</a>.</p>
  </li>

  <li id="M201511264">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A downgrade to Windows 10 deleted surveillance-detection
    applications.  Then another downgrade inserted a general spying
    program.  Users noticed this and complained, so Microsoft renamed it <a
href="https://web.archive.org/web/20160407082751/http://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
    href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
    to give users the impression it was gone</a>.</p>

    <p>To use proprietary software is to invite such treatment.</p>
  </li>
  <li><p>

  <li id="M201508180">
    <!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
    Intel devices will be able to listen for speech all the time, even
    when “off.”</a></p>
  </li>

  <li id="M201508130">
    <!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
    Windows 10 sends identifiable information to Microsoft</a>, even if
    a user turns off its Bing search and Cortana features, and activates
    the privacy-protection settings.</p>
  </li>

  <li id="M201507300">
    <!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Windows 10 <a href="https://web.archive.org/web/20151001035410/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
    href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
    ships with default settings that show no regard for the privacy of
    its users</a>, giving Microsoft the “right” to snoop on
    the users' files, text input, voice input, location info, contacts,
    calendar records and web browsing history, as well as automatically
    connecting the machines to open hotspots and showing targeted ads.</p></li>

  <li><p>
  <a href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
  Windows 10 sends identifiable information to Microsoft</a>, even if a user
  turns off its Bing search and Cortana features, and activates the
  privacy-protection settings.</p></li>

  <li><p> ads.</p>

    <p>We can suppose Microsoft looks at users' files for the US government
    on demand, though the “privacy policy” does not explicitly
    say so. Will it look at users' files for the Chinese government
    on demand?</p>
  </li>

  <li id="M201506170">
    <!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft uses Windows 10's “privacy policy”
    to overtly impose a “right” to look at
    users' files at any time. Windows 10 full disk encryption <a href="https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/">
    href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
    gives Microsoft a key</a>.</p>

    <p>Thus, Windows is overt malware in regard to surveillance, as in
    other issues.</p>

  <p>We can suppose Microsoft look at users' files for the US government on
  demand, though the “privacy policy” does not explicit say so. Will it
  look at users' files for the Chinese government on demand?</p>

    <p>The unique “advertising ID” for each user enables
    other companies to track the browsing of each specific user.</p>

    <p>It's as if Microsoft has deliberately chosen to make Windows 10
    maximally evil on every dimension; to make a grab for total power
    over anyone that doesn't drop Windows now.</p></li>

  <li><p>It now.</p>
  </li>

  <li id="M201410040">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>It only gets worse with time.  <a
    href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
    Windows 10 requires users to give permission for total snooping</a>,
    including their files, their commands, their text input, and their
    voice input.</p>
  </li>

  <li><p><a href="http://www.infoworld.com/article/2611451/microsoft-windows/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">

  <li id="M201401150">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="baidu-ime"><a
    href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
    Baidu's Japanese-input and Chinese-input apps spy on users</a>.</p>
  </li>

  <li id="M201307080">
    <!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spyware in older versions of Windows: <a
    href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
    Windows Update snoops on the user</a>. <a
    href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
    Windows 8.1 snoops on local searches.</a>.</p>
  </li>

  <li><p>And searches</a>. And there's a <a
    href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
    key in Windows</a>, whose functions we don't know.</p>
  </li>
</ul>


<p>Microsoft's snooping on users did not start with Windows 10.
   There's a lot more <a href="/proprietary/malware-microsoft.html">
   Microsoft malware</a>.</p>


<div class="big-subsection">
  <h4 id="SpywareInMacOS">Spyware in MacOS</h4> id="SpywareInMacOS">MacOS</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
</div>

<ul>
  <li><p><a href="http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
      MacOS automatically sends to Apple servers unsaved documents being
      edited</a>. The

<ul class="blurbs">
  <li id="M202011120">
    <!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has <a
      href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
      things you have not decided
    href="https://sneak.berlin/20201112/your-computer-isnt-yours">implemented
    a malware in its computers that imposes surveillance</a> on users
    and reports users' computing to save Apple.</p>

    <p>The reports are even more sensitive than unencrypted and they've been leaking this
    data for two years already. This malware is reporting to Apple what
    user opens what program at what time. It also gives Apple
    power to sabotage users' computing.</p>
  </li>

  <li id="M201809070">
    <!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Adware Doctor, an ad blocker for MacOS, <a
    href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
    the things you have stored in files</a>.</p> user's browsing history</a>.</p>
  </li>

  <li><p>Apple

  <li id="M201411040">
    <!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple has made various <a
    href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
    MacOS programs send files to Apple servers without asking
    permission</a>.  This exposes the files to Big Brother and perhaps
    to other snoops.</p>

    <p>It also demonstrates how you can't trust proprietary software,
    because even if today's version doesn't have a malicious functionality,
    tomorrow's version might add it. The developer won't remove the
    malfeature unless many users push back hard, and the users can't
    remove it themselves.</p>
  </li>

  <li><p>Various operations in
      <a href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
      the latest

  <li id="M201410300">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p> MacOS send reports automatically <a
    href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
    sends to Apple</a> servers.</p> Apple servers unsaved documents being edited</a>. The
    things you have not decided to save are <a
    href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
    even more sensitive</a> than the things you have stored in files.</p>
  </li>

  <li><p>Apple

  <li id="M201410220">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple admits the <a
    href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
    spying in a search facility</a>, but there's a lot <a
    href="https://github.com/fix-macosx/yosemite-phone-home"> more snooping
    that Apple has not talked about</a>.</p>
  </li>

  <li><p><a

  <li id="M201410200">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Various operations in <a
    href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
    the latest MacOS send reports to Apple</a> servers.</p>
  </li>

  <li id="M201401100.1">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    Spotlight search</a> sends users' search terms to Apple.</p>
  </li>
</ul>


<p>There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and
<a href="/proprietary/malware-apple.html">Apple malware</a>.</p>


<div class="big-subsection">
  <span id="SpywareAtLowLevel"></span>
  <h4 id="SpywareInAndroid">Spyware in Android</h4> id="SpywareInBIOS">BIOS</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInAndroid">#SpywareInAndroid</a>)</span> href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>

<ul>
<li>

<ul class="blurbs">
  <li id="M201509220">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="http://www.privmetrics.org/wp-content/uploads/2015/06/wisec2015.pdf">A study in 2015</a> found
    href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
    Lenovo stealthily installed crapware and spyware via
    BIOS</a> on Windows installs.  Note that 90% of the top-ranked gratis specific
    sabotage method Lenovo used did not affect GNU/Linux; also, a
    “clean” Windows install is not really clean since <a
    href="/proprietary/malware-microsoft.html">Microsoft puts in its
    own malware</a>.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInTelephones">All “Smart” Phones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202106250">
    <!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.elsalvador.com/eldiariodehoy/app-chivo-bitcoin-pone-en-riesgo-datos-personales-de-usuarios/852310/2021/">El
    Salvador Dictatorship's Chivo wallet is spyware</a>, it's a
    proprietary Android apps contained recognizable tracking libraries. For program that breaks users' freedom and spies on people;
    demands personal data such as the paid proprietary apps, national ID number and does face
    recognition, and it was only 60%.</p> is bad security for its data. It also asks for
    almost every malware permission in people's smartphones.</p>

    <p>The article confusingly describes gratis apps as “free”,
  but most of them are not criticizes it for faults in fact “data
    protection”, though <a href="/philosophy/free-sw.html">free software</a>.
  It also uses the ugly word “monetize”. A good replacement
  for that word
    href="/philosophy/surveillance-vs-democracy.html">“data protection”
    is “exploit”; nearly always that will fit
  perfectly.</p> the wrong approach to privacy anyway</a>.</p>
  </li>

<li>
  <p>Apps for BART
    <a href="https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">snoop on users</a>.</p>
  <p>With free software apps, users could <em>make sure</em> that they don't snoop.</p>
  <p>With

  <li id="M202106170">
    <!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost
    all proprietary apps, one can only hope that they don't.</p>
</li>

<li>
  <p>A study found 234 Android health apps that harvest users' data</a>, including
    sensitive health information, tracking identifiers, and cookies to
    track user activities. Some of these applications are tracking users by
	<a href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
	to ultrasound from beacons placed in stores or played by TV programs</a>.
	</p>
    across different platforms.</p>
  </li>

<li>
  <p>Pairs

  <li id="M202102200">
    <!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The proprietary program Clubhouse
    is malware and a privacy disaster. Clubhouse <a
    href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects
    people's personal data such as recordings of Android apps can collude people's
    conversations</a>, and, as a secondary problem, does not encrypt them,
    which shows a bad security part of the issue.</p>

    <p>A user's unique Clubhouse ID number and chatroom ID are transmitted
    in plaintext, and Agora (the company behind the app) would likely
    have access to transmit users' raw audio, potentially providing access to
    the Chinese government.</p>

    <p>Even with good security of data transmission, collecting personal
    data to servers. <a href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A study found
	tens of thousands people is wrong and a violation of pairs that collude</a>.</p> people's privacy rights.</p>
  </li>

<li>
<p>Google Play intentionally sends app developers <a
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
the personal details

  <li id="M202101080">
    <!--#set var="DATE" value='<small class="date-tag">2021-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>As of users that install the app</a>.</p>

<p>Merely asking the “consent” 2021, WhatsApp (one of Facebook's subsidiaries) is <a
    href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
    its users to hand over sensitive personal data</a> to its parent
    company. This increases Facebook's power over users, and further
    jeopardizes people's privacy and security.</p>

    <p>Instead of WhatsApp you can use <a
    href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>, which is
    free software and will not enough
to legitimize actions collect your data.</p>
  </li>

  <li id="M202006260">
    <!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Most apps are malware, but
    Trump's campaign app, like this.  At this point, most Modi's campaign app, is <a
    href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
    especially nasty malware, helping companies snoop on users have
stopped reading the “Terms and Conditions” that spell out
what they are “consenting” to.  Google should clearly
and honestly identify the information it collects as well
    as snooping on users, instead
of hiding them itself</a>.</p>

    <p>The article says that Biden's app has a less manipulative overall
    approach, but that does not tell us whether it in an obscurely worded EULA.</p>

<p>However, to truly protect people's privacy, has functionalities we must prevent Google
    consider malicious, such as sending data the user has not explicitly
    asked to send.</p>
  </li>

  <li id="M201809121">
    <!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tiny Lab Productions, along with online ad businesses run
    by Google, Twitter and three other companies are facing a lawsuit <a
    href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for
    violating people's privacy by collecting their data from getting this personal information in the first
place!</p> mobile games
    and handing over these data to other companies/advertisers</a>.</p>
  </li>

  <li>
    <p>Google Play (a component

  <li id="M201601110">
    <!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The natural extension of Android) monitoring
    people through “their” phones is <a
    href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
    tracks
    href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
    proprietary software to make sure they can't “fool”
    the users' movements without their permission</a>.</p>

    <p>Even if you disable Google Maps monitoring</a>.</p>
  </li>

  <li id="M201510050">
    <!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>According to Edward Snowden, <a
    href="http://www.bbc.com/news/uk-34444233">agencies can take over
    smartphones</a> by sending hidden text messages which enable
    them to turn the phones on and location tracking, you must
    disable Google Play itself off, listen to completely stop the tracking. microphone,
    retrieve geo-location data from the GPS, take photographs, read
    text messages, read call, location and web browsing history, and
    read the contact list. This malware is
    yet another example of nonfree software pretending designed to obey the user,
    when it's actually doing something else.  Such a thing would be almost
    unthinkable with free software.</p> disguise itself
    from investigation.</p>
  </li>
  
  <li><p>More than 73% of

  <li id="M201311120">
    <!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
    The NSA can tap data in smart phones, including iPhones,
    Android, and BlackBerry</a>.  While there is not much
    detail here, it seems that this does not operate via
    the most popular Android apps universal back door that we know nearly all portable
    phones have. It may involve exploiting various bugs.  There are <a href="http://jots.pub/a/2015103001/index.php">share personal,
  behavioral and location information</a>
    href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/">
    lots of bugs in the phones' radio software</a>.</p>
  </li>

  <li id="M201307000">
    <!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Portable phones with GPS <a
    href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
    will send their GPS location on remote command, and users with third parties.</p> cannot stop
    them</a>. (The US says it will eventually require all new portable phones
    to have GPS.)</p>
  </li>

  <li><p>“Cryptic communication,” unrelated
</ul>


<div class="big-subsection">
  <h4 id="SpywareIniThings">iThings</h4>
  <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202105240">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple
    is moving its Chinese customers' iCloud data to a datacenter controlled
    by the app's functionality,
  was Chinese government</a>. Apple is already storing the encryption
    keys on these servers, obeying Chinese authority, making all Chinese
    user data available to the government.</p>
  </li>

  <li id="M202009183">
    <!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Facebook <a href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
  found in
    href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
    on Instagram</a> users by surreptitously turning on the 500 most popular gratis Android apps</a>.</p>

  <p>The article should device's
    camera.</p>
  </li>

  <li id="M202004200">
    <!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple whistleblower Thomas Le Bonniec reports that Apple
    made a practice of surreptitiously activating the Siri software to <a
    href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
    record users' conversations when they had not have described activated Siri</a>.
    This was not just occasional, it was systematic practice.</p>

    <p>His job was to listen to these apps as
  “free”—they are recordings, in a group that made
    transcripts of them. He does not free software.  The clear believes that Apple has ceased this
    practice.</p>

    <p>The only reliable way to say
  “zero price” is “gratis.”</p>

  <p>The article takes prevent this is, for granted that the usual analytics tools are
  legitimate, but is program that valid?  Software developers have no right
    controls access to
  analyze what the microphone to decide when the user has
    “activated” any service, to be free software, and the
    operating system under it free as well. This way, users are doing or how.  “Analytics” tools could make
    sure Apple can't listen to them.</p>
  </li>

  <li id="M201910131">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Safari occasionally <a
    href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
    sends browsing data from Apple devices in China to the Tencent Safe
    Browsing service</a>, to check URLs that snoop are
  just as wrong as any other snooping.</p> possibly correspond to
    “fraudulent” websites. Since Tencent collaborates
    with the Chinese government, its Safe Browsing black list most certainly
    contains the websites of political opponents. By linking the requests
    originating from single IP addresses, the government can identify
    dissenters in China and Hong Kong, thus endangering their lives.</p>
  </li>
  <li><p>Gratis Android

  <li id="M201905280">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In spite of Apple's supposed commitment to
    privacy, iPhone apps (but not contain trackers that are busy at night <a href="/philosophy/free-sw.html">free software</a>)
      connect
    href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
    sending users' personal information to 100
      <a href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking and advertising</a> URLs,
      on third parties</a>.</p>

    <p>The article mentions specific examples: Microsoft OneDrive,
    Intuit's Mint, Nike, Spotify, The Washington Post, The Weather
    Channel (owned by IBM), the average.</p>
  </li>
  <li><p>Spyware crime-alert service Citizen, Yelp
    and DoorDash. But it is present in some Android devices when they are sold. likely that most nonfree apps contain
    trackers. Some Motorola phones modify Android to
      <a href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> of these send personal personally identifying data to Motorola</a>.</p>
  </li>

  <li><p>Some manufacturers add a
      <a href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
      hidden general surveillance package such as Carrier IQ.</a></p> phone
    fingerprint, exact location, email address, phone number or even
    delivery address (in the case of DoorDash). Once this information
    is collected by the company, there is no telling what it will be
    used for.</p>
  </li>

  <li><p><a href="/proprietary/proprietary-back-doors.html#samsung">
      Samsung's back door</a> provides access

  <li id="M201711250">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The DMCA and the EU Copyright Directive make it <a
    href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
    illegal to any file study how iOS cr…apps spy on users</a>, because
    this would require circumventing the system.</p> iOS DRM.</p>
  </li>
</ul>



<!-- #SpywareOnMobiles

  <li id="M201709210">
    <!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
<!-- WEBMASTERS: make sure
    <p>In the latest iThings system,
    “turning off” WiFi and Bluetooth the obvious way <a
    href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
    doesn't really turn them off</a>.  A more advanced way really does turn
    them off—only until 5am.  That's Apple for you—“We
    know you want to place new items on top under each subsection be spied on”.</p>
  </li>

  <li id="M201702150">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->

<div class="big-section">
  <h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
<div style="clear: left;"></div>


<div class="big-subsection">
  <h4 id="SpywareIniThings">Spyware in iThings</h4>
  <span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>

<ul>
  <li><p>Apple
    <p>Apple proposes <a
    href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
    fingerprint-scanning touch screen</a>
      — which screen</a>—which would mean no way
    to use it without having your fingerprints taken. Users would have
    no way to tell whether the phone is snooping on
      them.</p></li>

  <li><p>iPhones them.</p>
  </li>

  <li id="M201611170">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iPhones <a href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says">send
    href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
    lots of personal data to Apple's servers</a>.  Big Brother can get
    them from there.</p>
  </li>

  <li><p>The

  <li id="M201609280">
    <!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iMessage app on iThings <a
    href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
    a server every phone number that the user types into it</a>; the
    server records these numbers for at least 30 days.</p>
  </li>

  <li><p>Users cannot make an Apple ID <a href="http://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-idcool">(necessary to install even gratis apps)</a>
      without giving a valid email address and receiving the code Apple
      sends to it.</p>
  </li>

  <li><p>Around 47% of the most popular iOS apps
      <a class="not-a-duplicate" 
	 href="http://jots.pub/a/2015103001/index.php">share personal,
	behavioral and location information</a> of their users with third parties.</p>
  </li>

  <li><p>iThings

  <li id="M201509240">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iThings automatically upload to Apple's servers all the photos
    and videos they make.</p>

    <blockquote><p> iCloud Photo Library stores every photo and video you
    take, and keeps them up to date on all your devices. Any edits you
    make are automatically updated everywhere. [...] […] </p></blockquote>

    <p>(From <a href="https://www.apple.com/icloud/photos/">Apple's iCloud
    information</a> as accessed on 24 Sep 2015.) The iCloud feature is
    <a href="https://support.apple.com/en-us/HT202033">activated by the
    startup of iOS</a>. The term “cloud” means “please
    don't ask where.”</p>

    <p>There is a way to
    <a href="https://support.apple.com/en-us/HT201104"> deactivate
    iCloud</a>, but it's active by default so it still counts as a
    surveillance functionality.</p>

    <p>Unknown people apparently took advantage of this to <a
    href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
    nude photos of many celebrities</a>. They needed to break Apple's
    security to get at them, but NSA can access any of them through <a href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.
  </p></li>

  <li><p>Spyware in iThings:
    href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
  </li>

  <li id="M201409220">
    <!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apple can, and regularly does, <a
    href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
    remotely extract some data from iPhones for the state</a>.</p>

    <p>This may have improved with <a
    href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
    iOS 8 security improvements</a>; but <a
    href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
    not as much as Apple claims</a>.</p>
  </li>

  <li id="M201407230">
    <!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
    Several “features” of iOS seem to exist
    for no possible purpose other than surveillance</a>.  Here is the <a
    href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
    Technical presentation</a>.</p>
  </li>

  <li id="M201401100">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The <a class="not-a-duplicate"
    href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
    iBeacon</a> lets stores determine exactly where the iThing is, and
    get other info too.</p>
  </li>

  <li><p>There

  <li id="M201312300">
    <!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
    Either Apple helps the NSA snoop on all the data in an iThing, or it
    is totally incompetent</a>.</p>
  </li>

  <li id="M201308080">
    <!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The iThing also <a
    href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
    tells Apple its geolocation</a> by default, though that can be
    turned off.</p>
  </li>

  <li id="M201210170">
    <!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>There is also a feature for web sites to track users, which is <a
    href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
    enabled by default</a>.  (That article talks about iOS 6, but it is
    still true in iOS 7.)</p>
  </li>

  <li><p>The iThing also
      <a
href="https://web.archive.org/web/20160313215042/http://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
      tells

  <li id="M201204280">
    <!--#set var="DATE" value='<small class="date-tag">2012-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Users cannot make an Apple its geolocation</a> by default, though that can be
      turned off.</p>
  </li>

  <li><p>Apple can, ID (<a
    href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
    to install even gratis apps</a>) without giving a valid
    email address and regularly does,
      <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
      remotely extract some data from iPhones for receiving the state</a>.</p>
  </li>

  <li><p><a href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
      Either verification code Apple helps the NSA snoop on all the data in an iThing,
      or it is totally incompetent.</a></p>
  </li>

  <li><p><a href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
      Several “features” of iOS seem sends
    to exist for no
      possible purpose other than surveillance</a>.  Here is the
      <a href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
      Technical presentation</a>.</p> it.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInTelephones">Spyware in id="SpywareInAndroid">Android Telephones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span> href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
</div>

<ul>
  <li><p>According to Edward Snowden,

<ul class="blurbs">
  <li id="M202012070">
    <!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Baidu apps were <a href="http://www.bbc.com/news/uk-34444233">agencies
    href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
    caught collecting sensitive personal data</a> that can take over smartphones</a>
      by sending hidden text messages which enable be used for
    lifetime tracking of users, and putting them in danger. More than 1.4
    billion people worldwide are affected by these proprietary apps, and
    users' privacy is jeopardized by this surveillance tool. Data collected
    by Baidu may be handed over to turn the Chinese government, possibly
    putting Chinese people in danger.</p>
  </li>

  <li id="M202010120">
    <!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Samsung is forcing its smartphone users in Hong Kong (and Macau) <a
    href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
    use a public DNS in Mainland China</a>, using software update released
    in September 2020, which causes many unease and privacy concerns.</p>
  </li>

  <li id="M202004300">
    <!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Xiaomi phones
      on <a
    href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
    many actions the user takes</a>: starting an app, looking at a folder,
    visiting a website, listening to a song.  They send device identifying
    information too.</p>

    <p>Other nonfree programs snoop too. For instance, Spotify and off, listen
    other streaming dis-services make a dossier about each user, and <a
    href="/malware/proprietary-surveillance.html#M201508210"> they make
    users identify themselves to pay</a>.  Out, out, damned Spotify!</p>

    <p>Forbes exonerates the microphone, retrieve geo-location data same wrongs when the culprits are not Chinese,
    but we condemn this no matter who does it.</p>
  </li>

  <li id="M201812060">
    <!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Facebook's app got “consent” to <a
    href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
    upload call logs automatically from Android phones</a> while disguising
    what the “consent” was for.</p>
  </li>

  <li id="M201811230">
    <!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>An Android phone was observed to track location even while
    in airplane mode. It didn't send the
      GPS, take photographs, read text messages, read call, location data while in
    airplane mode.  Instead, <a
    href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
    it saved up the data, and web
      browsing history, sent them all later</a>.</p>
  </li>

  <li id="M201711210">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Android tracks location for Google <a
    href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
    even when “location services” are turned off, even when
    the phone has no SIM card</a>.</p>
  </li>

  <li id="M201611150">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some portable phones <a
    href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
    sold with spyware sending lots of data to China</a>.</p>
  </li>

  <li id="M201609140">
    <!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Play (a component of Android) <a
    href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
    tracks the users' movements without their permission</a>.</p>

    <p>Even if you disable Google Maps and read location tracking, you must
    disable Google Play itself to completely stop the contact list. tracking.  This malware is designed
    yet another example of nonfree software pretending to
      disguise itself from investigation.</p> obey the user,
    when it's actually doing something else.  Such a thing would be almost
    unthinkable with free software.</p>
  </li>

  <li><p>Samsung

  <li id="M201507030">
    <!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Samsung phones come with <a
    href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
    that users can't delete</a>, and they send so much data that their
    transmission is a substantial expense for users.  Said transmission,
    not wanted or requested by the user, clearly must constitute spying
    of some
      kind.</p></li>

  <li><p>A Motorola phone
      <a href="http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
      listens for voice all kind.</p>
  </li>

  <li id="M201403120">
    <!--#set var="DATE" value='<small class="date-tag">2014-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="/proprietary/proprietary-back-doors.html#samsung">
    Samsung's back door</a> provides access to any file on the time</a>.</p> system.</p>
  </li>

  <li><p>Spyware

  <li id="M201308010">
    <!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spyware in Android phones (and Windows? laptops): The Wall Street
    Journal (in an article blocked from us by a paywall) reports that <a
    href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
    the FBI can remotely activate the GPS and microphone in Android phones
    and laptops</a>.
      (I suspect this means laptops</a> (presumably Windows laptops.) laptops).  Here is <a
    href="http://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
  </li>

  <li><p>Portable phones with GPS will send their GPS location on
      remote command and users cannot stop them:

  <li id="M201307280">
    <!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spyware is present in some Android devices when they are
    sold.  Some Motorola phones, made when this company was owned
    by Google, use a modified version of Android that <a href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
      http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
      (The US says it will eventually require all new portable phones
    href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
    sends personal data to have GPS.)</p> Motorola</a>.</p>
  </li>

  <li><p>The nonfree Snapchat app's principal purpose

  <li id="M201307250">
    <!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A Motorola phone <a
    href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
    listens for voice all the time</a>.</p>
  </li>

  <li id="M201302150">
    <!--#set var="DATE" value='<small class="date-tag">2013-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Play intentionally sends app developers <a
    href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
    the personal details of users that install the app</a>.</p>

    <p>Merely asking the “consent” of users is not enough to restrict
    legitimize actions like this.  At this point, most users have stopped
    reading the use of data on “Terms and Conditions” that spell out what
    they are “consenting” to.  Google should clearly and
    honestly identify the user's computer, but information it does surveillance
      too: <a href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers"> collects on users, instead of
    hiding it tries in an obscurely worded EULA.</p>

    <p>However, to get the user's list of other truly protect people's phone
      numbers.</a></p> privacy, we must prevent Google
    and other companies from getting this personal information in the
    first place!</p>
  </li>

  <li id="M201111170">
    <!--#set var="DATE" value='<small class="date-tag">2011-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some manufacturers add a <a
    href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
    hidden general surveillance package such as Carrier IQ</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInMobileApps">Spyware in Mobile Applications</h4> id="SpywareInElectronicReaders">E-Readers</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span> href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>

<ul>
  <li>
		<p>Faceapp appears to do lots of surveillance, judging

<ul class="blurbs">
  <li id="M201603080">
    <!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>E-books can contain JavaScript code, and <a
    href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
    sometimes this code snoops on readers</a>.</p>
  </li>

  <li id="M201410080">
    <!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Adobe made “Digital Editions,”
    the e-reader used by most US libraries, <a href="https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
		how much access it demands to personal
    href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
    send lots of data to Adobe</a>.  Adobe's “excuse”: it's
    needed to check DRM!</p>
  </li>

  <li id="M201212030">
    <!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spyware in many e-readers—not only the device</a>.
		</p> Kindle: <a
    href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
    report even which page the user reads at what time</a>.</p>
  </li>

  <li>
   <p>Verizon
</ul>



<div class="big-section">
  <h3 id="SpywareInApplications">Spyware in Applications</h3>
  <span class="anchor-reference-id">(<a href="#SpywareInApplications">#SpywareInApplications</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInDesktopApps">Desktop Apps</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202011260">
    <!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft's Office 365 suite enables employers <a href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
	 announced an opt-in proprietary search app that it will</a>
	 pre-install
    href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
    snoop on some of its phones. The app will give Verizon the same
   information about the users' searches each employee</a>. After
    a public outburst, Microsoft stated that Google normally gets when
   they use its search engine.</p>

   <p>Currently, the app is <a href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
    being pre-installed
    href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
    would remove this capability</a>. Let's hope so.</p>
  </li>

  <li id="M201912190">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some Avast and AVG extensions
    for Firefox and Chrome were found to <a
    href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
    snoop on only one phone</a>, users' detailed browsing habits</a>. Mozilla and Google
    removed the
    user must explicitly opt-in before the app takes effect. However, problematic extensions from their stores, but this shows
    once more how unsafe nonfree software can be. Tools that are supposed
    to protect a proprietary system are, instead, infecting it with
    additional malware (the system itself being the
    app remains spyware—an “optional” piece of spyware is
    still spyware.</p> original malware).</p>
  </li>

  <li><p>The Meitu photo-editing
  app

  <li id="M201811020">
    <!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Foundry's graphics software <a href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
  user data
    href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
    reports information to identify who is running it</a>. The result is
    often a Chinese company</a>.</p></li>

  <li><p>A pregnancy test controller application not only
  can <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spy
  on many sorts legal threat demanding a lot of data in the phone, and in server accounts, money.</p>

    <p>The fact that this is used for repression of forbidden sharing
    makes it can
  alter them too</a>.
  </p></li>

  <li><p>The Uber app tracks <a href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
        movements before and after the ride</a>.</p> even more vicious.</p>

    <p>This example illustrates how “getting the user's consent”
        for surveillance that making unauthorized copies of nonfree software
    is inadequate as not a protection against massive
        surveillance.</p> cure for the injustice of nonfree software. It may avoid
    paying for the nasty thing, but cannot make it less nasty.</p>
  </li>

  <li><p>Google's new voice messaging app
</ul>

<div class="big-subsection">
  <h4 id="SpywareInMobileApps">Mobile Apps</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202111090">
    <!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A building in LA, with a supermarket in it, <a href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
      all conversations</a>.</p>
    href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands
    customers load a particular app to pay for parking in the parking
    lot</a>, and accept pervasive surveillance. They also have the
    option of entering their license plate numbers in a kiosk. That is
    an injustice, too.</p>
  </li>

  <li><p>Apps that include 
      <a href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
      Symphony surveillance software snoop on what radio

  <li id="M202106030">
    <!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok
    apps collect biometric identifiers and TV programs 
      are playing nearby</a>.  Also on what users post on various sites 
      such as Facebook, Google+ biometric information from
    users' smartphones</a>. The company behind it does whatever it wants
    and Twitter.</p> collects whatever data it can.</p>
  </li>

  <li><p>Facebook's new Magic Photo app

  <li id="M202104060">
    <!--#set var="DATE" value='<small class="date-tag">2021-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The <a
href="https://web.archive.org/web/20160605165148/http://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
    href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire
    app saves people's wedding photos forever and suggests you to share the picture you take according hands over data
    to who
      is in the frame.</p>

      <p>This spyware feature seems others</a>, giving users no control over their personal 
    information/data. The app also sometimes shows old photos and
    memories to require online access users, without giving them any control over this
    either.</p>
  </li>

  <li id="M202102010">
    <!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many cr…apps, developed by various
    companies for various organizations, do <a
    href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
    location tracking unknown to those companies and those
    organizations</a>.  It's actually some
      known-faces database, which means widely used libraries that do
    the pictures are likely tracking.</p>

    <p>What's unusual here is that proprietary software developer A tricks
    proprietary software developers B1 … B50 into making platforms for
    A to be
      sent across mistreat the wire to Facebook's servers and face-recognition
      algorithms.</p>

      <p>If so, none end user.</p>
  </li>

  <li id="M202003260">
    <!--#set var="DATE" value='<small class="date-tag">2020-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Apple iOS version of Facebook Zoom <a
    href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
    sending users' pictures are private
      anymore, data to Facebook</a> even if the user didn't “upload” them doesn't have
    a Facebook account. According to the service.</p>
  </li>

  <li><p>Like most “music screaming” disservices, Spotify
      is based article, Zoom and Facebook
    don't even mention this surveillance on proprietary malware (DRM their privacy policy page,
    making this an obvious violation of people's privacy even in their
    own terms.</p>
  </li>

  <li id="M202003010">
    <!--#set var="DATE" value='<small class="date-tag">2020-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Alipay Health Code app
    estimates whether the user has Covid-19 and snooping). In August
      2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
      demanded users submit to increased snooping</a>, and some
      are starting to realize that it is nasty.</p>

      <p>This article shows
    href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
    tells the cops directly</a>.</p>
  </li>

  <li id="M202001290">
    <!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon Ring app does <a
href="https://web.archive.org/web/20160313214751/http://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
      twisted ways that they present snooping
    href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
    surveillance for other companies as a way well as for Amazon</a>.</p>
  </li>

  <li id="M201912220">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The ToToc messaging app seems to “serve” users better</a>—never mind
      whether they want that. This is be a typical example of <a
    href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
    spying tool for the attitude government of the proprietary United Arab Emirates</a>.
    Any nonfree program could be doing this, and that is a good
    reason to use free software industry towards
      those they have subjugated.</p>

      <p>Out, out, damned Spotify!</p> instead.</p>

    <p><small>Note: this article uses the word “free” in
    the sense of “gratis.”</small></p>
  </li>
  <li><p>Many proprietary apps

  <li id="M201912090">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>iMonsters and Android phones,
    when used for mobile devices report which other
    apps the user has
    installed. work, give employers powerful <a href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
    is doing
    href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
    snooping and sabotage capabilities</a> if they install their own
    software on the device.  Many employers demand to do this.  For the
    employee, this in a way that at least is visible simply nonfree software, as fundamentally unjust
    and
    optional</a>. Not as bad dangerous as what the others do.</p>
  </li>

  <li><p>FTC says most mobile apps for children don't respect privacy:
      <a href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
      http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p> any other nonfree software.</p>
  </li>

  <li><p>Widely used <a href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
      QR-code scanner apps snoop on

  <li id="M201910130">
    <!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Chinese Communist Party's “Study
    the user</a>. This is in addition Great Nation” app requires users to grant it <a
    href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
    access to the snooping done by phone's microphone, photos, text messages, contacts, and
    internet history</a>, and the phone company, Android version was found to contain a
    back-door allowing developers to run any code they wish in the users'
    phone, as “superusers.” Downloading and perhaps by using this
    app is mandatory at some workplaces.</p>

    <p>Note: The <a
    href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
    Washington Post version of the OS article</a> (partly obfuscated, but
    readable after copy-pasting in a text editor) includes a clarification
    saying that the
      phone.</p>

      <p>Don't be distracted by tests were only performed on the question Android version
    of whether the app developers get
      users app, and that, according to say “I agree”. That is no excuse for malware.</p> Apple, “this kind of
    ‘superuser’ surveillance could not be conducted on
    Apple's operating system.”</p>
  </li>

  <li><p>The Brightest Flashlight app
      <a href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
      sends user data, including geolocation, for use by companies.</a></p>

  <li id="M201909091">
    <!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The FTC criticized this Facebook app because <a
    href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
    tracks users even when it asked the user to
      approve sending personal data to is turned off</a>, after tricking them
    into giving the app developer but did not
      ask about sending it broad permissions in order to other companies.  This shows the
      weakness use one of the reject-it-if-you-dislike-snooping
      “solution” to surveillance: why should a flashlight
      app its
    functionalities.</p>
  </li>

  <li id="M201909090">
    <!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some nonfree period-tracking apps including MIA Fem and Maya <a
    href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
    send any information intimate details of users' lives to anyone? Facebook</a>.</p>
  </li>

  <li id="M201909060">
    <!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Keeping track of who downloads a proprietary
    program is a form of surveillance.  There is a
    proprietary program for adjusting a certain telescopic rifle sight. <a
    href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
    A US prosecutor has demanded the list of all the 10,000 or more people
    who have installed it</a>.</p>

    <p>With a free software flashlight
      app program there would not.</p> not be a list of who has installed
    it.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInGames">Spyware in Games</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>

<ul>
  <li><p>nVidia's proprietary GeForce Experience

  <li id="M201907081">
    <!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many unscrupulous mobile-app developers keep finding ways to <a href="http://www.gamersnexus.net/industry/2672-geforce-experience-data-transfer-analysis">makes
      users identify themselves
    href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
    bypass user's settings</a>, regulations, and then sends personal privacy-enhancing features
    of the operating system, in order to gather as much private data about as
    they possibly can.</p>

    <p>Thus, we can't trust rules against spying.  What we can trust is
    having control over the software we run.</p>
  </li>

  <li id="M201907080">
    <!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many Android apps can track
    users' movements even when the user says <a
    href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
    not to allow them access to
      nVidia servers</a>.</p> locations</a>.</p>

    <p>This involves an apparently unintentional weakness in Android,
    exploited intentionally by malicious apps.</p>
  </li>

  <li><p>Angry Birds

  <li id="M201905300">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Femm “fertility” app is secretly a <a href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
      spies
    href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
    tool for companies, and the NSA takes advantage to spy through it too</a>.
      Here's information propaganda</a> by natalist Christians.  It spreads distrust
    for contraception.</p>

    <p>It snoops on
      <a href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
      more spyware apps</a>.</p>
      <p><a href="http://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
      More about NSA app spying</a>.</p> users, too, as you must expect from nonfree
    programs.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInToys">Spyware in Toys</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>

<ul>
  <li>
    <p>The “smart” toys My Friend Cayla and i-Que transmit

  <li id="M201905060">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>BlizzCon 2019 imposed a <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's conversations
    href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
    requirement to Nuance Communications</a>, run a speech recognition company based in the U.S.</p>

    <p>Those toys also contain major security vulnerabilities; crackers
      can remotely control proprietary phone app</a> to be allowed into
    the toys with event.</p>

    <p>This app is a mobile phone. This would
      enable crackers to listen in spyware that can snoop on a child's speech, lot of
    sensitive data, including user's location and even speak
      into contact list, and has <a
    href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
    near-complete control</a> over the toys themselves.</p> phone.</p>
  </li>

  <li>
    <p>A computerized vibrator

  <li id="M201904131">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Data collected by menstrual and pregnancy monitoring apps is often <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
	was snooping on its users through the proprietary control app</a>.</p>
    
    <p>The app was reporting the temperature of
    href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
    available to employers and insurance companies</a>. Even though the vibrator minute by
      minute (thus, indirectly, whether
    data is “anonymized and aggregated,” it was surrounded by a person's
      body), as well as can easily be
    traced back to the vibration frequency.</p>
    
    <p>Note woman who uses the totally inadequate proposed response: a labeling
      standard with which manufacturers would app.</p>

    <p>This has harmful implications for women's rights to equal employment
    and freedom to make statements about their products, rather than free software which users could have
      checked and changed.</p>
    
    <p>The company own pregnancy choices. Don't use
    these apps, even if someone offers you a reward to do so. A
    free-software app that made does more or less the vibrator same thing without
    spying on you is available from <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
	was sued for collecting lots
    href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
    href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
    a new one is being developed</a>.</p>
  </li>

  <li id="M201904130">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google tracks the movements of personal information about how
	people used it</a>.</p>
    
    <p>The company's statement that it was anonymizing Android phones and iPhones
    running Google apps, and sometimes <a
    href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
    saves the data may be
      true, but it doesn't really matter. If it had sold for years</a>.</p>

    <p>Nonfree software in the data phone has to a
      data broker, be responsible for sending
    the location data broker would have been able to figure out
      who the user was.</p>
    
    <p>Following this lawsuit, Google.</p>
  </li>

  <li id="M201903251">
    <!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many Android phones come with a huge number of <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
    href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
    preinstalled nonfree apps that have access to sensitive data without
    users' knowledge</a>. These hidden apps may either call home with
    the company data, or pass it on to user-installed apps that have access to
    the network but no direct access to the data. This results in massive
    surveillance on which the user has been ordered absolutely no control.</p>
  </li>

  <li id="M201903201">
    <!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A study of 24 “health” apps found that 19 of them <a
    href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
    send sensitive personal data to pay a total third parties</a>, which can use it
    for invasive advertising or discriminating against people in poor
    medical condition.</p>

    <p>Whenever user “consent” is sought, it is buried in
    lengthy terms of C$4m</a> service that are difficult to its customers.</p> understand. In any case,
    “consent” is not sufficient to legitimize snooping.</p>
  </li>
  
  <li><p> “CloudPets” toys with microphones

  <li id="M201902230">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Facebook offered a convenient proprietary
    library for building mobile apps, which also <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">leak childrens' conversations
    href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
    sent personal data to the
	manufacturer</a>. Guess what?
      <a href="https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">Crackers found a Facebook</a>. Lots of companies built apps that
    way to access and released them, apparently not realizing that all the data</a> personal
    data they collected by would go to Facebook as well.</p>

    <p>It shows that no one can trust a nonfree program, not even the manufacturer's snooping.</p>

    <p>That
    developers of other nonfree programs.</p>
  </li>

  <li id="M201902140">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The AppCensus database gives information on <a
    href="https://www.appcensus.mobi"> how Android apps use and
    misuse users' personal data</a>. As of March 2019, nearly
    78,000 have been analyzed, of which 24,000 (31%) transmit the manufacturer <a
    href="/proprietary/proprietary-surveillance.html#M201812290">
    Advertising ID</a> to other companies, and <a
    href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
    18,000 (23% of the FBI could listen total) link this ID to these conversations
      was unacceptable hardware identifiers</a>,
    so that users cannot escape tracking by itself.</p></li>
  
  <li><p>Barbie
      <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is going resetting it.</p>

    <p>Collecting hardware identifiers is in apparent violation of
    Google's policies. But it seems that Google wasn't aware of it,
    and, once informed, was in no hurry to spy on children and adults</a>.</p> take action. This proves
    that the policies of a development platform are ineffective at
    preventing nonfree software developers from including malware in
    their programs.</p>
  </li>
</ul>


<!-- #SpywareAtLowLevel

  <li id="M201902060">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
<!-- WEBMASTERS: make sure
    <p>Many nonfree apps have a surveillance feature for <a
    href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
    recording all the users' actions</a> in interacting with the app.</p>
  </li>

  <li id="M201902041.1">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Twenty nine “beauty camera” apps that used to place new items
    be on top under each subsection -->

<div class="big-section">
  <h3 id="SpywareAtLowLevel">Spyware at Low Level</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtLowLevel">#SpywareAtLowLevel</a>)</span>
</div>
<div style="clear: left;"></div>


<div class="big-subsection">
  <h4 id="SpywareInBIOS">Spyware in BIOS</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>

<ul>
<li><p> Google Play had one or more malicious functionalities, such as <a href="http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware
    href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
    stealing users' photos</a> instead of “beautifying” them,
    pushing unwanted and spyware via BIOS</a> often malicious ads on Windows installs.
Note users, and redirecting
    them to phishing sites that stole their credentials. Furthermore,
    the specific sabotage method Lenovo used did not affect
GNU/Linux; also, user interface of most of them was designed to make uninstallation
    difficult.</p>

    <p>Users should of course uninstall these dangerous apps if they
    haven't yet, but they should also stay away from nonfree apps in
    general. <em>All</em> nonfree apps carry a “clean” Windows install potential risk because
    there is not no easy way of knowing what they really
clean since do.</p>
  </li>

  <li id="M201902010">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>An investigation of the 150 most popular
    gratis VPN apps in Google Play found that <a href="/proprietary/malware-microsoft.html">Microsoft
puts
    href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
    25% fail to protect their users' privacy</a> due to DNS leaks. In
    addition, 85% feature intrusive permissions or functions in its own malware</a>.
</p></li>
</ul>

<!-- #SpywareAtWork -->
<!-- WEBMASTERS: make sure their
    source code—often used for invasive advertising—that could
    potentially also be used to place new items spy on users. Other technical flaws were
    found as well.</p>

    <p>Moreover, a previous investigation had found that <a
    href="https://www.top10vpn.com/free-vpn-app-investigation/">half of
    the top under each subsection 10 gratis VPN apps have lousy privacy policies</a>.</p>

    <p><small>(It is unfortunate that these articles talk about “free
    apps.” These apps are gratis, but they are <em>not</em> <a
    href="/philosophy/free-sw.html">free software</a>.)</small></p>
  </li>

  <li id="M201901050">
    <!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
    --><!--#echo encoding="none" var="DATE" -->

<div class="big-section">
  <h3 id="SpywareAtWork">Spyware at Work</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtWork">#SpywareAtWork</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>Investigation
        Shows
    <p>The Weather Channel app <a href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
        Using US Companies, NSA To Route Around Domestic Surveillance
        Restrictions</a>.</p>

      <p>Specifically,
    href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
    stored users' locations to the company's server</a>. The company is
    being sued, demanding that it can collect notify the emails users of members what it will do
    with the data.</p>

    <p>We think that lawsuit is about a side issue. What the company does
    with the data is a secondary issue. The principal wrong here is that
    the company gets that data at all.</p>

    <p><a
    href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
    Other weather apps</a>, including Accuweather and WeatherBug, are
    tracking people's locations.</p> 
  </li>

  <li id="M201812290">
    <!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Around 40% of Parliament
  this way, because gratis Android apps <a
    href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
    report on the user's actions to Facebook</a>.</p>

    <p>Often they pass send the machine's “advertising ID,” so that
    Facebook can correlate the data it through Microsoft.</p></li>

  <li><p>Spyware obtains from the same machine via
    various apps. Some of them send Facebook detailed information about
    the user's activities in Cisco TNP IP phones:
      <a href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
      http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a></p> the app; others only say that the user is
    using that app, but that alone is often quite informative.</p>

    <p>This spying occurs regardless of whether the user has a Facebook
    account.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInSkype">Spyware in Skype</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>

<ul>
  <li><p>Spyware in Skype:

  <li id="M201810244">
    <!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some Android apps <a href="http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">
      http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/</a>.
      Microsoft changed Skype
    href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
    track the phones of users that have deleted them</a>.</p>
  </li>

  <li id="M201808030">
    <!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some Google apps on Android <a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
      specifically for spying</a>.</p>
    href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
    record the user's location even when users disable “location
    tracking”</a>.</p>

    <p>There are other ways to turn off the other kinds of location
    tracking, but most users will be tricked by the misleading control.</p>
  </li>
</ul>



<!-- #SpywareOnTheRoad

  <li id="M201806110">
    <!--#set var="DATE" value='<small class="date-tag">2018-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
<!-- WEBMASTERS: make
    <p>The Spanish football streaming app <a
    href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
    the user's movements and listens through the microphone</a>.</p>

    <p>This makes them act as spies for licensing enforcement.</p>

    <p>We expect it implements DRM, too—that there is no way to save
    a recording. But we can't be sure from the article.</p>

    <p>If you learn to place new items on top under each subsection care much less about sports, you will benefit in
    many ways. This is one more.</p>
  </li>

  <li id="M201804160">
    <!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
    --><!--#echo encoding="none" var="DATE" -->

<div class="big-section">
  <h3 id="SpywareOnTheRoad">Spyware
    <p>More than <a
    href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
    of the 5,855 Android apps studied by researchers were found to snoop
    and collect information about its users</a>.  40% of the apps were
    found to insecurely snitch on its users.  Furthermore, they could
    detect only some methods of snooping, in these proprietary apps whose
    source code they cannot look at.  The Road</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnTheRoad">#SpywareOnTheRoad</a>)</span>
</div>
<div style="clear: left;"></div>

<div class="big-subsection">
  <h4 id="SpywareInCameras">Spyware other apps might be snooping
    in Cameras</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>

<ul>
  <li>
    <p>The Nest Cam “smart” camera other ways.</p>

    <p>This is evidence that proprietary apps generally work against
    their users.  To protect their privacy and freedom, Android users
    need to get rid of the proprietary software—both proprietary
    Android by <a
      href="http://www.bbc.com/news/technology-34922712">always
        watching</a>, even when href="https://replicant.us">switching to Replicant</a>,
    and the “owner” switches it “off.”</p>
    <p>A “smart” device means proprietary apps by getting apps from the manufacturer is using it free software
    only <a href="https://f-droid.org/">F-Droid store</a> that <a
    href="https://f-droid.org/docs/Anti-Features/"> prominently warns
    the user if an app contains anti-features</a>.</p>
  </li>

  <li id="M201804020">
    <!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Grindr collects information about <a
    href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
    which users are HIV-positive, then provides the information to outsmart
      you.</p>
    companies</a>.</p>

    <p>Grindr should not have so much information about its users.
    It could be designed so that users communicate such info to each
    other but not to the server's database.</p>
  </li>
</ul>

<div class="big-subsection">
  <h4 id="SpywareInElectronicReaders">Spyware in e-Readers</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>

<ul>
  <li><p>E-books can contain Javascript code,

  <li id="M201803050">
    <!--#set var="DATE" value='<small class="date-tag">2018-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The moviepass app and dis-service
    spy on users even more than users expected. It <a href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">sometimes
    this code snoops
    href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
    where they travel before and after going to a movie</a>.</p>

    <p>Don't be tracked—pay cash!</p>
  </li>

  <li id="M201802280">
    <!--#set var="DATE" value='<small class="date-tag">2018-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spotify app <a
    href="https://www.sec.gov/Archives/edgar/data/1639920/000119312518063434/d494294df1.htm">harvests
    users' data to personally identify and know people</a> through music,
    their mood, mindset, activities, and tastes. There are over 150
    billion events logged daily on readers</a>.</p> the program which contains users'
    data and personal information.</p>
  </li>

  <li><p>Spyware

  <li id="M201711240">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tracking software in many e-readers—not only popular Android apps
    is pervasive and sometimes very clever. Some trackers can <a
    href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
    follow a user's movements around a physical store by noticing WiFi
    networks</a>.</p>
  </li>

  <li id="M201708270">
    <!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Sarahah app <a
    href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
    uploads all phone numbers and email addresses</a> in user's address
    book to developer's server.</p>

    <p><small>(Note that this article misuses the
      Kindle: words
    “<a href="/philosophy/free-sw.html">free software</a>”
    referring to zero price.)</small></p>
  </li>

  <li id="M201707270">
    <!--#set var="DATE" value='<small class="date-tag">2017-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>20 dishonest Android apps recorded <a href="https://www.eff.org/pages/reader-privacy-chart-2012">
      they report even which page
    href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
    calls and sent them and text messages and emails to snoopers</a>.</p>

    <p>Google did not intend to make these apps spy; on the user reads at contrary, it
    worked in various ways to prevent that, and deleted these apps after
    discovering what time</a>.</p>
  </li>

  <li><p>Adobe made “Digital Editions,” they did. So we cannot blame Google specifically
    for the e-reader used
      by most US libraries, snooping of these apps.</p>

    <p>On the other hand, Google redistributes nonfree Android apps, and
    therefore shares in the responsibility for the injustice of their being
    nonfree. It also distributes its own nonfree apps, such as Google Play,
    <a href="http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
      send lots href="/philosophy/free-software-even-more-important.html">which
    are malicious</a>.</p>

    <p>Could Google have done a better job of data preventing apps from
    cheating? There is no systematic way for Google, or Android users,
    to Adobe</a>.  Adobe's “excuse”: it's
      needed inspect executable proprietary apps to check DRM!</p>
  </li>
</ul>

<div class="big-subsection">
  <h4 id="SpywareInVehicles">Spyware see what they do.</p>

    <p>Google could demand the source code for these apps, and study
    the source code somehow to determine whether they mistreat users in Vehicles</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
</div>

<ul>
<li><p>Computerized cars with nonfree software
    various ways. If it did a good job of this, it could more or less
    prevent such snooping, except when the app developers are clever
    enough to outsmart the checking.</p>

    <p>But since Google itself develops malicious apps, we cannot trust
    Google to protect us. We must demand release of source code to the
    public, so we can depend on each other.</p>
  </li>

  <li id="M201705230">
    <!--#set var="DATE" value='<small class="date-tag">2017-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apps for BART <a href="http://www.bloomberg.com/news/articles/2016-07-12/your-car-s-been-studying-you-closely-and-everyone-wants-the-data">
  snooping devices</a>.</p>
    href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">
    snoop on users</a>.</p>

    <p>With free software apps, users could <em>make sure</em> that they
    don't snoop.</p>

    <p>With proprietary apps, one can only hope that they don't.</p>
  </li>

  <li id="nissan-modem"><p>The Nissan Leaf has a built-in cell phone modem which allows
  effectively
  anyone id="M201705040">
    <!--#set var="DATE" value='<small class="date-tag">2017-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A study found 234 Android apps that track users by <a
    href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
    to ultrasound from beacons placed in stores or played by TV
    programs</a>.</p>
  </li>

  <li id="M201704260">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Faceapp appears to do lots of surveillance, judging by <a href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to
    href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
    how much access it demands to personal data in the device</a>.</p>
  </li>

  <li id="M201704190">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Users are suing Bose for <a
    href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
    distributing a spyware app for its computers remotely and headphones</a>.  Specifically,
    the app would record the names of the audio files users listen to
    along with the headphone's unique serial number.</p>

    <p>The suit accuses that this was done without the users' consent.
    If the fine print of the app said that users gave consent for this,
    would that make changes in various
  settings</a>.</p>

    <p>That's easy it acceptable? No way! It should be flat out <a
    href="/philosophy/surveillance-vs-democracy.html"> illegal to do because design
    the system has no authentication app to snoop at all</a>.</p>
  </li>

  <li id="M201704074">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Pairs of Android apps can collude
    to transmit users' personal data to servers. <a
    href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
    study found tens of thousands of pairs that collude</a>.</p>
  </li>

  <li id="M201703300">
    <!--#set var="DATE" value='<small class="date-tag">2017-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Verizon <a
    href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
    announced an opt-in proprietary search app that it will</a> pre-install
    on some of its phones. The app will give Verizon the same information
    about the users' searches that Google normally gets when
    accessed through they use
    its search engine.</p>

    <p>Currently, the modem. app is <a
    href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
    being pre-installed on only one phone</a>, and the user must
    explicitly opt-in before the app takes effect. However, even if it asked the app
    remains spyware—an “optional” piece of spyware is
    still spyware.</p>
  </li>

  <li id="M201701210">
    <!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Meitu photo-editing app <a
    href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
    user data to a Chinese company</a>.</p>
  </li>

  <li id="M201611280">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Uber app tracks <a
    href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
    movements before and after the ride</a>.</p>

    <p>This example illustrates how “getting the user's
    consent” for
    authentication, you couldn't surveillance is inadequate as a protection against
    massive surveillance.</p>
  </li>

  <li id="M201611160">
    <!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A <a
    href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
    research paper</a> that investigated the privacy and security of
    283 Android VPN apps concluded that “in spite of the promises
    for privacy, security, and anonymity given by the majority of VPN
    apps—millions of users may be confident unawarely subject to poor security
    guarantees and abusive practices inflicted by VPN apps.”</p>

    <p>Following is a non-exhaustive list, taken from the research paper,
    of some proprietary VPN apps that Nissan track users and infringe their
    privacy:</p>

    <dl class="compact">
      <dt>SurfEasy</dt>
      <dd>Includes tracking libraries such as NativeX and Appflood,
      meant to track users and show them targeted ads.</dd>

      <dt>sFly Network Booster</dt>
      <dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
      permissions upon installation, meaning it has no
    access. full access to users'
      text messages.</dd>

      <dt>DroidVPN and TigerVPN</dt>
      <dd>Requests the <code>READ_LOGS</code> permission to read logs
      for other apps and also core system logs. TigerVPN developers have
      confirmed this.</dd>

      <dt>HideMyAss</dt>
      <dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
      may turn them over to the UK government if requested.</dd>

      <dt>VPN Services HotspotShield</dt>
      <dd>Injects JavaScript code into the HTML pages returned to the
      users. The software in stated purpose of the car JS injection is
    proprietary, <a href="/philosophy/free-software-even-more-important.html">which
    means to display ads. Uses
      roughly five tracking libraries. Also, it demands blind faith from its users</a>.</p>

    <p>Even if no one connects redirects the user's
      traffic through valueclick.com (an advertising website).</dd>

      <dt>WiFi Protector VPN</dt>
      <dd>Injects JavaScript code into HTML pages, and also uses roughly
      five tracking libraries. Developers of this app have confirmed that
      the non-premium version of the app does JavaScript injection for
      tracking the user and displaying ads.</dd>
    </dl>
  </li>

  <li id="M201609210">
    <!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google's new voice messaging app <a
    href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
    all conversations</a>.</p>
  </li>

  <li id="M201606050">
    <!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Facebook's new Magic Photo app <a
    href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
    scans your mobile phone's photo collections for known faces</a>,
    and suggests you circulate the picture you take according to who is
    in the car remotely, frame.</p>

    <p>This spyware feature seems to require online access to some
    known-faces database, which means the cell phone
    modem enables pictures are likely to be
    sent across the phone company wire to track Facebook's servers and face-recognition
    algorithms.</p>

    <p>If so, none of Facebook users' pictures are private anymore,
    even if the car's movements user didn't “upload” them to the service.</p>
  </li>

  <li id="M201605310">
    <!--#set var="DATE" value='<small class="date-tag">2016-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Facebook's app listens all the time; time, <a
    href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
    snoop on what people are listening to or watching</a>. In addition,
    it is possible may be analyzing people's conversations to physically remove serve them with targeted
    advertisements.</p>
  </li>

  <li id="M201604250">
    <!--#set var="DATE" value='<small class="date-tag">2016-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A pregnancy test controller application not only can <a
    href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
    spy on many sorts of data in the cell phone modem
    though.</p> phone, and in server accounts,
    it can alter them too</a>.</p>
  </li>

  <li id="records-drivers"><p>Proprietary id="M201601130">
    <!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Apps that include <a
    href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
    Symphony surveillance software in cars snoop on what radio and TV programs
    are playing nearby</a>.  Also on what users post on various sites
    such as Facebook, Google+ and Twitter.</p>
  </li>

  <li id="M201511190">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>“Cryptic communication,”
    unrelated to the app's functionality, was <a href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">records information about drivers' movements</a>,
      which
    href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
    found in the 500 most popular gratis Android apps</a>.</p>

    <p>The article should not have described these apps as
    “free”—they are not free software.  The clear way
    to say “zero price” is made available “gratis.”</p>

    <p>The article takes for granted that the usual analytics tools are
    legitimate, but is that valid? Software developers have no right to car manufacturers, insurance companies,
    analyze what users are doing or how.  “Analytics” tools
    that snoop are just as wrong as any other snooping.</p>
  </li>

  <li id="M201510300">
    <!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>More than 73% and
      others.</p>

      <p>The case 47% of toll-collection systems, mentioned in this article, mobile applications, for Android and iOS
    respectively <a href="https://techscience.org/a/2015103001/">hand over
    personal, behavioral and location information</a> of their users to
    third parties.</p>
  </li>

  <li id="M201508210">
    <!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Like most “music screaming” disservices, Spotify is not
      really
    based on proprietary malware (DRM and snooping). In August 2015 it <a
    href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
    demanded users submit to increased snooping</a>, and some are starting
    to realize that it is nasty.</p>

    <p>This article shows the <a
    href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
    twisted ways that they present snooping as a matter way to “serve”
    users better</a>—never mind whether they want that. This is a
    typical example of the attitude of the proprietary surveillance. These systems are an
      intolerable invasion software industry
    towards those they have subjugated.</p>

    <p>Out, out, damned Spotify!</p>
  </li>

  <li id="M201506264">
    <!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf">
    A study in 2015</a> found that 90% of privacy, and should be replaced with anonymous
      payment systems, the top-ranked gratis proprietary
    Android apps contained recognizable tracking libraries. For the paid
    proprietary apps, it was only 60%.</p>

    <p>The article confusingly describes gratis apps as
    “free”, but most of them are not in fact <a
    href="/philosophy/free-sw.html">free software</a>.  It also uses the invasion isn't
    ugly word “monetize”. A good replacement for that word
    is “exploit”; nearly always that will fit perfectly.</p>
  </li>

  <li id="M201505060">
    <!--#set var="DATE" value='<small class="date-tag">2015-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Gratis Android apps (but not <a
    href="/philosophy/free-sw.html">free software</a>) connect to 100 <a
    href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
    and advertising</a> URLs, on the average.</p>
  </li>

  <li id="M201504060">
    <!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Widely used <a
    href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
    QR-code scanner apps snoop on the user</a>. This is in addition to
    the snooping done by malware. The other
      cases mentioned are done the phone company, and perhaps by the OS in
    the phone.</p>

    <p>Don't be distracted by the question of whether the app developers
    get users to say “I agree”. That is no excuse for
    malware.</p>
  </li>

  <li id="M201411260">
    <!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many proprietary malware apps for mobile devices
    report which other apps the user has installed.  <a
    href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
    is doing this in a way that at least is visible and optional</a>. Not
    as bad as what the car.</p></li>

  <li><p>Tesla cars allow others do.</p>
  </li>

  <li id="M201401150.1">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Simeji keyboard is a smartphone version of Baidu's <a
    href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr
    title="Input Method Editor">IME</abbr></a>.</p>
  </li>

  <li id="M201312270">
    <!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The nonfree Snapchat app's principal purpose is to restrict the company
    use of data on the user's computer, but it does surveillance too: <a
    href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
    it tries to extract get the user's list of other people's phone
    numbers</a>.</p>
  </li>

  <li id="M201312060">
    <!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Brightest Flashlight app <a
    href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
    sends user data, including geolocation, for use by companies</a>.</p>

    <p>The FTC criticized this app because it asked the user to
    approve sending personal data remotely and
      determine to the car's location at app developer but did not ask
    about sending it to other companies.  This shows the weakness of
    the reject-it-if-you-dislike-snooping “solution” to
    surveillance: why should a flashlight app send any time. (See information to
    anyone? A free software flashlight app would not.</p>
  </li>

  <li id="M201212100">
    <!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>FTC says most mobile apps for children don't respect privacy: <a href="http://www.teslamotors.com/sites/default/files/pdfs/tmi_privacy_statement_external_6-14-2013_v2.pdf">
      Section 2, paragraphs b
    href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
    http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInSkype">Skype</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201908151">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Skype refuses to say whether it can <a
    href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
    on calls</a>.</p>

    <p>That almost certainly means it can do so.</p>
  </li>

  <li id="M201307110">
    <!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Skype contains <a
    href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
    Microsoft changed Skype <a
    href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
    specifically for spying</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInGames">Games</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202010221">
    <!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft is imposing its
    surveillance on the game of Minecraft by <a
    href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
    every player to open an account on Microsoft's network</a>. Microsoft
    has bought the game and c.</a>). will merge all accounts into its network,
    which will give them access to people's data.</p>

    <p>Minecraft players <a
    href="https://directory.fsf.org/wiki/Minetest">can play Minetest</a>
    instead. The company says essential advantage of Minetest is that it doesn't
      store this information, but if is free
    software, meaning it respects the state orders user's computer freedom. As a bonus,
    it offers more options.</p>
  </li>

  <li id="M201908210">
    <!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft recorded users of Xboxes and had <a
    href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
    human workers listen to get the recordings</a>.</p>

    <p>Morally, we see no difference between having human workers listen and
    having speech-recognition systems listen.  Both intrude on privacy.</p>
  </li>

  <li id="M201806240">
    <!--#set var="DATE" value='<small class="date-tag">2018-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Red Shell is a spyware that
    is found in many proprietary games. It <a
    href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
    tracks data on users' computers and hand sends it over, to third parties</a>.</p>
  </li>

  <li id="M201804144">
    <!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>ArenaNet surreptitiously installed a spyware
    program along with an update to the state massive
    multiplayer game Guild Wars 2.  The spyware allowed ArenaNet <a
    href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
    to snoop on all open processes running on its user's computer</a>.</p>
  </li>

  <li id="M201711070">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The driver for a certain gaming keyboard <a
    href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
    information to China</a>.</p>
  </li>

  <li id="M201512290">
    <!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many <a
    href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
    video game consoles snoop on their users and report to the
    internet</a>—even what their users weigh.</p>

    <p>A game console is a computer, and you can't trust a computer with
    a nonfree operating system.</p>
  </li>

  <li id="M201509160">
    <!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Modern gratis game cr…apps <a
    href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
    collect a wide range of data about their users and their users'
    friends and associates</a>.</p>

    <p>Even nastier, they do it through ad networks that merge the data
    collected by various cr…apps and sites made by different
    companies.</p>

    <p>They use this data to manipulate people to buy things, and hunt for
    “whales” who can store it.</p> be led to spend a lot of money. They also
    use a back door to manipulate the game play for specific players.</p>

    <p>While the article describes gratis games, games that cost money
    can use the same tactics.</p>
  </li>
</ul>


<!-- #SpywareAtHome

  <li id="M201401280">
    <!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
<!-- WEBMASTERS: make sure
    <p>Angry Birds <a
    href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
    spies for companies, and the NSA takes advantage
    to place new items spy through it too</a>.  Here's information on top under each subsection <a
    href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
    more spyware apps</a>.</p>

    <p><a
    href="https://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
    More about NSA app spying</a>.</p>
  </li>

  <li id="M200510200">
    <!--#set var="DATE" value='<small class="date-tag">2005-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Blizzard Warden is a hidden
    “cheating-prevention” program that <a
    href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
    spies on every process running on a gamer's computer and sniffs a
    good deal of personal data</a>, including lots of activities which
    have nothing to do with cheating.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareAtHome">Spyware at Home</h3> id="SpywareInEquipment">Spyware in Connected Equipment</h3>
  <span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span> href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>Nest thermometers
  send

<ul class="blurbs">
  <li id="M202101050">
    <!--#set var="DATE" value='<small class="date-tag">2021-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Most Internet connected devices in Mozilla's <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
  lot
    href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
    Not Included”</a> list <a
    href="https://foundation.mozilla.org/privacynotincluded/arlo-video-doorbell">are
    designed to snoop on users</a> even if they meet
    Mozilla's “Minimum Security Standards.” Insecure
    design of data about the user</a>.</p> program running on some of these devices <a
    href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
    the user susceptible to be snooped and exploited by crackers as
    well</a>.</p>
  </li>

  <li><p><a href="http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
      Rent-to-own computers were programmed

  <li id="M201708280">
    <!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The bad security in many Internet of Stings devices allows <a
    href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
    to spy snoop on their renters</a>.</p> the people that use them</a>.</p>

    <p>Don't be a sucker—reject all the stings.</p>

    <p><small>(It is unfortunate that the article uses the term <a
    href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInTVSets">Spyware in TV id="SpywareInTVSets">TV Sets</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
</div>

<p>Emo Phillips made a joke: The other day a woman came up to me and
said, “Didn't I see you on television?” I said, “I
don't know. You can't see out the other way.” Evidently that was
before Amazon “smart” TVs.</p>

<ul>
  <li>

<ul class="blurbs">
  <li id="M202010282">
    <!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>TV manufacturers are turning to produce only
    “Smart” TV sets (which include spyware) that <a
    href="https://frame.work/blog/in-defense-of-dumb-tvs">it's now very
    hard to find a TV that doesn't spy on you</a>.</p>

    <p>It appears that those manufacturers business model is not to produce
    TV and sell them for money, but to collect your personal data and
    (possibly) hand over them to others for benefit.</p>
  </li>

  <li id="M202006250">
    <!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>TV manufacturers are able to <a
    href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
    every second of what the user is watching</a>. This is illegal due to
    the Video Privacy Protection Act of 1988, but they're circumventing
    it through EULAs.</p>
  </li>

  <li id="M201901070">
    <!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Vizio TVs <a
    href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
    collect “whatever the TV sees,”</a> in the own words of the company's
    CTO, and this data is sold to third parties. This is in return for
    “better service” (meaning more intrusive ads?) and slightly
    lower retail prices.</p>

    <p>What is supposed to make this spying acceptable, according to him,
    is that it is opt-in in newer models. But since the Vizio software is
    nonfree, we don't know what is actually happening behind the scenes,
    and there is no guarantee that all future updates will leave the
    settings unchanged.</p>

    <p>If you already own a Vizio “smart” TV (or any “smart” TV, for that
    matter), the easiest way to make sure it isn't spying on you is
    to disconnect it from the Internet, and use a terrestrial antenna
    instead. Unfortunately, this is not always possible. Another option,
    if you are technically oriented, is to get your own router (which can
    be an old computer running completely free software), and set up a
    firewall to block connections to Vizio's servers. Or, as a last resort,
    you can replace your TV with another model.</p>
  </li>

  <li id="M201804010">
    <!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some “Smart” TVs automatically <a
    href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
    load downgrades that install a surveillance app</a>.</p>

    <p>We link to the article for the facts it presents. It
    is too bad that the article finishes by advocating the
    moral weakness of surrendering to Netflix. The Netflix app <a
    href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
    malware too</a>.</p>
  </li>

  <li id="M201702060">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Vizio “smart” <a
    href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
    report everything that is viewed on them, and not just broadcasts and
    cable</a>. Even if the image is coming from the user's own computer,
    the TV reports what it is. The existence of a way to disable the
    surveillance, even if it were not hidden as it was in these TVs,
    does not legitimize the surveillance.</p>
  </li>

  <li><p>More or less all “smart” TVs <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy

  <li id="M201511130">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some web and TV advertisements play inaudible
    sounds to be picked up by proprietary malware running
    on their users</a>.</p>

    <p>The report was other devices in range so as of 2014, but we don't expect this has got better.</p>

    <p>This shows that laws requiring products to get users' formal
      consent before collecting personal data determine that they
    are totally inadequate.
      And what happens if a user declines consent?  Probably the TV
      will say, “Without nearby.  Once your consent to tracking, the TV will
      not work.”</p>

    <p>Proper laws would say that TVs Internet devices are not allowed to report what
      the user watches — no exceptions!</p> paired with
    your TV, advertisers can correlate ads with Web activity, and other <a
    href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
    cross-device tracking</a>.</p>
  </li>
  <li><p>Vizio

  <li id="M201511060">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Vizio goes a step further than other TV
    manufacturers in spying on their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
    href="https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
    “smart” TVs analyze your viewing habits in detail and
    link them your IP address</a> so that advertisers can track you
    across devices.</p>

    <p>It is possible to turn this off, but having it enabled by default
    is an injustice already.</p>
  </li>
  
  <li><p>Tivo's

  <li id="M201511020">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tivo's alliance with Viacom adds 2.3 million households
    to the 600 millions social media profiles the company
    already monitors. Tivo customers are unaware they're
    being watched by advertisers. By combining TV viewing
    information with online social media participation, Tivo can now <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">correlate
    href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
    correlate TV advertisement with online purchases</a>, exposing all
    users to new combined surveillance by default.</p></li>
  <li><p>Some web and TV advertisements play inaudible sounds to be
      picked up by proprietary malware running on other devices in
      range so as to determine that they are nearby.  Once your
      Internet devices are paired with your TV, advertisers can
      correlate ads with Web activity, and
      other <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">cross-device tracking</a>.</p> default.</p>
  </li>
  <li><p>Vizio

  <li id="M201507240">
    <!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Vizio “smart” TVs recognize and <a
    href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
    what people are watching</a>, even if it isn't a TV channel.</p>
  </li>
  <li><p>The Amazon “Smart”

  <li id="M201505290">
    <!--#set var="DATE" value='<small class="date-tag">2015-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Verizon cable TV <a href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">is
      watching
    href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
    snoops on what programs people watch, and listening all the time</a>.</p> even what they wanted to
    record</a>.</p>
  </li>

  <li id="M201504300">
    <!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Vizio <a
    href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
    used a firmware “upgrade” to make its TVs snoop on what
    users watch</a>.  The TVs did not do that when first sold.</p>
  </li>
  <li><p>The

  <li id="M201502090">
    <!--#set var="DATE" value='<small class="date-tag">2015-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Samsung “Smart” TV <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">transmits
    href="https://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
    transmits users' voice on the internet to another company, Nuance</a>.
    Nuance can save it and would then have to give it to the US or some
    other government.</p>

    <p>Speech recognition is not to be trusted unless it is done by free
    software in your own computer.</p>

    <p>In its privacy policy, Samsung explicitly confirms that <a
    href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
    data containing sensitive information will be transmitted to third
    parties</a>.</p>
  </li>
  <li><p>Spyware in

  <li id="M201411090">
    <!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon “Smart” TV is <a href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
    href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
    snooping all the time</a>.</p>
  </li>

  <li id="M201409290">
    <!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>More or less all “smart” TVs <a
    href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
    on their users</a>.</p>

    <p>The report was as of 2014, but we don't expect this has got
    better.</p>

    <p>This shows that laws requiring products to get users' formal
    consent before collecting personal data are totally inadequate.
    And what happens if a user declines consent? Probably the TV will
    say, “Without your consent to tracking, the TV will not
    work.”</p>

    <p>Proper laws would say that TVs are not allowed to report what the
    user watches—no exceptions!</p>
  </li>

  <li id="M201405200">
    <!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Spyware in LG “smart” TVs</a> TVs <a
    href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
    reports what the user watches, and the switch to turn this off has
    no effect. effect</a>.  (The fact that the transmission reports a 404 error
    really means nothing; the server could save that data anyway.)</p> 

    <p>Even worse, it <a
    href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
    snoops on other devices on the user's local network.</a></p> network</a>.</p>

    <p>LG later said it had installed a patch to stop this, but any
    product could spy this way.</p>

    <p>Meanwhile, LG TVs <a
    href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
    do lots of spying anyway</a>.</p>
  </li>
  <li>
      <p><a href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">Verizon cable TV snoops

  <li id="M201212170">
    <!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="break-security-smarttv"><a
    href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
    Crackers found a way to break security on what programs people watch, a “smart” TV</a>
    and even what they wanted use its camera to record.</a></p> watch the people who are watching TV.</p>
  </li>
</ul>

<!-- #SpywareAtPlay -->


<div class="big-section">
  <h3 id="SpywareAtPlay">Spyware at Play</h3> class="big-subsection">
  <h4 id="SpywareInCameras">Cameras</h4>
  <span class="anchor-reference-id">(<a href="#SpywareAtPlay">#SpywareAtPlay</a>)</span> href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
<li><p>Users are suing Bose for

<ul class="blurbs">
  <li id="M201901100">
    <!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon Ring “security” devices <a
href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
distributing
    href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
    send the video they capture to Amazon servers</a>, which save it
    long-term.</p>

    <p>In many cases, the video shows everyone that comes near, or merely
    passes by, the user's front door.</p>

    <p>The article focuses on how Ring used to let individual employees look
    at the videos freely.  It appears Amazon has tried to prevent that
    secondary abuse, but the primary abuse—that Amazon gets the
    video—Amazon expects society to surrender to.</p>
  </li>

  <li id="M201810300">
    <!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Nearly all “home security cameras” <a
    href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
    give the manufacturer an unencrypted copy of everything they
    see</a>. “Home insecurity camera” would be a spyware app better
    name!</p>

    <p>When Consumer Reports tested them, it suggested that these
    manufacturers promise not to look at what's in the videos. That's not
    security for your home. Security means making sure they don't get to
    see through your camera.</p>
  </li>

  <li id="M201603220">
    <!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Over 70 brands of network-connected surveillance cameras have <a
    href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
    security bugs that allow anyone to watch through them</a>.</p>
  </li>

  <li id="M201511250">
    <!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Nest Cam “smart” camera is <a
    href="http://www.bbc.com/news/technology-34922712">always watching</a>,
    even when the “owner” switches it “off.”</p>

    <p>A “smart” device means the manufacturer is using it
    to outsmart you.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInToys">Toys</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201711244">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Furby Connect has a <a
    href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
    universal back door</a>. If the product as shipped doesn't act as a
    listening device, remote changes to the code could surely convert it
    into one.</p>
  </li>

  <li id="M201711100">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A remote-control sex toy was found to make <a
    href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
    recordings of the conversation between two users</a>.</p>
  </li>

  <li id="M201703140">
    <!--#set var="DATE" value='<small class="date-tag">2017-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A computerized vibrator <a
    href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
    was snooping on its headphones</a>.
Specifically, users through the proprietary control app</a>.</p>

    <p>The app would record was reporting the names temperature of the audio files
users listen to along vibrator minute by
    minute (thus, indirectly, whether it was surrounded by a person's
    body), as well as the vibration frequency.</p>

    <p>Note the totally inadequate proposed response: a labeling
    standard with which manufacturers would make statements about their
    products, rather than free software which users could have checked
    and changed.</p>

    <p>The company that made the headphone's unique serial number.
</p> vibrator <a
    href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
    was sued for collecting lots of personal information about how people
    used it</a>.</p>

    <p>The suit accuses company's statement that this it was done without anonymizing the users' consent. data may be
    true, but it doesn't really matter. If it had sold the fine print data to a data
    broker, the data broker would have been able to figure out who the
    user was.</p>

    <p>Following this lawsuit, <a
    href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
    the company has been ordered to pay a total of C$4m</a> to its
    customers.</p>
  </li>

  <li id="M201702280">
    <!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>“CloudPets” toys with microphones <a
    href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
    leak childrens' conversations to the app said manufacturer</a>. Guess what? <a
    href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
    Crackers found a way to access the data</a> collected by the
    manufacturer's snooping.</p>

    <p>That the manufacturer and the FBI could listen to these
    conversations was unacceptable by itself.</p>
  </li>

  <li id="M201612060">
    <!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The “smart” toys My Friend Cayla and i-Que transmit <a
    href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
    conversations to Nuance Communications</a>, a speech recognition
    company based in the U.S.</p>

    <p>Those toys also contain major security vulnerabilities; crackers
    can remotely control the toys with a mobile phone. This would enable
    crackers to listen in on a child's speech, and even speak into the
    toys themselves.</p>
  </li>

  <li id="M201502180">
    <!--#set var="DATE" value='<small class="date-tag">2015-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Barbie <a
    href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
    going to spy on children and adults</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInDrones">Drones</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInDrones">#SpywareInDrones</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201708040">
    <!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>While you're using a DJI drone
    to snoop on other people, DJI is in many cases <a
    href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
    on you</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareAtHome">Other Appliances</h4><span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202009270">
    <!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many employers are using nonfree
    software, including videoconference software, to <a
    href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
    surveil and monitor staff working at home</a>. If the program reports
    whether you are “active,” that users gave consent is in effect a malicious
    surveillance feature.</p>
  </li>

  <li id="M202008030">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Nest <a
    href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
    is taking over ADT</a>. Google sent out a software
    update to its speaker devices using their back door <a
    href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that
    listens for this,
would things like smoke alarms</a> and then notifies your phone
    that make an alarm is happening. This means the devices now listen for more
    than just their wake words. Google says the software update was sent
    out prematurely and on accident and Google was planning on disclosing
    this new feature and offering it acceptable? No way! It to customers who pay for it.</p>
  </li>

  <li id="M202006300">
    <!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>“Bossware” is malware that bosses <a
    href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
    coerce workers into installing in their own computers</a>, so the
    bosses can spy on them.</p>

    <p>This shows why requiring the user's “consent” is not
    an adequate basis for protecting digital privacy.  The boss can coerce
    most workers into consenting to almost anything, even probable exposure
    to contagious disease that can be fatal.  Software like this should
    be flat illegal and bosses that demand it should be prosecuted for it.</p>
  </li>

  <li id="M201911190">
    <!--#set var="DATE" value='<small class="date-tag">2019-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Internet-tethered Amazon Ring had
    a security vulnerability that enabled attackers to <a
    href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
    access the user's wifi password</a>, and snoop on the household
    through connected surveillance devices.</p>

    <p>Knowledge of the wifi password would not be sufficient to carry
    out any significant surveillance if the devices implemented proper
    security, including encryption. But many devices with proprietary
    software lack this. Of course, they are also used by their
    manufacturers for snooping.</p>
  </li>

  <li id="M201907210">
    <!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google “Assistant” records users' conversations <a href="/philosophy/surveillance-vs-democracy.html">
illegal
    href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
    when it is not supposed to design listen</a>. Thus, when one of Google's
    subcontractors discloses a thousand confidential voice recordings,
    users were easily identified from these recordings.</p>

    <p>Since Google “Assistant” uses proprietary software, there is no
    way to see or control what it records or sends.</p>

    <p>Rather than trying to better control the app use of recordings, Google
    should not record or listen to snoop at all</a>.
</p> the person's voice.  It should only
    get commands that the user wants to send to some Google service.</p>
  </li>

  <li><p>Many

  <li id="M201905061">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon Alexa collects a lot more information from users
    than is necessary for correct functioning (time, location,
    recordings made without a legitimate prompt), and sends
    it to Amazon's servers, which store it indefinitely. Even
    worse, Amazon forwards it to third-party companies. Thus,
    even if users request deletion of their data from Amazon's servers, <a href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
      video game consoles snoop
    href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
    the data remain on their users other servers</a>, where they can be accessed by
    advertising companies and report government agencies. In other words,
    deleting the collected information doesn't cancel the wrong of
    collecting it.</p>

    <p>Data collected by devices such as the Nest thermostat, the Philips
    Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
    speakers are likewise stored longer than necessary on the servers
    the devices are tethered to. Moreover, they are made available to
    Alexa. As a result, Amazon has a very precise picture of users' life
    at home, not only in the present, but in the past (and, who knows,
    in the future too?)</p>
  </li>

  <li id="M201904240">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some of users' commands to the Alexa service are <a
    href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
    recorded for Amazon employees to listen to</a>. The Google and Apple
    voice assistants do similar things.</p>

    <p>A fraction of the 
      internet</a>— Alexa service staff even has access to <a
    href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
    location and other personal data</a>.</p>

    <p>Since the client program is nonfree, and data processing is done
    “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
    the cloud</a>” (a soothing way of saying “We won't
    tell you how and where it's done”), users have no way
    to know what happens to the recordings unless human eavesdroppers <a
    href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
    break their users weigh.</p>

      <p>A game console non-disclosure agreements</a>.</p>
  </li>

  <li id="M201902080">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The HP <a
    href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
    “ink subscription” cartridges have DRM that constantly
    communicates with HP servers</a> to make sure the user is a computer, still
    paying for the subscription, and you can't trust hasn't printed more pages than were
    paid for.</p>

    <p>Even though the ink subscription program may be cheaper in some
    specific cases, it spies on users, and involves totally unacceptable
    restrictions in the use of ink cartridges that would otherwise be in
    working order.</p>
  </li>

  <li id="M201808120">
    <!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Crackers found a computer with way to break the security of an Amazon device,
    and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
    turn it into a nonfree operating system.</p> listening device</a> for them.</p>

    <p>It was very difficult for them to do this. The job would be much
    easier for Amazon. And if some government such as China or the US
    told Amazon to do this, or cease to sell the product in that country,
    do you think Amazon would have the moral fiber to say no?</p>

    <p><small>(These crackers are probably hackers too, but please <a
    href="https://stallman.org/articles/on-hacking.html"> don't use
    “hacking” to mean “breaking security”</a>.)</small></p>
  </li>

  <li><p>Modern

  <li id="M201804140">
    <!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A medical insurance company <a
    href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
    offers a gratis game cr…apps electronic toothbrush that snoops on its user by
    sending usage data back over the Internet</a>.</p>
  </li>

  <li id="M201706204">
    <!--#set var="DATE" value='<small class="date-tag">2017-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Lots of “smart” products are designed <a href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
      collect
    href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
    listen to everyone in the house, all the time</a>.</p>

    <p>Today's technological practice does not include any way of making
    a wide range device that can obey your voice commands without potentially spying
    on you.  Even if it is air-gapped, it could be saving up records
    about you for later examination.</p>
  </li>

  <li id="M201407170">
    <!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="nest-thermometers">Nest thermometers send <a
    href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of
    data about the user</a>.</p>
  </li>

  <li id="M201310260">
    <!--#set var="DATE" value='<small class="date-tag">2013-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20180911191954/http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
    Rent-to-own computers were programmed to spy on their users renters</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareOnWearables">Wearables</h4>
  <span class="anchor-reference-id">(<a href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201807260">
    <!--#set var="DATE" value='<small class="date-tag">2018-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tommy Hilfiger clothing <a
    href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
    monitor how often people wear it</a>.</p>

    <p>This will teach the sheeple to find it normal that companies
    monitor every aspect of what they do.</p>
  </li>
</ul>


<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>

<ul class="blurbs">
  <li id="M202009100">
    <!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Internet-enabled watches with proprietary software
    are malware, violating people (specially children's)
    privacy. In addition, they have a lot of security flaws. They <a
    href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
    permit security breakers (and unauthorized people) to access</a> the watch.</p>

    <p>Thus, ill-intentioned unauthorized people can intercept communications between parent and their users' 
      friends child and associates</a>.</p>

      <p>Even nastier, they do it through ad networks spoof messages to and from the watch, possibly endangering the child.</p>

    <p><small>(Note that merge this article misuses the word “<a
    href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
    to mean “crackers.”)</small></p>
  </li>

  <li id="M201603020">
    <!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>A very cheap “smart watch” comes with an Android app <a
    href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
    that connects to an unidentified site in China</a>.</p>

    <p>The article says this is a back door, but that could be a
    misunderstanding.  However, it is certainly surveillance, at least.</p>
  </li>

  <li id="M201407090">
    <!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>An LG “smart” watch is designed <a
    href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
    to report its location to someone else and to transmit conversations
    too</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInVehicles">Vehicles</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202105130">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://gizmodo.com/get-ready-for-in-car-ads-1846888390">Ford
    is planning to force ads on drivers in cars</a>, with the ability for
    the owner to pay extra to turn them off. The system probably imposes
    surveillance on drivers too.</p>
  </li>

  <li id="M202008181">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>New Toyotas will <a
    href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
    upload data
      collected by to AWS to help create custom insurance premiums</a>
    based on driver behaviour.</p>

    <p>Before you buy a “connected” car, make sure you can
    disconnect its cellular antenna and its GPS antenna.  If you want
    GPS navigation, get a separate navigator which runs free software
    and works with Open Street Map.</p>
  </li>

  <li id="M201912171">
    <!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Most modern cars now <a
    href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
    record and send various cr…apps kinds of data to the manufacturer</a>. For
    the user, access to the data is nearly impossible, as it involves
    cracking the car's computer, which is always hidden and sites made by different 
      companies.</p>

      <p>They use this running with
    proprietary software.</p>
  </li>

  <li id="M201903290">
    <!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla cars collect lots of personal data, and <a
    href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
    when they go to a junkyard the driver's personal data goes with
    them</a>.</p>
  </li>

  <li id="M201902011">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The FordPass Connect feature of some Ford vehicles has <a
    href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
    near-complete access to manipulate people the internal car network</a>. It is constantly
    connected to buy things, the cellular phone network and hunt sends Ford a lot of data,
    including car location. This feature operates even when the ignition
    key is removed, and users report that they can't disable it.</p>

    <p>If you own one of these cars, have you succeeded in breaking the
    connectivity by disconnecting the cellular modem, or wrapping the
    antenna in aluminum foil?</p>
  </li>

  <li id="M201811300">
    <!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>In China, it is mandatory for “whales” who can electric
    cars to be led equipped with a terminal that <a
    href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
    transfers technical data, including car location,
    to spend a lot government-run platform</a>. In practice, <a
    href="/proprietary/proprietary-surveillance.html#car-spying">
    manufacturers collect this data</a> as part of money. They their own spying, then
    forward it to the government-run platform.</p>
  </li>

  <li id="M201810230">
    <!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>GM <a
    href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
    tracked the choices of radio programs</a> in its
    “connected” cars, minute by minute.</p>

    <p>GM did not get users' consent, but it could have got that easily by
    sneaking it into the contract that users sign for some digital service
    or other. A requirement for consent is effectively no protection.</p>

    <p>The cars can also use collect lots of other data: listening to you,
    watching you, following your movements, tracking passengers' cell
    phones. <em>All</em> such data collection should be forbidden.</p>

    <p>But if you really want to be safe, we must make sure the car's
    hardware cannot collect any of that data, or that the software
    is free so we know it won't collect any of that data.</p>
  </li>

  <li id="M201711230">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>AI-powered driving apps can <a
    href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
    track your every move</a>.</p>
  </li>

  <li id="M201607160">
    <!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="car-spying">Computerized cars with nonfree software are <a
    href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
    snooping devices</a>.</p>
  </li>

  <li id="M201602240">
    <!--#set var="DATE" value='<small class="date-tag">2016-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="nissan-modem">The Nissan Leaf has a back door built-in
    cell phone modem which allows effectively anyone to manipulate <a
    href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
    access its computers remotely and make changes in various
    settings</a>.</p>

    <p>That's easy to do because the game play for specific players.</p>

      <p>While system has no authentication
    when accessed through the article describes gratis games, games modem.  However, even if it asked
    for authentication, you couldn't be confident that cost money Nissan
    has no access.  The software in the car is proprietary, <a
    href="/philosophy/free-software-even-more-important.html">which means
    it demands blind faith from its users</a>.</p>

    <p>Even if no one connects to the car remotely, the cell phone modem
    enables the phone company to track the car's movements all the time;
    it is possible to physically remove the cell phone modem, though.</p>
  </li>

  <li id="M201306140">
    <!--#set var="DATE" value='<small class="date-tag">2013-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Tesla cars allow the company to extract
    data remotely and determine the car's location
    at any time. (See Section 2, paragraphs b and c of the <a
    href="https://www.tesla.com/sites/default/files/pdfs/en_US/tmi_privacy_statement_external_6-14-2013_v2.pdf">
    privacy statement</a>.) The company says it doesn't store this
    information, but if the state orders it to get the data and hand it
    over, the state can use store it.</p>
  </li>

  <li id="M201303250">
    <!--#set var="DATE" value='<small class="date-tag">2013-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p id="records-drivers">Proprietary software in cars <a
    href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
    records information about drivers' movements</a>, which is made
    available to car manufacturers, insurance companies, and others.</p>

    <p>The case of toll-collection systems, mentioned in this article,
    is not really a matter of proprietary surveillance. These systems
    are an intolerable invasion of privacy, and should be replaced with
    anonymous payment systems, but the same tactics.</p> invasion isn't done by malware. The
    other cases mentioned are done by proprietary malware in the car.</p>
  </li>
</ul>

<!-- #SpywareOnTheWeb


<div class="big-subsection">
  <h4 id="SpywareInVR">Virtual Reality</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span>
</div>

<ul class="blurbs">
  <li id="M202008182">
    <!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Oculus headsets <a
    href="https://www.theverge.com/2020/8/18/21372435/oculus-facebook-login-change-separate-account-support-end-quest-october">require
    users to identify themselves to Facebook</a>. This will give Facebook
    free rein to pervasively snoop on Oculus users.</p>
  </li>

  <li id="M201612230">
    <!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>VR equipment, measuring every slight motion,
    creates the potential for the most intimate
    surveillance ever. All it takes to make this potential real <a
    href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
    software as malicious as many other programs listed in this
    page</a>.</p>

    <p>You can bet Facebook will implement the maximum possible
    surveillance on Oculus Rift devices. The moral is, never trust a VR
    system with nonfree software in it.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
  <span class="anchor-reference-id">(<a href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span>
</div>
<div style="clear: left;"></div>

<p>In addition, many web sites spy on their visitors.  Web sites are not
   programs, so it
   <a href="/philosophy/network-services-arent-free-or-nonfree.html">
   makes no sense to call them “free” or “proprietary”</a>,
   but the surveillance is an abuse all the same.</p>

<ul>

  <li><p>When

<ul class="blurbs">
  <li id="M201904210">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>As of April 2019, it is <a
    href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
    longer possible to disable an
    unscrupulous tracking anti-feature</a> that <a
    href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
    users when they follow ping links</a> in Apple Safari, Google Chrome,
    Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is
    going to be based on Chromium.</p>
  </li>

  <li id="M201901101">
    <!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Until 2015, any tweet that listed a geographical tag <a
    href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/">
    sent the precise GPS location to Twitter's server</a>. It still
    contains these GPS locations.</p>
  </li>

  <li id="M201805170">
    <!--#set var="DATE" value='<small class="date-tag">2018-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Storyful program <a
    href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
    on the reporters that use it</a>.</p>
  </li>

  <li id="M201701060">
    <!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>When a page uses Disqus
    for comments, <a href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">the the proprietary Disqus software loads <a
    href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
    a Facebook software package into the browser of every anonymous visitor
    to the page, and makes the page's URL available to Facebook</a>.
  </p></li>

  <li><p>Online Facebook</a>.</p>
  </li>

  <li id="M201612064">
    <!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Online sales, with tracking and surveillance of customers, <a
    href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
    businesses to show different people different prices</a>. Most of
    the tracking is done by recording interactions with servers, but
    proprietary software contributes.</p>
  </li>

  <li><p><a href="http://japandailypress.com/government-warns-agencies-against-using-chinas-baidu-application-after-data-transmissions-discovered-2741553/">
      Baidu's Japanese-input and Chinese-input apps spy on users.</a></p>
  </li>

  <li><p>Pages that contain “Like” buttons
      <a href="http://www.smh.com.au/technology/technology-news/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
      enable Facebook to track visitors

  <li id="M201405140">
    <!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
    Microsoft SkyDrive allows the NSA to those pages</a>—even
      users that don't have Facebook accounts.</p> directly examine users'
    data</a>.</p>
  </li>

  <li><p>Many

  <li id="M201210240">
    <!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many web sites rat their visitors to advertising
    networks that track users.  Of the top 1000 web sites, <a
    href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
    (as of 5/17/2012) fed their visitors third-party cookies, allowing
    other sites to track them</a>.</p>
  </li>

  <li><p>Many

  <li id="M201208210">
    <!--#set var="DATE" value='<small class="date-tag">2012-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many web sites report all their visitors
    to Google by using the Google Analytics service, which <a
    href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
    tells Google the IP address and the page that was visited.</a></p> visited</a>.</p>
  </li>

  <li><p>Many

  <li id="M201200000">
    <!--#set var="DATE" value='<small class="date-tag">[2012]</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many web sites try to collect users' address books (the user's list
    of other people's phone numbers or email addresses).  This violates
    the privacy of those other people.</p>
  </li>

  <li><p><a href="http://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
      Microsoft SkyDrive allows the NSA

  <li id="M201110040">
    <!--#set var="DATE" value='<small class="date-tag">2011-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Pages that contain “Like” buttons <a
    href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
    enable Facebook to directly examine users' data</a>.</p> track visitors to those pages</a>—even users
    that don't have Facebook accounts.</p>
  </li>
</ul>

<!-- WEBMASTERS: make sure


<div class="big-subsection">
  <h4 id="SpywareInJavaScript">JavaScript</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInJavaScript">#SpywareInJavaScript</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201811270">
    <!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Many web sites use JavaScript code <a
    href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
    to place new items snoop on top under each subsection information that users have typed into a
    form but not sent</a>, in order to learn their identity. Some are <a
    href="https://www.manatt.com/insights/newsletters/advertising-law/sites-illegally-tracked-consumers-new-suits-allege">
    getting sued</a> for this.</p>

    <p>The chat facilities of some customer services use the same sort of
    malware to <a
    href="https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119">
    read what the user is typing before it is posted</a>.</p>
  </li>

  <li id="M201807190">
    <!--#set var="DATE" value='<small class="date-tag">2018-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>British Airways used <a
    href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
    JavaScript on its web site to give other companies personal data on
    its customers</a>.</p>
  </li>

  <li id="M201712300">
    <!--#set var="DATE" value='<small class="date-tag">2017-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some JavaScript malware <a
    href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
    swipes usernames from browser-based password managers</a>.</p>
  </li>

  <li id="M201711150">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some websites send
    JavaScript code to collect all the user's input, <a
    href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
    can then be used to reproduce the whole session</a>.</p>

    <p>If you use LibreJS, it will block that malicious JavaScript
    code.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInChrome">Spyware in Chrome</h4> id="SpywareInFlash">Flash</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>

<ul class="blurbs">
  <li id="M201310110">
    <!--#set var="DATE" value='<small class="date-tag">2013-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Flash and JavaScript are used for <a
    href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
    “fingerprinting” devices</a> to identify users.</p>
  </li>

  <li id="M201003010">
    <!--#set var="DATE" value='<small class="date-tag">2010-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Flash Player's <a
    href="https://web.archive.org/web/20200808151607/http://www.imasuper.com/2008/10/09/flash-cookies-the-silent-privacy-killer/">
    cookie feature helps web sites track visitors</a>.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInChrome">Chrome</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInChrome">#SpywareInChrome</a>)</span>
</div>

<ul>
  <li><p>Google

<ul class="blurbs">
  <li id="M202109210">
    <!--#set var="DATE" value='<small class="date-tag">2021-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google's proprietary Chrome contains a key logger that web browser <a href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">
	sends Google every URL typed in</a>, one key at
    href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/">
    added a time.</p> surveillance API (idle detection API)</a> which lets
    websites ask Chrome to report when a user with a web page open is
    idle.</p>
  </li>
  
  <li><p>Google

  <li id="M201906220">
    <!--#set var="DATE" value='<small class="date-tag">2019-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Chrome includes is an <a
    href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
    instrument of surveillance</a>. It lets thousands of trackers invade
    users' computers and report the sites they visit to advertising and
    data companies, first of all to Google. Moreover, if users have a module
    Gmail account, Chrome automatically logs them in to the browser for
    more convenient profiling. On Android, Chrome also reports their
    location to Google.</p>

    <p>The best way to escape surveillance is to switch to <a
    href="/software/icecat/">IceCat</a>, a modified version of Firefox
    with several changes to protect users' privacy.</p>
  </li>

  <li id="M201704131">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Low-priced Chromebooks for schools are <a
    href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
    collecting far more data on students than is necessary, and store
    it indefinitely</a>. Parents and students complain about the lack
    of transparency on the part of both the educational services and the
    schools, the difficulty of opting out of these services, and the lack
    of proper privacy policies, among other things.</p>

    <p>But complaining is not sufficient. Parents, students and teachers
    should realize that the software Google uses to spy on students is
    nonfree, so they can't verify what it really does. The only remedy is
    to persuade school officials to <a href="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
	activates microphones href="/education/edu-schools.html">
    exclusively use free software</a> for both education and transmits audio school
    administration. If the school is run locally, parents and teachers
    can mandate their representatives at the School Board to its servers</a>.</p> refuse the
    budget unless the school initiates a switch to free software. If
    education is run nation-wide, they need to persuade legislators
    (e.g., through free software organizations, political parties,
    etc.) to migrate the public schools to free software.</p>
  </li>
  
  <li><p>Google

  <li id="M201507280">
    <!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Chrome makes it easy for an extension to do <a
    href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
    snooping on the user's browsing</a>, and many of them do so.</p>
  </li>
</ul>


<div class="big-subsection">
  <h4 id="SpywareInFlash">Spyware in Flash</h4>
  <span class="anchor-reference-id">(<a href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>

<ul>
  <li><p>Flash Player's

  <li id="M201506180">
    <!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Chrome includes a module that <a href="http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/">
      cookie feature helps web sites track visitors</a>.</p>
    href="https://www.privateinternetaccess.com/blog/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
    activates microphones and transmits audio to its servers</a>.</p>
  </li>

  <li><p>Flash is also used for

  <li id="M201308040">
    <!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Chrome <a href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
      “fingerprinting” devices </a> to identify users.</p>
    href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
    spies on browser history, affiliations</a>, and other installed
    software.</p>
  </li>
</ul>

<p><a href="/philosophy/javascript-trap.html">Javascript code</a>
is another method of “fingerprinting” devices.</p>


<!-- #SpywareEverywhere

  <li id="M200809060">
    <!--#set var="DATE" value='<small class="date-tag">2008-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google Chrome contains a key logger that <a
    href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/">
    sends Google every URL typed in</a>, one key at a time.</p>
  </li>
</ul>



<div class="big-section">
  <h3 id="SpywareEverywhere">Spyware Everywhere</h3> id="SpywareInNetworks">Spyware in Networks</h3>
  <span class="anchor-reference-id">(<a href="#SpywareEverywhere">#SpywareEverywhere</a>)</span> href="#SpywareInNetworks">#SpywareInNetworks</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>The natural extension

<ul class="blurbs">
  <li id="M202110250">
    <!--#set var="DATE" value='<small class="date-tag">2021-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Ed Tech companies use their surveillance power to
    manipulate students, and direct them into tracks towards various
    levels of monitoring people through 
      “their” phones is knowledge, power and prestige. The article argues that <a 
      href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
      proprietary software
    href="https://blogs.lse.ac.uk/medialse/2021/10/25/algorithmic-injustice-in-education-why-tech-companies-should-require-a-license-to-operate-in-childrens-education/">these
    companies should obtain licenses to make sure they can't “fool” operate</a>. That wouldn't hurt,
    but it doesn't address the 
      monitoring</a>.</p>
  </li>

  <li><p><a href="http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
      Intel devices will root of the problem. All data acquired
    in a school about any student, teacher, or employee must not leave
    the school, and must be able kept in computers that belong to listen for speech the school
    and run free (as in freedom) software. That way, the school district
    and/or parents can control what is done with those data.</p>
  </li>

  <li id="M202105060">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://me2ba.org/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
    of school apps are sending student data to potentially high-risk
    third parties</a>, putting students and possibly all other school
    workers under surveillance. This is made possible by using unsafe
    and proprietary programs made by data-hungry corporations.</p>

    <p><small>Please note that whether students consent to this or not,
    doesn't justify the time, even when “off.”</a></p> surveillance they're imposed to.</small></p>
  </li>
</ul>

<!-- #SpywareInVR

  <li id="M202105030">
    <!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
<div class="big-section">
    <h3 id="SpywareInVR">Spyware In VR</h3>
    <span class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span>
</div>
<div style="clear: left;"></div>

<ul>
  <li><p>VR equipment, measuring every slight motion,
    <p>The United States' government is reportedly considering <a
    href="https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/">teaming
    up with private companies to monitor American citizens' private online
    activity and digital communications</a>.</p>

    <p>What creates the
      potential for the most intimate surveillance ever. All it takes opportunity to make try this potential
      real <a href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is is the fact that these
    companies are already snooping on users' private activities. That
    in turn is due to people's use of nonfree software which snoops,
    and online dis-services which snoop.</p>
  </li>

  <li id="M202102160">
    <!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google <a
    href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed
    over personal data of Indian protesters and activists to Indian
    police</a> which led to their arrest. The cops requested the IP
    address and the location where a document was created and with that
    information, they identified protesters and activists.</p>
  </li>

  <li id="M202012250">
    <!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The HonorLock online exam
    proctoring program is a surveillance tool that <a
    href="https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps">tracks
    students and collects data</a> such as malicious as face, driving license, and
    network information, among others, in blatant violation of students'
    privacy.</p>

    <p>Preventing students from cheating should not be an excuse for
    running malware/spyware on their computers, and it's good that students
    are protesting. But their petitions overlook a crucial issue, namely,
    the injustice of being forced to run nonfree software in order to
    get an education.</p>
  </li>

  <li id="M202009070">
    <!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>While the world is still
    struggling with COVID-19 coronavirus, many other <a
    href="https://mashable.com/article/privacy-in-the-age-of-coronavirus/">people
    are in danger of surveillance</a> and their computers are infected
    with malware as a result of installing proprietary software.</p>
  </li>

  <li id="M202004301">
    <!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Proprietary programs listed Google Meet, Microsoft Teams, and WebEx <a
    href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
    collecting user's personal and identifiable data</a> including how long
    a call lasts, who's participating in the call, and the IP addresses
    of everyone taking part. From experience, this
      page</a>.</p>

    <p>You can bet Facebook will implement the maximum possible
      surveillance even harm users
    physically if those companies hand over data to governments.</p>
  </li>

  <li id="M201905281">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Microsoft <a
    href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
    people to give their phone number</a> in order to be able to create an account on Oculus Rift devices. The moral is, never trust a
      VR system with
    the company's network. On top of mistreating their users by providing
    nonfree software in it.</p> software, Microsoft is tracking their lives outside the computer and
    violates their privacy.</p>
  </li>
</ul>


</div><!--

  <li id="M201902040">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Google invites people to <a
    href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
    let Google monitor their phone use, and all internet use in their
    homes, for id="content", starts an extravagant payment of $20</a>.</p>

    <p>This is not a malicious functionality of a program with some other
    purpose; this is the software's sole purpose, and Google says so. But
    Google says it in a way that encourages most people to ignore the include above
    details. That, we believe, makes it fitting to list here.</p>
  </li>

  <li id="M201808131">
    <!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a
    href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google
    will track people even if people turn off location history</a>, using
    Google Maps, weather updates, and browser searches. Google basically
    uses any app activity to track people.</p>
  </li>

  <li id="M201808130">
    <!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Since the beginning of 2017, <a
    href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">Android
    phones have been collecting the addresses of nearby cellular
    towers</a>, even when location services are disabled, and sending
    that data back to Google.</p>
  </li>

  <li id="M201606030">
    <!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Investigation Shows <a
    href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
    Using US Companies, NSA To Route Around Domestic Surveillance
    Restrictions</a>.</p>

    <p>Specifically, it can collect the emails of members of Parliament
    this way, because they pass it through Microsoft.</p>
  </li>

  <li id="M201212290">
    <!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Cisco TNP IP phones are <a
    href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
    spying devices</a>.</p>
  </li>
</ul>
</div>

</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer"> id="footer" role="contentinfo">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and submitting contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and submitting contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2015, 2016, 2017 2015-2022 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2022/01/01 17:34:49 $
<!-- timestamp end -->
</p>
</div>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>