<!--#include virtual="/server/header.html" -->
<!-- This page is derived from /server/standards/boilerplate.html -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Additions to the Malware Section
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<!--#include virtual="/proprietary/po/all.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="25" width="31"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="26" width="26"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Additions to the Malware Section</h2>
<div class="thin"></div>
<p>These are all the malware items that have been added to this
directory since 2018, in reverse chronological order. (In some cases,
the latest reference was updated after the item was added.)</p>
<div class="column-limit" id="all-malware"></div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-05-09' -->
<!--#set var='PUB' value='2022-05-13' --> <!--#set var='ID' value='M202205130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.howtogeek.com/803598/app-is-damaged-and-cant-be-opened/">
Apple has been labeling various third-party files and programs as
“damaged”</a>, preventing users from opening them, and
implying that software from third-party sources is dangerous. While
these restrictions can be circumvented, they violate users' freedom
to do their computing as they wish. Most of the time, the purpose of
warnings such as “damaged” is to scare users into
sticking with Apple's proprietary programs for no good reason.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-05-04' -->
<!--#set var='PUB' value='2025-03-28' --> <!--#set var='ID' value='M202503280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is <a
href="https://arstechnica.com/gadgets/2025/03/new-windows-11-build-makes-mandatory-microsoft-account-sign-in-even-more-mandatory/">
tightening the chains that force Windows useds to sign into their
Microsoft account</a> [*], thus identifying themselves. We suspect this
is an intentional strategy to avoid inspiring a lot of resistance
all at once: leave openings to escape identification, then gradually
close them.</p>
<p>Enough is enough!</p>
<p>[*] <small>Why “useds”? Because running Windows is
not you using Windows; it is Windows using you.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-04-03' -->
<!--#set var='PUB' value='2024-07-20' --> <!--#set var='ID' value='M202407200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The company making a “smart” bassinet called Snoo has <a
href="https://www.theverge.com/2024/7/20/24202166/snoo-premium-subscription-happiest-baby">
locked the most advanced functionalities of the Snoo behind a
paywall</a>. This unexpected change mainly affects users who received
the appliance as a gift, or bought it second-hand on the assumption
that all these functionalities would be available to them, as they
used to be. This is another example of the deceptive behavior of
proprietary software developers who take advantage of their power
over users to change rules at will.</p>
<p>Another malicious feature of the Snoo is the fact that users
need to create an account with the company, which thus has access
to personal data, location (SSID), appliance log, etc., as well as
manual notes about baby history.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-04-01' -->
<!--#set var='PUB' value='2018-07-11' --> <!--#set var='ID' value='M201807110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Nintendo has devoted a lot of effort to <a
href="https://arstechnica.com/gaming/2018/07/nintendo-reportedly-rolling-out-new-more-hack-proof-switch-hardware/">
preventing users from installing third-party software on its Switch
consoles</a>. These are now full-blown jails.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-30' -->
<!--#set var='PUB' value='2025-02-21' --> <!--#set var='ID' value='M202502210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple <a
href="https://www.bleepingcomputer.com/news/security/apple-pulls-icloud-end-to-end-encryption-feature-in-the-uk/">
stopped offering iCloud end-to-end encryption in the UK</a>
after the UK government demanded <a
href="https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/">
worldwide access to encrypted user data</a>. This is one more proof
that storing your own data “in the cloud” puts it at
risk.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-30' -->
<!--#set var='PUB' value='2025-01-17' --> <!--#set var='ID' value='M202501170' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Canon is <a
href="https://arstechnica.com/gadgets/2025/01/canon-charges-50-per-year-to-use-a-900-camera-as-a-functional-webcam/">
preventing customers from using one of its cameras as a webcam</a>
unless they create an account on the company's server, and pay an
additional subscription. This unjust practice could be eliminated if
the camera firmware were free (as in freedom).</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-17' -->
<!--#set var='PUB' value='2024-08-14' --> <!--#set var='ID' value='M202408140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/">
A critical vulnerability in Windows systems
that support IPv6</a> was discovered in 2024, <a
href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063">
16 years after the first affected system</a> was released. Unless
the relevant patch is applied, an attacker can remotely execute
arbitrary code on these systems. Microsoft considers exploits
“likely.”</p>
<p>The same sort of vulnerability in a free/libre operating system
would probably be discovered sooner, since many more people would be
able to look at the source code.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-16' -->
<!--#set var='PUB' value='2024-11-04' --> <!--#set var='ID' value='M202411040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Pixel 9 “smart”phone <a
href="https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/">
frequently updates Google servers with its location and current
configuration</a> along with personally identifiable data, raising
concerns about user privacy. Moreover, it communicates
with services that are not in use, and periodically attempts to
download experimental, possibly insecure software. The system does
not inform the user that it is doing all this.</p>
<p>There is hope, however: it is possible to <a
href="https://doc.e.foundation/devices"> replace the original Android
operating system with a deGoogled version</a> in Pixel phones up to
8a, and in phones from many other brands. No doubt that the Pixel 9
will be supported soon.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-11' -->
<!--#set var='PUB' value='2023-12-04' --> <!--#set var='ID' value='M202312040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Bungie's Destiny 2 is plagued with two major flaws:</p>
<ul>
<li>Like all proprietary tethered games, <a
href="https://destinytracker.com/destiny-2/articles/is-destiny-2-down-how-to-check-server-maintenance-and-downtime">
it can't be played when the company's servers are offline</a>.</li>
<li>Ever since Bungie chose BattlEye as an anti-cheat program,
Destiny 2 has been <a href="https://areweanticheatyet.com/">
incompatible with GNU/Linux</a> <small>[this page can't be viewed
without JavaScript]</small>. Bungie forces Steam Deck users
to <a href="https://www.pcguide.com/steam-deck/play-destiny-2/">
replace SteamOS with Windows, or play from Edge browser</a>.
This doesn't have to be so, as several other games that use BattlEye
do support GNU/Linux systems. Rather than doing the necessary
adjustments, Bungie forces users to run nonfree software in order to
keep an absolute control over them.</li>
</ul>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-11' -->
<!--#set var='PUB' value='2018-01-26' --> <!--#set var='ID' value='M201801260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google's ad platform enabled advertisers to <a
href="https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/">
run cryptocurrency miner code on the computers of YouTube users through
proprietary JavaScript</a>. Some people noticed this, and the outrage
made Google remove the miners, but the number of affected users was
probably very high.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-08' -->
<!--#set var='PUB' value='2025-02-28' --> <!--#set var='ID' value='M202502280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://arstechnica.com/gadgets/2025/02/on-may-5-microsofts-skype-will-shut-down-for-good/">
Microsoft is shutting down Skype</a> on May 5th, 2025. As with other
tethered proprietary programs, users have to rely on servers that are
controlled by the developer. When these servers shut down, the service
disappears. Instead of migrating to the service that Microsoft suggests
as a replacement, Skype users should regain control of their
communications by switching to one that is based on free software.
<a href="https://jitsi.org/jitsi-meet/">Jitsi Meet</a>, for example, is
appropriate for small video meetings. Anyone can set up a Jitsi server
and let other people use it, and indeed many of these are available
around the world.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-08' -->
<!--#set var='PUB' value='2025-02-23' --> <!--#set var='ID' value='M202502230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://proton.me/blog/outlook-is-microsofts-new-data-collection-service">
Outlook has become a “data collection and ad delivery
service”</a>. Since Outlook is now integrated with
Microsoft “cloud” services, and doesn't support
end-to-end encryption, the company has full access to users'
emails, contacts, and calendar events. Microsoft may also <a
href="https://www.cyberkendra.com/2023/11/new-outlook-update-raises-privacy.html">
retrieve credentials associated with any third-party services</a>
that are synchronized with Outlook. This trove of personal data
enables Microsoft, as well as its commercial partners, to flood
users with targeted ads, and possibly to train “artificial
intelligences.” Even worse, this data is available to any
government that can force Microsoft to hand it over.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-07' -->
<!--#set var='PUB' value='2024-11-11' --> <!--#set var='ID' value='M202411110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Ubisoft is facing a fraud lawsuit for <a
href="https://www.polygon.com/gaming/476979/ubisoft-the-crew-shut-down-lawsuit-class-action">
shutting down the proprietary video game The Crew, which was tethered
to its servers</a>. As this game can't be played offline, people who
used to think they owned a copy of it are now realizing they only
bought a license that could be revoked at will by the developer.</p>
<p>This is one more example of what tethering of a proprietary program
leads to. If The Crew were free software, its users would be able to
set up another server, and keep on playing.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-07' -->
<!--#set var='PUB' value='2024-07-30' --> <!--#set var='ID' value='M202407300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In its default configuration, Windows 11 now <a
href="https://www.zdnet.com/article/windows-11-now-turns-on-onedrive-folder-backup-without-your-permission/">
uploads users' files and personal information to Microsoft's
“cloud”</a> without asking permission to do so. This is
presented as a convenient backup method, but if the allotted storage
capacity is exceeded, the user will need to buy more space, increasing
Microsoft's profit.</p>
<p>However, this small profit is probably not the company's major
reason for making cloud storage the default. Here is an excerpt
from the <a href="https://www.microsoft.com/en-US/servicesagreement">
Microsoft Services agreement</a> (Section 2b):</p>
<blockquote><p><i>To the extent necessary to provide the Services to
you and others, to protect you and the Services, and to improve
Microsoft products and services, you grant to Microsoft a worldwide
and royalty-free intellectual property license to use Your Content,
for example, to make copies of, retain, transmit, reformat,
display, and distribute via communication tools Your Content on the
Services.</i></p></blockquote>
<p>We strongly suspect that the backed-up material is used to feed
Microsoft's greedy “AI.” In addition, it is most likely
analysed to better profile users in order to flood them with targeted
ads, thereby generating more profit.</p>
<p>Users, on the other hand, are at the mercy of any
entity that demands their data, let alone of any cracker
that breaks into Microsoft's servers. They <em>must</em>
escape from this sick environment, and install a sane <a
href="https://www.gnu.org/distros/free-distros.html"> free/libre
system</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-02' -->
<!--#set var='PUB' value='2024-12-25' --> <!--#set var='ID' value='M202412250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Windows Defender <a
href="https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-deleted-my-download-without/0b4211cf-80f7-47c7-8ea0-675785a0003c">
deletes downloaded files that it considers malware</a> as soon as
they are saved to disk, without requesting permission to do so. Many
angry users have complained about this unacceptable behavior over the
last few years, and even suggested fixes, but Microsoft has ignored
them. It is high time for Windows users to escape Microsoft's tyranny
by migrating to a free/libre system.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-02' -->
<!--#set var='PUB' value='2024-11-05' --> <!--#set var='ID' value='M202411050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As of 2021, <a
href="https://www.rferl.org/a/russia-40-apps-preinstalled-electronic-devices/32532513.html">
preinstallation of Russian-made proprietary software has
been mandatory</a> on new computers and “smart”
devices sold in Russia, under threat of a fine for the retailer, and <a
href="https://tadviser.com/index.php/Article:Pre-installation_of_Russian_software_on_smartphones_and_computers">
the list of mandatory applications keeps
growing</a>. This gives the government a convenient way to <a
href="https://www.article19.org/resources/russia-pre-installation-of-apps-matters-for-free-speech/">
censor information, spy on people's online activity, and restrict
free speech</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-02' -->
<!--#set var='PUB' value='2024-06-10' --> <!--#set var='ID' value='M202406100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In its terms of service, Adobe gives itself permission to <a
href="https://www.cnet.com/tech/services-and-software/adobe-defends-changes-in-its-terms-of-service-amid-gen-ai-explosion/">
spy on material that people upload to its servers</a>, supposedly for
moderation purposes. In spite of Adobe's denial, we can expect
that sooner or later it will use this material to train its so-called
“artificial intelligence,” and will claim that by agreeing
to the terms of service users gave it the right to do so.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-02' -->
<!--#set var='PUB' value='2024-04-26' --> <!--#set var='ID' value='M202404260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft has started to <a
href="https://www.cnet.com/tech/who-wants-ads-in-their-windows-11-start-menu-heres-how-to-turn-them-off/">
show ads in the “Recommended” section of the
Windows 11 Start menu</a>. Previously, this section only included
recently used documents and images. Now it also contains the icons
of apps Microsoft wants to advertise, in the hope that the user will
click on one of them, and buy the app. So far, the user can disable
the ads, but this doesn't make them more legitimate.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-03-01' -->
<!--#set var='PUB' value='2024-11-22' --> <!--#set var='ID' value='M202411220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Windows Recall is a feature of Microsoft's Copilot tool that
comes preinstalled on AI-specialized computers. <a
href="https://www.techtarget.com/searchenterpriseai/feature/Privacy-and-security-risks-surrounding-Microsoft-Recall">
Recall records everything users do on their computer</a> and allows
them to search the recordings, but it has numerous security flaws and
poses a risk to privacy. As Recall cannot be completely uninstalled,
disabling it doesn't eliminate the risk because it can be reactivated
by malware or misconfiguration.</p>
<p>Microsoft says that <a
href="https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15">
Recall will not take screenshots of digitally restricted
media</a>. Meanwhile, it stores sensitive user information such as
passwords and bank account numbers, showing that whereas Microsoft
worries somewhat about corporate interests, it couldn't care less
about user privacy.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-02-23' -->
<!--#set var='PUB' value='2019-07-22' --> <!--#set var='ID' value='M201907220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In 2019, <a
href="https://chromestory.com/2019/07/disable-pull-to-refresh-on-chrome-for-android/">
Google revoked users' ability to turn
off the “pull-to-refresh”
gesture in Chrome for Android</a>. Despite <a
href="https://support.google.com/chrome/thread/8152831"> thousands
of protests by frustrated users</a>, Google has not reverted its
decision. Proprietary software developers are known for ignoring users'
requests in favor of their own gain and convenience. Only free software
gives users control over their own computing.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-02-19' -->
<!--#set var='PUB' value='2023-06-01' --> <!--#set var='ID' value='M202306010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Eclypsium <a
href="https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/">
discovered an insecure universal back door</a> on many computers using
Gigabyte mainboards. Gigabyte designed their nonfree firmware so they
could add a program to Windows to download additional software from
the Internet, and run it behind the user's back.</p>
<p>To add injury to injury, the back-door program was insecure,
and opened ways for crackers to run their own programs on the
affected systems, also behind the user's back. Gigabyte's “<a
href="https://www.gigabyte.com/Press/News/2091">solution</a>”
was to ensure the back door would only run programs from Gigabyte.</p>
<p>In this case, the back door required the connivance of Windows
accepting the program, and running it behind the user's back. Free
operating systems rightly ignore such “Greek gifts,” so
users of GNU (including GNU/Linux) are safe from this particular
back door, even on affected hardware.</p>
<p>Nonfree software does not make your computer secure—it does
the opposite: it prevents you from trying to secure it. When nonfree
programs are required for booting and impossible to replace, they
are, in effect, a low-level rootkit. All the things that the industry
has done to make its power over you secure against you also protect
firmware-level rootkits against you.</p>
<p>Instead of allowing Intel, AMD, Apple and perhaps ARM to impose
security through tyranny, we should demand laws that require them to
allow users to install their choice of startup software and make
available the information needed to develop such. Think of this as
right-to-repair at the initialization stage.</p>
<p><small>Note: Eclypsium at least mentions the problem of
“unwanted behavior within official firmware,” but does
not seem to recognize that the only real solution is for firmware to
be free, so users can fix these problems without having to rely on
the vendor.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2025-02-02' -->
<!--#set var='PUB' value='2025-01-29' --> <!--#set var='ID' value='M202501290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google is <a
href="https://slate.com/technology/2025/01/google-gemini-ai-workspace-default-opt-in.html">
forcing its bullshit generator, Gemini, on many users of Gmail</a>
without asking them, and not even offering the users a way to
deactivate it.</p>
<p>Workplace IT managers, whose employees are forced to use Gmail,
can get it turned off after a laborious procedure, followed by
waiting—the darkest of dark patterns.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-11-26' -->
<!--#set var='PUB' value='2024-09-20' --> <!--#set var='ID' value='M202409200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Kia cars were built with a back door that enabled the company's
server to locate them and take control of them. The car owner had
access to these controls through the Kia server. That the
car owner had such control
is not objectionable. However, that Kia itself had such control
is Orwellian, and ought to be illegal. The icing on the Orwellian
cake is that the server had a security fault which <a
href="https://samcurry.net/hacking-kia">allowed absolutely anyone to
activate those controls</a> for any Kia car.</p>
<p>Many people will be outraged at that security bug, but this was
presumably an accident. The fact that Kia had such control over cars
after selling them to customers is what outrages us, and that must
have been intentional on Kia's part.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-11-21' -->
<!--#set var='PUB' value='2024-11-03' --> <!--#set var='ID' value='M202411030' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/lifeandstyle/2024/nov/03/addicted-to-love-how-dating-apps-exploit-their-users">Dating
apps exploit their users</a>; fundamental features require an expensive
subscription, and they are designed to be addictive.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-11-19' -->
<!--#set var='PUB' value='2023-09-08' --> <!--#set var='ID' value='M202309080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>BMW has <a
href="https://www.forbes.com/sites/alistaircharlton/2023/09/07/bmw-drops-controversial-heated-seats-subscription-to-refocus-on-software-services/">
retreated from making car owners pay for a subscription to the heated
seats feature</a>.</p>
<p>Customers rejected it. Bravo for them!</p>
<p>Instead BMW plans to require subscriptions for digital services
and disservices—things related to the Orwellian tracking done
by any “connected” car.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-11-10' -->
<!--#set var='PUB' value='2023-12-27' --> <!--#set var='ID' value='M202312270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/">
A back door in Apple devices</a>, present and abused from at least
2019 until 2023, allowed crackers to have full control over them by
sending iMessage texts that installed malware without any action on
the user's part. Infections, among other things, gave the intruders
access to owners' microphone recordings, photos, location and other
personal data.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-07-31' -->
<!--#set var='PUB' value='2024-05-24' --> <!--#set var='ID' value='M202405240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://arstechnica.com/gadgets/2024/05/pleas-for-open-sourcing-refunds-as-spotify-plans-to-brick-car-thing-devices/">Spotify
sold a music streaming device but they no longer support it</a>. Due to
its proprietary nature, it can no longer be updated or even used. Users
requested Spotify to make the software that runs on the device libre,
and Spotify refused, so these devices are now e-waste. Spotify is
now offering refunds to save the purchasers from
losing money on these products, but this wouldn't prevent the products
from being e-waste, and wouldn't save users from being jerked around by
Spotify. This is an example of how software that is not free controls
the user instead of the user controlling the software. It is also an
important lesson for us to insist the software in a device be libre
before we buy it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-05-23' -->
<!--#set var='PUB' value='2024-03-15' --> <!--#set var='ID' value='M202403150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theverge.com/2024/3/15/24101887/microsoft-bing-popups-windows-11-google-chrome">
Microsoft is using malware tactics to get users to switch to
their web browser</a>, Microsoft Edge, and their search engine, Microsoft
Bing. When users launch the Google Chrome browser Microsoft injects
a pop up advertisement in the corner of the screen advising users to
switch to Bing. Microsoft also imported users Chrome browsing data
without their knowledge or consent.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-04-07' -->
<!--#set var='PUB' value='2024-03-11' --> <!--#set var='ID' value='M202403110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://web.archive.org/web/20240311120515/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html">
GM is spying on drivers</a> who own or rent their cars, and give
away detailed driving data to insurance companies through data
brokers. These companies then analyze the data, and hike up insurance
prices if they think the data denotes “risky driving.”
For the car to make this data available to anyone but the owner or
renter of the car should be a crime. If the car is owned by a rental
company, that company should not have access to it either.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-02-22' -->
<!--#set var='PUB' value='2023-12-23' --> <!--#set var='ID' value='M202312230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Surveillance cameras put in by government
A to surveil for it may be surveilling for
government B as well. That's because A put in a product <a
href="https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html">
made by B with nonfree software</a>.</p>
<p><small>(Please note that this article misuses the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hack</a>” to
mean “break security.”)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-01-20' -->
<!--#set var='PUB' value='2023-11-10' --> <!--#set var='ID' value='M202311101' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft has been annoying people who wanted to
close the proprietary program OneDrive on their computers, <a
href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification">
forcing them to give the reason why they were closing it</a>. This
prompt was removed after public pressure.</p>
<p>This is a reminder that angry users still have the power to make
developers of proprietary software remove small annoyances. Don't
count on public outcry to make them remove more profitable malware,
though. Run away from proprietary software!</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-01-18' -->
<!--#set var='PUB' value='2024-01-18' --> <!--#set var='ID' value='M202401180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p id="uhd"><a
href="/proprietary/uhd-bluray-denies-your-freedom.html">UHD
Blu-ray disks are encrypted with AACS, one of the worst kinds of DRM</a>.
Playing them on a PC requires software and hardware that meet stringent
proprietary specifications, which developers can only obtain after
signing an agreement that explicitly forbids them from disclosing any
source code.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-01-03' -->
<!--#set var='PUB' value='2023-12-06' --> <!--#set var='ID' value='M202312060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">Newag,
a Polish railway manufacturer, puts DRM inside trains to prevent
third-party repairs</a>.</p>
<ul>
<li><p>The train's software contains code to detect if the GPS
coordinates are near some third party repairers, or the train has not
been running for some time. If yes, the train will be “locked
up” (i.e. bricked). It was also possible to unlock it by
pressing a secret combination of buttons in the cockpit, but this
ability was removed by a manufacturer's software update.</p></li>
<li><p>The train will also lock up after a certain date, which is
hardcoded in the software.</p></li>
<li><p>The company pushes a software update that detects if the
DRM code has been bypassed, i.e. the lock should have been engaged
but the train is still operational. If yes, the controller cabin
screen will display a scary message warning about “copyright
violation”.</p></li>
</ul>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-01-03' -->
<!--#set var='PUB' value='2023-11-30' --> <!--#set var='ID' value='M202311300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/">x86
and ARM based computers shipped with UEFI are potentially vulnerable
to a design omission called LogoFAIL</a>. A cracker can replace the
BIOS logo with a fake one that contains malicious code. Users can't
fix this omission because it is in the nonfree UEFI firmware that
users can't replace.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2024-01-03' -->
<!--#set var='PUB' value='2023-11-08' --> <!--#set var='ID' value='M202311080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Recent autos offer a feature by which the drivers
can connect their snoop-phones to the car. That feature <a
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
snoops on the calls and texts</a> and gives the data to the car
manufacturer, and to the state.</p>
<p>A good privacy law would prohibit cars recording this data about
the users' activities. But not just <em>this</em> data—lots of
other data too.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-30' -->
<!--#set var='PUB' value='2018-09-17' --> <!--#set var='ID' value='M201809170' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Clash Royale is an online game with an “optimized”
<a href="/proprietary/proprietary-addictions.html#gacha">
<i>gacha</i></a> system that makes it <a
href="https://medium.com/@nikmlnkr/what-makes-clash-royale-so-addictive-1e586815b1f0">
very addictive for players</a>, and very profitable for its
developers.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-26' -->
<!--#set var='PUB' value='2023-09-05' --> <!--#set var='ID' value='M202309050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google Nest snooper/surveillance cameras are always
tethered to Google servers, record videos 24/7, and are
<a href="https://arstechnica.com/gadgets/2023/09/google-nest-cameras-get-a-25-33-subscription-price-hike/">
subscription-based, which is an injustice to people who
use them</a>. The article discusses the rise in prices for
“plans” you can buy from Google, which include storing
videos in the “cloud”—another word for someone
else's computer.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-20' -->
<!--#set var='PUB' value='2023-11-30' --> <!--#set var='ID' value='M202311301' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://web.archive.org/web/20231213150111/https://www.nytimes.com/2023/11/12/technology/iphone-repair-apple-control.html">To
block non-Apple repairs, Apple encodes the iMonster serial
number in the original parts</a>. This is called “parts
pairing”. Swapping parts between working iMonsters of the same
model causes malfunction or disabling of some functionalities. Part
replacement may also trigger persistent alerts, unless it is done by
an Apple store.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-09' -->
<!--#set var='PUB' value='2023-11-09' --> <!--#set var='ID' value='M202311090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://web.archive.org/web/20231011121908/https://www.makeuseof.com/how-to-remove-ads-on-samsung/">Samsung's
Push Service proprietary app</a> sends notifications to the user's
phone about “updates” in Samsung apps, including the
Gaming Hub, but these updates only sometimes have to do with
a new version of the apps. Many times, the notifications from
Gaming Hub are simply ads for games that they think the user should
install based on the data collected from the user. Most importantly, <a
href="https://web.archive.org/web/20240305093416/https://getfastanswer.com/3486/how-to-remove-samsung-push-service-on-a-smartphone">it
cannot be permanently disabled.</a></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-09' -->
<!--#set var='PUB' value='2023-11-07' --> <!--#set var='ID' value='M202311070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Chamberlain Group <a
href="https://arstechnica.com/gadgets/2023/11/chamberlain-blocks-smart-garage-door-opener-from-working-with-smart-homes/">blocks
users from using third-party software</a> with its garage
openers. This is an intentional attack on using free software. The
official garage opener proprietary mobile app is now also <a
href="https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain">infested
with ads, including up-selling its other services and devices.</a></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-12-08' -->
<!--#set var='PUB' value='2023-11-10' --> <!--#set var='ID' value='M202311100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In Australia, people assume that “smart”
means “tethered.” When people's ISP goes down, <a
href="https://www.theguardian.com/business/2023/nov/10/optus-went-down-and-the-smart-lights-came-on-and-then-marayke-was-stranded-in-bed">
all the tethered devices become useless</a>.</p>
<p>That's in addition to the nasty things tethered devices do when
they are “functioning” normally—such as snoop on
the commands sent to the device and the results they report.</p>
<p>Smart <em>users</em> know better than to accept tethered
devices.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-11-20' -->
<!--#set var='PUB' value='2023-08-22' --> <!--#set var='ID' value='M202308220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Bambu Lab 3D printers were reported to <a
href="https://arstechnica.com/gadgets/2023/08/3d-printers-print-break-on-their-own-due-to-cloud-outage/">
start printing without user's consent</a>, as a result of a malfunction
of the servers to which they were tethered. This caused significant
damage.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-11-19' -->
<!--#set var='PUB' value='2023-08-08' --> <!--#set var='ID' value='M202308080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Yandex company has started to <a
href="https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b">
give away Yango taxi ride data to Russia's Federal Security Service
(FSB)</a>. The Russian government (and whoever else receives the
the data) thus has access to a wealth of personal information,
including who traveled where, when, and with which driver. Yandex <a
href="https://yandex.ru/legal/confidential/?lang=en">
claims that it complies with European regulations</a> for data
collected in the European Economic Area, Switzerland or Israel.
But what about the rest of the world?</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-11-15' -->
<!--#set var='PUB' value='2023-09-06' --> <!--#set var='ID' value='M202309060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In an article from Mozilla, every car brand they researched <a
href="https://www.mozillafoundation.org/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/">
has failed their privacy tests</a>. Some car manufacturers explicitly
mention that they collect data which includes “sexual
activities” and “genetic information”. Not only
collecting any of such data is a huge privacy violation in the first
place, some companies assume drivers and passengers' consent before
they get in the car. Notably, Tesla threatens that the car may be
“inoperable” if the user opts out of data collection.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-11-04' -->
<!--#set var='PUB' value='2022-09-22' --> <!--#set var='ID' value='M202209220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Windows 11 Home and Pro now <a
href="https://www.microsoft.com/windows/windows-11-specifications">
require internet connection and a Microsoft account</a> to
complete the installation. Windows 11 Pro had an option to create
a local account instead, but the option has been removed. This
account can (and most certainly will) be used for surveillance
and privacy violations. Thankfully, a free software tool named <a
href="https://gothub.projectsegfau.lt/pbatard/rufus/">Rufus</a> can bypass those
requirements, or help users install a <a href="/distros/distros.html">
free operating system</a> instead.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-11-02' -->
<!--#set var='PUB' value='2019-12-11' --> <!--#set var='ID' value='M201912110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As tech companies add microphones to a wide range
of products, including refrigerators and motor vehicles,
they also set up transcription farms where human employees <a
href="https://getpocket.com/explore/item/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in">
listen to what people say</a> and tweak the recognition algorithms.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-10-29' -->
<!--#set var='PUB' value='2023-09-27' --> <!--#set var='ID' value='M202309270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Philips Hue, the most ubiquitous
home automation product in the US, is planning to soon <a
href="https://boingboing.net/2023/09/27/philips-hue-to-make-you-create-an-account-and-log-in-to-adjust-your-lightbulbs.html">
force users to log in to the app server</a> in order to be able to
adjust a lightbulb, or use other functionalities, in what amounts to
a massive user-tracking data grab.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-07-15' -->
<!--#set var='PUB' value='2023-07-04' --> <!--#set var='ID' value='M202307040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/technology/2023/jul/04/smile-youre-on-camera-self-driving-cars-are-here-and-theyre-watching-you">
Driverless cars in San Francisco collect videos constantly</a>, using
cameras inside and outside, and governments have already collected
those videos secretly.</p>
<p>As the Surveillance Technology Oversight Project says, they are
“driving us straight into authoritarianism.” We must <a
href="/philosophy/surveillance-vs-democracy.html">regulate <em>all</em>
cameras that collect images that can be used to track people</a>,
to make sure they are not used for that.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-07-15' -->
<!--#set var='PUB' value='2023-05-30' --> <!--#set var='ID' value='M202305300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some employers are <a
href="https://www.theguardian.com/money/2023/may/30/i-feel-constantly-watched-employees-working-under-surveillance-monitorig-software-productivity">
forcing employees to run “monitoring software”</a> on
their computers. These extremely intrusive proprietary programs
can take screenshots at regular intervals, log keystrokes,
record audio and video, etc. Such practices have been shown to <a
href="https://www.eurofound.europa.eu/publications/report/2020/employee-monitoring-and-surveillance-the-challenges-of-digitalisation">
deteriorate employees' well-being</a>, and trade unions in the
European union have voiced their concerns about them. The requirement
for employee's consent, which exists in some countries, is a sham
because most often the employee is not free to refuse. In short,
these practices should be abolished.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-07-08' -->
<!--#set var='PUB' value='2023-06-12' --> <!--#set var='ID' value='M202306120' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Edge <a
href="https://www.neowin.net/news/edge-sends-images-you-view-online-to-microsoft-here-is-how-to-disable-that/">sends
the URLs of images the user views to Microsoft's servers</a> by
default, supposedly to “enhance” them. And these images
<a href="/proprietary/proprietary-surveillance.html#M201405140">may
end up on the NSA's servers</a>.</p>
<p>Microsoft claims its nonfree browser sends the URLs without
identifying you, which cannot be true, since at least your IP
address is known to the server if you don't take extra measures.
Either way, such enhancer service is unjust because any image editing
<a href="/philosophy/who-does-that-server-really-serve.html">should
be done on your own computer using installed free software</a>.</p>
<p>The article describes how to disable sending the URLs. That makes
a change for the better, but we suggest that you instead switch to a
freedom-respecting browser with additional privacy features such as
<a href="/software/gnuzilla/">IceCat</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-05-29' -->
<!--#set var='PUB' value='2023-05-04' --> <!--#set var='ID' value='M202305040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Controlling Honeywell internet thermostats with the dedicated
app has proven unreliable, due to <a
href="https://piunikaweb.com/2022/03/15/honeywell-total-connect-comfort-app-website-not-working-issue/">
recurrent connection issues with the server these thermostats are
tethered to</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-05-18' -->
<!--#set var='PUB' value='2023-05-10' --> <!--#set var='ID' value='M202305100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>HP delivers printers with a
universal back door, and recently used it to <a
href="https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge">
sabotage them by remotely installing malware</a>. The malware makes the
printer refuse to function with non-HP ink cartrides, and even with old
HP cartridges which HP now declares to have “expired.”
HP calls the back door “dynamic security,”
and has the gall to claim that this “security” protects
users from malware.</p>
<p>If you own an HP printer that can still use non-HP cartridges,
we urge you to disconnect it from the internet. This will ensure that
HP doesn't sabotage it by “updating” its software.</p>
<p><small>Note how the author of the Guardian article credulously
repeats HP's assertion that the “dynamic security”
feature protects users against malware, not recognizing that the
article demonstrates it does the opposite.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-29' -->
<!--#set var='PUB' value='2023-02-14' --> <!--#set var='ID' value='M202302140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is <a
href="https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser">
remotely disabling Internet Explorer, forcibly redirecting users to
Microsoft Edge</a>.</p>
<p>Imposing such change is malicious, and the fact that the redirection
is from one unjust program (IE) to another unjust program (Edge)
does not excuse it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-29' -->
<!--#set var='PUB' value='2023-01-19' --> <!--#set var='ID' value='M202301190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft <a
href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/">
released an “update” that installs a surveillance
program</a> on users' computers to gather data on some installed
programs for Microsoft's benefit. The update is rolling out
automatically, and the program runs “one time silently.”</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-25' -->
<!--#set var='PUB' value='2023-02-28' --> <!--#set var='ID' value='M202302280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Volkswagen <a
href="https://pluralistic.net/2023/02/28/kinderwagen/">
tracks the location of every driver, and sells that data to
third-parties</a>. However, it refuses to use the data to implement a
feature for the benefit of its customers unless they pay extra money
for it.</p>
<p>This came to attention and brought controversy when Volkswagen
refused to locate a car-jacked vehicle with a toddler in it because
the owner of the car had not subscribed to the relevant service.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-25' -->
<!--#set var='PUB' value='2022-07-14' --> <!--#set var='ID' value='M202207140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>BMW is now luring British customers into <a
href="https://edition.cnn.com/2022/07/14/business/bmw-subscription/index.html">
paying for the built-in heated-seat feature of their new cars on a
subscription basis</a>. People also have the option to buy the feature
when they are paying for the car, but those who bought a used car have
to pay BMW extra money to remotely enable the heated seats. This is
probably done by BMW accessing a back door in the car software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-25' -->
<!--#set var='PUB' value='2022-07-04' --> <!--#set var='ID' value='M202207040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A bug in Tesla cars software <a
href="https://www.tweaktown.com/news/86780/new-app-allows-hackers-to-steal-teslas-by-making-their-own-keys/index.html">
lets crackers install new car keys</a>, unlock cars, start engines,
and even prevent real owners from accessing their cars.</p>
<p>A cracker even reported that he was able to <a
href="https://fortune.com/2022/01/12/teen-hacker-david-colombo-took-control-25-tesla-ev/">
disable security systems and take control of 25 cars</a>.</p>
<small>Please note that these articles wrongly use the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hacker</a>”
instead of cracker.</small>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-12' -->
<!--#set var='PUB' value='2023-04-06' --> <!--#set var='ID' value='M202304060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tesla cars record videos of activity inside the car, and <a
href="https://arstechnica.com/tech-policy/2023/04/tesla-workers-shared-images-from-car-cameras-including-scenes-of-intimacy/">
company staff can watch those recordings and copy them</a>. Or at
least they were able to do so until last year.</p>
<p>Tesla may have changed some security functions so that this
is harder to do. But if Tesla can get those recordings, that is
because it is planning for some people to use them in some situation,
and that is unjust already. It should be illegal to make a car
that takes photos or videos of the people in the car—or of
people outside the car.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-04' -->
<!--#set var='PUB' value='2023-04-03' --> <!--#set var='ID' value='M202304030' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Pinduoduo app <a
href="https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html">
snoops on other apps, and takes control of them</a>. It also installs
additional malware that is hard to remove.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-04-04' -->
<!--#set var='PUB' value='2023-04-01' --> <!--#set var='ID' value='M202304010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>GM is switching to a new
audio/video system in its cars in order to <a
href="https://edition.cnn.com/2023/04/01/business/gm-apple-play-evs/index.html">
collect complete information about what people in the car watch or
listen to, and also how they drive</a>.</p>
<p>The new system for navigation and “driving assistance”
will be tethered to various online dis-services, and GM will snoop on
everything the users do with them. But don't feel bad about that,
because some of these subscriptions will be gratis for the first
8 years.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-03-15' -->
<!--#set var='PUB' value='2023-02-08' --> <!--#set var='ID' value='M202302080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As soon as it boots, and without asking any permission, <a
href="https://web.archive.org/web/20230212120649/https://www.techspot.com/news/97535-windows-11-spyware-machine-out-users-control.html">Windows
11 starts to send data to online servers</a>. The user's personal
details, location or hardware information are reported to Microsoft and
other companies to be used as telemetry data. All of this is done is
the background, and users have no easy way to prevent it—unless
they switch the computer offline.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-01-29' -->
<!--#set var='PUB' value='2023-01-23' --> <!--#set var='ID' value='M202301230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A dispute between Blizzard and one of its partners caused <a
href="https://www.theguardian.com/world/2023/jan/23/world-of-warcraft-offline-china-millions-gamers-bereft">
World of Warcraft to go offline in China</a>. The shutdown may not be
permanent, but even if it is not, the fact that a business disagreement
can stop all users in China from playing the game illustrates the
injustice of requiring the use of a specific server.</p>
<p>We expect that users must pay to use that server, but whether that
is the case is a side issue. Even if use of that server is gratis,
the harm comes from the fact that the program doesn't allow people
to make and use other servers for that job.</p>
<p>Let's hope game fans in China learn the importance of <a
href="https://gnu.org/philosophy/nonfree-games.html">rejecting nonfree
games</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2023-01-08' -->
<!--#set var='PUB' value='2022-11-30' --> <!--#set var='ID' value='M202211301' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Hackers discovered <a
href="https://samcurry.net/web-hackers-vs-the-auto-industry/"> dozens
of flaws in the security (in the usual narrow sense) of many brands
of automobiles</a>.</p>
<p>Security in the usual narrow sense means security against unknown
third parties. We are more concerned with security in the broader
sense—against the manufacturer as well as against unknown
third parties. It is clear that each of these vulnerabilities can
be exploited by the manufacturer too, and by any government that
can threaten the manufacturer enough to compel the manufacturer's
cooperation.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-12-13' -->
<!--#set var='PUB' value='2022-11-14' --> <!--#set var='ID' value='M202211140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://web.archive.org/web/20230101185726/https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558">
The iMonster app store client programs collect many kinds of data</a>
about the user's actions and private communications. “Do not
track” options are available, but tracking doesn't stop if
the user activates them: Apple keeps on collecting data for itself,
although it claims not to send it to third parties.</p>
<p><a
href="https://www.theregister.com/2022/11/14/apple_data_collection_lawsuit/">
Apple is being sued</a> for that.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-12-05' -->
<!--#set var='PUB' value='2022-10-14' --> <!--#set var='ID' value='M202210140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/">
The Microsoft Office encryption is weak</a>, and susceptible to
attack.</p>
<p>Encryption is a tricky field, and easy to mess up. It is wise
to insist on encryption software that is (1) free software and (2)
studied by experts.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-12-03' -->
<!--#set var='PUB' value='2022-11-30' --> <!--#set var='ID' value='M202211300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a href="https://www.techarp.com/mobile/apple-china-limit-airdrop/">
Obeying a demand by the Chinese government, Apple restricted the
use of AirDrop in China</a>. It imposed a ten-minute time limit
during which users can receive files from non contacts. This makes
it nearly impossible to use AirDrop for its intended purpose, which
is to exchange files with strangers between iMonsters in physical
proximity. This happened after it became known that dissenters
were using the app to distribute digital anti-government fliers
anonymously.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-11-26' -->
<!--#set var='PUB' value='2022-10-11' --> <!--#set var='ID' value='M202210110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Xiaomi provides a tool to <a
href="https://www.guidetoroot.com/unlock-bootloader-on-any-xiaomi-phones/">
unlock the bootloader of Xiaomi smartphones and tablets</a>,
but this requires creating an account on the company's servers,
i.e. providing your phone number. This is the price you have to pay
for “legally” running a free software operating system
on Xiaomi devices. But the manufacturer retains control of the
unlocked device through a backdoor in the bootloader—the same
backdoor that was remotely used to unlock it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-21' -->
<!--#set var='PUB' value='2022-09-00' --> <!--#set var='ID' value='M202209000' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a hreflang="ja"
href="https://ja.wikipedia.org/wiki/B-CAS">B-CAS</a> <a
href="#m1">[1]</a> is the digital restrictions management (DRM) system
used by Japanese TV broadcasters, including NHK (public-service TV).
It is sold
by the B-CAS company, which has a de-facto monopoly on it. Initially
intended for pay-TV, its use was extended to digital free-to-air
broadcasting as a means to enforce restrictions on copyrighted
works. The system encrypts works that permit free redistribution
just like other works, thus denying users their nominal rights.</p>
<p>On the client side, B-CAS is typically implemented by a card
that plugs into a compatible receiver, or alternatively by a tuner
card that plugs into a computer. Beside implementing drastic copying
and viewing restrictions, this system gives broadcasters full power
over users, through back doors among other means. For example:</p>
<ul>
<li>It can force messages to the user's TV screen, and the user
can't turn them off.</li>
<li>It can collect viewing information and send it to other
companies to take surveys. Until 2011, user registration was
required, so the viewing habits of each customer were recorded. We
don't know whether this personal information was deleted from the
company's servers after 2011.</li>
<li>Each card has an ID, which enables broadcasters to force
customer-specific updates via the back door normally used to update
the decryption key. Thus pay-TV broadcasters can disable decryption
of the broadcast wave if subscription fees are not paid on time.
This feature could also be used by any broadcaster (possibly
instructed by the government) to stop certain persons from watching
TV.</li>
<li>As the export of B-CAS cards is illegal, people outside Japan
can't (officially) decrypt the satellite broadcast signal that may
spill over to their location. They are thus deprived of a valuable
source of information about what happens in Japan.</li>
</ul>
<p>These unacceptable restrictions led to a sort of cat-and-mouse
game, with some users doing their best to bypass the system, and
broadcasters trying to stop them without much success: cryptographic
keys were retrieved through the back door of the B-CAS card, illegal
cards were made and sold on the black market, as well as a tuner for
PC that disables the copy control signal.</p>
<p>While B-CAS cards are still in use with older equipment, modern
high definition TVs have an even nastier version of this DRM (called
ACAS) in a special chip that is built into the receiver. The chip
can update its own software from the company's servers, even when
the receiver is turned off (but still plugged into an outlet). This
feature could be abused to disable stored TV programs that the power
in place doesn't agree with, thus interfering with free speech.</p>
<p>Being part of the receiver, the ACAS chip is supposed to be
tamper-resistant. Time will tell…</p>
<p id="m1"><small>[1] We thank the free software supporter who
translated this article from Japanese, and shared his experience of
B-CAS with us. (Unfortunately, the article presents DRM as a good
thing.)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-20' -->
<!--#set var='PUB' value='2022-08-24' --> <!--#set var='ID' value='M202208240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A security researcher found that the iOS in-app browser of TikTok <a
href="https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows">
injects keylogger-like JavaScript code into outside web pages</a>. This
code has the ability to track all users' activities, and to
retrieve any personal data that is entered on the pages. We have
no way of verifying TikTok's claim that the keylogger-like code
only serves purely technical functions. Some of the accessed data
could well be saved to the company's servers, and even sent to
third parties. This would open the door to extensive surveillance,
including by the Chinese government (to which TikTok has indirect
ties). There is also a risk that the data would be stolen by crackers,
and used to launch malware attacks.</p>
<p>The iOS in-app browsers of Instagram and Facebook
behave essentially the same way as TikTok's. The main
difference is that Instagram and Facebook allow users
to access third-party sites with their default browser, whereas <a
href="https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/">
TikTok makes it nearly impossible</a>.</p>
<p>The researcher didn't study the Android versions of in-app
browsers, but we have no reason to assume they are safer than the
iOS versions.</p>
<p><small>Please note that the article wrongly refers
to crackers as “hackers.”</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-14' -->
<!--#set var='PUB' value='2022-08-07' --> <!--#set var='ID' value='M202208070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Epson printers are programmed to <a
href="https://hardware.slashdot.org/story/22/08/07/0350244/epson-programs-some-printers-to-stop-operating-claiming-danger-of-ink-spills">
stop working after they have printed a predetermined number
of pages</a>, on the pretext that ink pads become saturated
with ink. This constitutes an unacceptable infringement on
users' freedom to use their printers as they wish, and on their <a
href="https://fighttorepair.substack.com/p/citing-danger-of-ink-spills-epson">
right to repair them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-14' -->
<!--#set var='PUB' value='2022-04-14' --> <!--#set var='ID' value='M202204140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Today's “smart” TVs <a
href="https://www.techdirt.com/2022/04/14/its-still-stupidly-ridiculously-difficult-to-buy-a-dumb-tv/">
push people to surrender to tracking via internet</a>. Some won't work
unless they have a chance to download nonfree software. And they are
designed for programmed obsolescence.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-13' -->
<!--#set var='PUB' value='2022-08-29' --> <!--#set var='ID' value='M202208290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>US states that ban abortion talk about making it a
crime to go to another state to get an abortion. They could <a
href="https://www.cnn.com/2022/08/29/tech/wireless-carriers-locations-fcc/index.html">
use various forms of location tracking, including the network,
to prosecute abortion-seekers</a>. The state could subpoena the
data, so that the network's “privacy” policy would be
irrelevant.</p>
<p>That article explains why wireless networks collect location
data, one unavoidable reason and one avoidable (emergency calls).
It also explains some of the many ways the location data are
used.</p>
<p>Networks should never do localization for emergency calls
except when you make an emergency call, or when there is a court order
to do so. It should be illegal for a network to do precise localization
(the kind needed for emergency calls) except to handle an emergency
call, and if a network does so illegally, it should be required to
inform the owner of the phone in writing on paper, with an apology.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-09-12' -->
<!--#set var='PUB' value='2015-07-28' --> <!--#set var='ID' value='M201507281' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many retail businesses publish cr…apps that ask to <a
href="https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/">
spy on the user's own data</a>—often many kinds.</p>
<p>Those companies know that snoop-phone usage trains people to say
yes to almost any snooping.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-31' -->
<!--#set var='PUB' value='2020-06-11' --> <!--#set var='ID' value='M202006110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Network location tracking is used, among other techniques, for <a
href="https://www.linkedin.com/pulse/location-based-advertising-has-starbucks-coupon-finally-john-craig">
targeted advertising</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-28' -->
<!--#set var='PUB' value='2022-08-22' --> <!--#set var='ID' value='M202208220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tesla <a
href="https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html">
sells an add-on software feature that drivers are not allowed
to use</a>.</p>
<p>This practice depends on a back door, which is unjust in
itself. Asking users to buy something years in advance to avoid having
to pay an even higher price later is manipulative.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-28' -->
<!--#set var='PUB' value='2022-07-20' --> <!--#set var='ID' value='M202207200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Shortcuts, a built-in scripting app on Apple devices, <a
href="https://support.apple.com/guide/shortcuts/apdf01f8c054/5.0/ios/15.0">
doesn't give you complete freedom to share scripts</a>
(a.k.a. “shortcuts”). Exporting a script as a file <a
href="https://web.archive.org/web/20230329031338/https://www.reddit.com/r/StallmanWasRight/comments/vogb0c/all_methods_of_sharing_ios_shortcuts_require_an/">
requires an Apple ID</a>, and may be subjected to censorship by Apple.</p>
<p>In this situation (and many others), switching from iPhony/iBad to a
freedom respecting device gives you both convenience and freedom. The
assumption that you must sacrifice convenience to get freedom is
often wrong. Jails are inconvenient.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-22' -->
<!--#set var='PUB' value='2022-07-30' --> <!--#set var='ID' value='M202207300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The nonfree software in a Tesla artificially <a
href="https://www.theguardian.com/business/2022/jul/30/will-connected-cars-persuade-drivers-to-pay-for-a-high-spec-ride">
limits the car's driving range</a>, demanding ransom to unlock the
battery's full charge.</p>
<p>This is one more reason why cars must not be “connected.”</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-22' -->
<!--#set var='PUB' value='2022-07-01' --> <!--#set var='ID' value='M202207010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>ATMs and vending machines in Russia
run nonfree software—The machines' owners <a
href="https://www.themoscowtimes.com/2022/07/01/russian-atms-reject-new-100-ruble-bill-kommersant-a78175">
cannot fix them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-22' -->
<!--#set var='PUB' value='2020-09-22' --> <!--#set var='ID' value='M202009220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Markup investigated 80,000 popular web sites and <a
href="https://themarkup.org/blacklight/2020/09/22/blacklight-tracking-advertisers-digital-privacy-sensitive-websites">
reports on how much they snoop on users</a>. Almost 70,000 had
third-party trackers. 5,000 fingerprinted the browser to identify
users. 12,000 recorded the user's mouse clicks and movements.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-08-22' -->
<!--#set var='PUB' value='2019-05-14' --> <!--#set var='ID' value='M201905140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Adobe <a
href="https://www.vice.com/en/article/a3xk3p/adobe-tells-users-they-can-get-sued-for-using-old-versions-of-photoshop">
revoked the license of some older versions</a> of its applications,
and warned customers that they can get sued for using them.</p>
<p>This is further proof that users of nonfree software are in the
hands of its developer.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-06-14' -->
<!--#set var='PUB' value='2022-06-02' --> <!--#set var='ID' value='M202206020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Canada has fined the company Tim Hortons for making <a
href="https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/">
an app that tracks people's movements</a> to learn things such as
where they live, where they work, and when they visit competitors'
stores.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-06-04' -->
<!--#set var='PUB' value='2022-05-24' --> <!--#set var='ID' value='M202205240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A worldwide investigation found that
most of the applications that school districts
recommended for remote education during the COVID-19 pandemic <a
href="https://web.archive.org/web/20220525011540/https://www.washingtonpost.com/technology/2022/05/24/remote-school-app-tracking-privacy/">track
and collect personal data from children as young as below the age of
five</a>. These applications, and their websites, send the collected
information to ad giants such as Facebook and Google, and they are
still being used in the classrooms even after some of the schools
reopened.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-05-10' -->
<!--#set var='PUB' value='2022-04-28' --> <!--#set var='ID' value='M202204280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The US government <a
href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">sent
personal data to Facebook</a> for every college student that applied
for US government student aid. It justified this as being for a
“campaign.”</p>
<p>The data included name, phone number and email address. This shows
the agency didn't even make a handwaving attempt to anonymize the
student. Not that anonymization usually does much good—but
the failure to even try shows that the agency was completely blind
to the issue of respecting students' privacy.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-05-08' -->
<!--#set var='PUB' value='2016-03-06' --> <!--#set var='ID' value='M201603060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Electronic Arts <a
href="https://techraptor.net/gaming/news/darkspore-servers-shut-down">made
one of its games permanently unplayable</a> by shutting down its
servers. This game was heavily reliant on the company's servers,
and because the software is proprietary, users can't modify it to
make it connect to some other server. If the game were free, people
could still play what they purchased.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-19' -->
<!--#set var='PUB' value='2022-04-04' --> <!--#set var='ID' value='M202204040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>New Amazon worker chat app <a
href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would
ban specific words Amazon doesn't like</a>, such as
“union”, “restrooms”, and “pay
raise”. If the app was free, workers could modify the program
so it acts as they wish, not how Amazon wants it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-18' -->
<!--#set var='PUB' value='2022-03-01' --> <!--#set var='ID' value='M202203010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The nonfree app “Along,”
developed by a company controlled by Zuckerberg, <a
href="https://kappanonline.org/dont-go-along-with-corporate-schemes-to-gather-up-student-data/">
leads students to reveal to their teacher personal information</a>
about themselves and their families. Conversations are recorded
and the collected data sent to the company, which grants itself the
right to sell it. See also <a
href="/education/educational-malware-app-along.html#content">Educational Malware App “Along”</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-12' -->
<!--#set var='PUB' value='2022-03-21' --> <!--#set var='ID' value='M202203210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple prevents people from upgrading their Mac hardware <a
href="https://www.theverge.com/2022/3/21/22989226/apple-mac-studios-removable-ssd-blocked-software-replacement">by
imposing DRM on its removable SSD storage</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-06' -->
<!--#set var='PUB' value='2022-02-15' --> <!--#set var='ID' value='M202202151' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Honorlock set a network of fake test answer
honeypot sites, tempting people to get exam answers, but <a
href="https://themarkup.org/machine-learning/2022/02/15/a-network-of-fake-test-answer-sites-is-trying-to-incriminate-students">that
is a way to entrap students, so as to identify them and punish
them</a>, using nonfree JS code to identify them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-06' -->
<!--#set var='PUB' value='2022-01-29' --> <!--#set var='ID' value='M202201290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>“Smart” TV manufacturers <a
href="https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data">
spy on people using various methods</a>, and harvest their
data. They are collecting audio, video, and TV usage data to profile
people.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-04' -->
<!--#set var='PUB' value='2022-02-19' --> <!--#set var='ID' value='M202202190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Hewlett-Packard is <a
href="https://www.theguardian.com/money/2022/feb/19/how-cheap-ink-cartridges-can-cost-you-dear">
implementing DRM in its printers</a> so they refuse to print with
ink cartridges from another supplier.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-04' -->
<!--#set var='PUB' value='2022-02-15' --> <!--#set var='ID' value='M202202150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.eff.org/deeplinks/2022/02/worst-timeline-printer-company-putting-drm-paper-now">
Dymo is now embedding DRM in the paper rolls for its label
printers</a> to make those printers reject equivalent paper rolls made
by other companies. This is implemented by an RFID tag, which keeps
track of how many labels remain on the roll, and blocks further
printing when the roll is empty—an efficient way to prevent
reusing the same RFID with a third-party roll.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-04' -->
<!--#set var='PUB' value='2022-02-09' --> <!--#set var='ID' value='M202202090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A security failure in Microsoft's Windows is <a
href="https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/">infecting
people's computers with RedLine stealer malware</a> using a fake
Windows 11 upgrade installer.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-04-04' -->
<!--#set var='PUB' value='2022-01-27' --> <!--#set var='ID' value='M202201270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The data broker X-Mode <a
href="https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker">bought
location data about 20,000 people collected by around 100 different
malicious apps</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-02-27' -->
<!--#set var='PUB' value='2019-03-21' --> <!--#set var='ID' value='M201903211' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The MoviePass dis-service <a
href="https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/">
is planning to use face recognition to track people's eyes</a>
to make sure they won't put their phones down or look away during
ads—and trackers.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-31' -->
<!--#set var='PUB' value='2022-01-04' --> <!--#set var='ID' value='M202201040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A critical bug in Apple's iOS makes
it possible for attackers to alter a shutdown event, <a
href="https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/">tricking
the user into thinking that the phone has been powered
off</a>. But in fact, it's still running, and the user can't feel
any difference between a real shutdown and the fake shutdown.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-31' -->
<!--#set var='PUB' value='2017-09-02' --> <!--#set var='ID' value='M201709020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://web.archive.org/web/20230607090524/https://old.reddit.com/r/Instagram/comments/6xkhi8/ig_suddenly_asking_for_phone_number_not_visible/">Instagram
is forcing users to give away their phone numbers</a> and won't let
people continue using the app if they refuse.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-19' -->
<!--#set var='PUB' value='2022-01-05' --> <!--#set var='ID' value='M202201050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Norton 360 antivirus <a
href="https://www.howtogeek.com/777952/norton-360-antivirus-now-mines-cryptocurrency/">updated
its program to install a cryptocurrency miner on users' computers</a>
without people's permission. The miner is not turned on by default but
there is no way to completely uninstall the crypto mining software,
which has upset some users.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-11' -->
<!--#set var='PUB' value='2022-01-01' --> <!--#set var='ID' value='M202201010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The legacy company that made
Blackberry phones is about to kill them off <a
href="https://edition.cnn.com/2022/01/01/tech/blackberry-end-of-life/index.html">by
shutting down the server they are tethered to</a>.</p>
<p>If the software on those phones were free (as in freedom),
people could modify their software so they could talk to some other
server.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-11' -->
<!--#set var='PUB' value='2010-03-28' --> <!--#set var='ID' value='M201003280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Sony restricted access to the PlayStation 3 GPU, so people
who installed a GNU/Linux operating system on the console couldn't
use it at full capacity. When some of them broke the restriction, <a
href="https://blog.playstation.com/2010/03/28/ps3-firmware-v3-21-update/">Sony
removed the ability to install other operating
systems</a>. Then users broke that restriction too, but <a
href="https://www.engadget.com/2011-01-12-sony-follows-up-officially-sues-geohot-and-fail0verflow-over-ps.html">got
sued by Sony</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2022-01-11' -->
<!--#set var='PUB' value='2005-12-27' --> <!--#set var='ID' value='M200512270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>To install and use third-party operating
systems and programs on the Xbox console, <a
href="https://events.ccc.de/congress/2005/fahrplan/attachments/591-paper_xbox.pdf">people
had to break the restrictions imposed by Microsoft</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-12-19' --><!--#set -->
<!--#set var='PUB' value='2021-11-20' --><li><small --> <!--#set var='ID' value='M202111201' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>NordicTrack, a company that sells
exercise machines with ability to show videos <a
href="https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/">limits
what people can watch, and recently disabled a feature</a> that was
originally functional. This happened through automatic update and
probably involved a universal back door.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-12-19' --><!--#set -->
<!--#set var='PUB' value='2021-11-20' --><li><small --> <!--#set var='ID' value='M202111200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Hundreds of Tesla drivers <a
href="https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises">were
locked out of their cars as a result of Tesla's app suffering from an
outage</a>, which happened because the app is tethered to the company's
servers.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-12-19' --><!--#set -->
<!--#set var='PUB' value='2021-11-11' --><li><small --> <!--#set var='ID' value='M202111110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some researchers at Google <a href="https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users">found
a zero-day vulnerability on MacOS,
which crackers used to target people visiting the websites</a> of
a media outlet and a pro-democracy labor and political group in Hong
Kong.</p>
<p><small>Please note that the article wrongly refers
to crackers as “<a href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-19' --><!--#set -->
<!--#set var='PUB' value='2021-10-25' --><li><small --> <!--#set var='ID' value='M202110250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Ed Tech
<p>EdTech companies use their surveillance power to
manipulate students, and direct them into tracks towards various
levels of knowledge, power and prestige. The article argues that <a
href="https://blogs.lse.ac.uk/medialse/2021/10/25/algorithmic-injustice-in-education-why-tech-companies-should-require-a-license-to-operate-in-childrens-education/">these
companies should obtain licenses to operate</a>. That wouldn't hurt,
but it doesn't address the root of the problem. All data acquired
in a school about any student, teacher, or employee must not leave
the school, and must be kept in computers that belong to the school
and run free (as in freedom) software. That way, the school district
and/or parents can control what is done with those data.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-18' --><!--#set -->
<!--#set var='PUB' value='2021-11-09' --><li><small --> <!--#set var='ID' value='M202111090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A building in LA, with a supermarket in it, <a
href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands
customers load a particular app to pay for parking in the parking
lot</a>, and accept pervasive surveillance. They also have the
option of entering their license plate numbers in a kiosk. That is
an injustice, too.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-18' --><!--#set -->
<!--#set var='PUB' value='2021-11-04' --><li><small --> <!--#set var='ID' value='M202111040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple's new tactic to restrict users from
repairing their own device and impose DRM on people is to <a
href="https://www.ifixit.com/News/54829/apples-new-screen-repair-trap-could-change-the-repair-industry-forever">completely
disable its Face ID functionality</a> when you replace its screen.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-18' --><!--#set -->
<!--#set var='PUB' value='2021-08-18' --><li><small --> <!--#set var='ID' value='M202108180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is making it harder and harder to <a
href="https://www.theverge.com/22630319/microsoft-windows-11-default-browser-changes">replace
default apps in its Windows</a> operating system and is pressuring
users to use its proprietary programs instead. We believe the
best approach to this would be replacing Windows with a free
(as in freedom) operating system like GNU. We also maintain a <a
href="/distros/free-distros.html">list of fully free distributions
of GNU</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-18' --><!--#set -->
<!--#set var='PUB' value='2018-02-28' --><li><small --> <!--#set var='ID' value='M201802280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Spotify app <a
href="https://www.sec.gov/Archives/edgar/data/1639920/000119312518063434/d494294df1.htm">harvests
users' data to personally identify and know people</a> through music,
their mood, mindset, activities, and tastes. There are over 150
billion events logged daily on the program which contains users'
data and personal information.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-09' --><!--#set -->
<!--#set var='PUB' value='2016-02-11' --><li><small --> <!--#set var='ID' value='M201602110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A pacemaker running proprietary code <a
href="https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/">was
misconfigured and could have killed the implanted person</a>. In order
to find out what was wrong and get it fixed, the person needed to break
into the remote device that sets parameters in the pacemaker (possibly
infringing upon manufacturer's rights under the DMCA). If this system
had run free software, it could have been fixed much sooner.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-11-04' --><!--#set -->
<!--#set var='PUB' value='2021-10-13' --><li><small --> <!--#set var='ID' value='M202110130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Adobe <a
href="https://web.archive.org/web/20211014123717/https://pluralistic.net/2021/10/13/theres-an-app-for-that/#gnash">has
licensed its Flash Player to China's Zhong Cheng Network</a> who is
offering the program bundled with spyware and a back door that can
remotely deactivate it.</p>
<p>Adobe is responsible for this since they gave Zhong Cheng
Network permission to do this. This injustice involves “misuse” of
the DMCA, but “proper,” intended use of the DMCA is a much bigger
injustice. There is <a href="/philosophy/right-to-read.html">a series
of errors related to DMCA</a>.</p>
</li>
<!--#set var='ADD' value='2021-10-30' --><!--#set var='PUB' value='2021-10-16' --><li><small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo encoding='none' var='ADD' --><span class="gnun-split"></span> — Latest reference: <span class="gnun-split"></span><!--#echo encoding='none' var='PUB' --></small>
<p>Canon's all-in-one printer, scanner, and fax machine <a
href="https://www.bleepingcomputer.com/news/legal/canon-sued-for-disabling-scanner-when-printers-run-out-of-ink/">will
stop you from using any of its features if it's out of ink</a>! Since
there's no need for ink to use scan or fax, Canon is sued by its
customers for this malicious behavior. The proprietary software
installed on Canon machines arbitrarily restricts users
<!-- Copied from using
their device as they wish.</p>
</li> workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-10-12' --><!--#set -->
<!--#set var='PUB' value='2021-10-07' --><li><small --> <!--#set var='ID' value='M202110070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://slate.com/technology/2021/10/facebook-unfollow-everything-cease-desist.html">Facebook's
nonfree client forces its useds to look at the newsfeed</a>. A used
of Facebook developed a browser add-on to make it easier to unfollow
everyone and thus make the newsfeed empty. Many of the people used
by Facebook loved this, because they regard the newsfeed as a burden
that Facebook imposes on them.</p>
<p>If the client software for Facebook were free, useds could probably
make the newsfeed disappear by modifying the client not to display
it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-10-12' --><!--#set -->
<!--#set var='PUB' value='2021-09-22' --><li><small --> <!--#set var='ID' value='M202109220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Xiaomi phones <a
href="https://www.theguardian.com/world/2021/sep/22/lithuania-tells-citizens-to-throw-out-chinese-phones-over-censorship-concerns">have
a malfeature to bleep out phrases that express political views
China
the Chinese government does not like</a>. In phones sold in Europe,
Xiaomi leaves this deactivated by default, but has a back door to
activate the censorship.</p>
<p>This is the natural result of having nonfree software in a device
that can communicate with the company that made it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-10-12' --><!--#set -->
<!--#set var='PUB' value='2021-06-25' --><li><small --> <!--#set var='ID' value='M202106250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.elsalvador.com/eldiariodehoy/app-chivo-bitcoin-pone-en-riesgo-datos-personales-de-usuarios/852310/2021/">El
Salvador Dictatorship's Chivo wallet is spyware</a>, it's a
proprietary program that breaks users' freedom and spies on people;
demands personal data such as the national ID number and does face
recognition, and it is bad security for its data. It also asks for
almost every malware permission in people's smartphones.</p>
<p>The article criticizes it for faults in “data
protection”, though <a
href="/philosophy/surveillance-vs-democracy.html">“data protection”
is the wrong approach to privacy anyway</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-10-08' --><!--#set -->
<!--#set var='PUB' value='2021-09-21' --><li><small --> <!--#set var='ID' value='M202109210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google's proprietary Chrome web browser <a
href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/">
added a surveillance API (idle detection API)</a> which lets
websites ask Chrome to report when a user with a web page open is
idle.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-09-20' --><!--#set -->
<!--#set var='PUB' value='2021-09-17' --><li><small --> <!--#set var='ID' value='M202109170' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple has made it <a
href="https://gizmodo.com/apple-and-google-pull-opposition-app-from-russian-store-1847695238">
impossible to load Navalny's tactical voting app into an iPhone</a>
in Russia.</p>
<p>It is impossible because (1) the iPhone refuses to load apps
from anywhere other than Apple, and (2) Apple has obeyed a Russian
censorship law. The first point is enforced by Apple's nonfree
software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-09-15' --><!--#set -->
<!--#set var='PUB' value='2021-08-17' --><li><small --> <!--#set var='ID' value='M202108170' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Various models of security cameras, DVRs,
and baby monitors that run proprietary software <a
href="https://www.wired.com/story/kalay-iot-bug-video-feeds/">are
affected by a security vulnerability that could give attackers access
to live feeds</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-09-01' --><!--#set -->
<!--#set var='PUB' value='2021-08-24' --><li><small --> <!--#set var='ID' value='M202108240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Recent Samsung TVs have a back door with which Samsung can <a
href="https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide">
brick them remotely</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-09-01' --><!--#set -->
<!--#set var='PUB' value='2021-08-20' --><li><small --> <!--#set var='ID' value='M202108200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Russian communications watchdog <a
href="https://www.reuters.com/legal/litigation/russian-watchdog-tells-google-apple-remove-navalny-app-report-2021-08-20/">
tells Google and Apple to remove Navalny's app</a> from their
stores.</p>
<p>Because Apple controls what a user can install, this is absolute
censorship. By contrast, because Android does not do that, users can
install apps even if Google does not offer them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-07-30' --><!--#set -->
<!--#set var='PUB' value='2021-07-18' --><li><small --> <!--#set var='ID' value='M202107180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones">
The pegasus spyware used vulnerabilities on proprietary smartphone
operating systems</a> to impose surveillance on people. It can record
people's calls, copy their messages, and secretly film them, using a
security vulnerability. There's also <a
href="https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf">
a technical analysis of this spyware</a> available in PDF format.</p>
<p>A free operating system would've let people to fix the bugs for
themselves but now infected people will be compelled to wait for corporations to
fix the problems.</p>
<p><small>Please note that the article
wrongly refers to crackers as “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-07-15' --><!--#set -->
<!--#set var='PUB' value='2021-07-09' --><li><small --> <!--#set var='ID' value='M202107090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A newly found Microsoft Windows vulnerability <a
href="https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/">
can allow crackers to remotely gain access to the operating system</a>
and install programs, view and delete data, or even create new user
accounts with full user rights.</p>
<p>The security research firm accidentally leaked instructions on
how the flaw could be exploited but Windows users should still wait
for Microsoft to fix the flaw, if they fix it.</p>
<p><small>Please note that the article
wrongly refers to crackers as “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-07-15' --><!--#set -->
<!--#set var='PUB' value='2021-07-05' --><li><small --> <!--#set var='ID' value='M202107050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/media/2021/jul/05/advertisers-targeted-dream-incubation">
Advertising companies are experimenting to manipulate people's
minds</a>, and impose a new way of advertising by altering their
dreams. This “targeted dream incubation” would trigger
“refreshing dreams” of the product, according to the
companies.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-07-04' --><!--#set -->
<!--#set var='PUB' value='2021-06-22' --><li><small --> <!--#set var='ID' value='M202106220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Peloton company which produces treadmills recently <a
href="https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/">locked
people out of basic features of people's treadmills by a software
update</a>. The company now asks people for a membership/subscription
for what people already paid for.</p>
<p>The software used in the treadmill is proprietary and probably
includes back doors to force software updates. It teaches the lesson
that if a product talks to external networks, you must expect it to
take in new malware.</p>
<p>Please note that the company behind this product said they
are working to reverse the changes so people will no longer need
subscription to use the locked feature.</p>
<p>Apparently public anger made the company back down. If we want that
to be our safety, we need to build up the anger against malicious
features (and the proprietary software that is their entry path)
to the point that even the most powerful companies don't dare.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-27' --><!--#set -->
<!--#set var='PUB' value='2021-06-19' --><li><small --> <!--#set var='ID' value='M202106190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/">Google
automatically installed an app on many proprietary Android phones</a>. The app
might or might not do malicious things but the power Google has over proprietary
Android phones is dangerous.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-22' --><!--#set -->
<!--#set var='PUB' value='2021-06-17' --><li><small --> <!--#set var='ID' value='M202106170' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost
all proprietary health apps harvest users' data</a>, including
sensitive health information, tracking identifiers, and cookies to
track user activities. Some of these applications are tracking users
across different platforms.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-17' --><!--#set -->
<!--#set var='PUB' value='2021-06-03' --><li><small --> <!--#set var='ID' value='M202106030' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok
apps collect biometric identifiers and biometric information from
users' smartphones</a>. The company behind it does whatever it wants
and collects whatever data it can.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-13' --><!--#set -->
<!--#set var='PUB' value='2020-04-13' --><li><small --> <!--#set var='ID' value='M202004131' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google, Apple, and Microsoft (and probably some other companies)
<a href="https://www.lifewire.com/wifi-positioning-system-1683343">are
collecting people's access points and GPS coordinates (which can
identify people's precise location) even if their GPS is turned
off</a>, without the person's consent, using proprietary software
implemented in person's smartphone. Though merely asking for permission
would not necessarily legitimize this.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-09' --><!--#set -->
<!--#set var='PUB' value='2018-08-13' --><li><small --> <!--#set var='ID' value='M201808131' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google
will track people even if people turn off location history</a>, using
Google Maps, weather updates, and browser searches. Google basically
uses any app activity to track people.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-08' --><!--#set -->
<!--#set var='PUB' value='2021-05-30' --><li><small --> <!--#set var='ID' value='M202105300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.theguardian.com/technology/2021/may/30/gadgets-have-stopped-working-together-interoperability-apple">Apple
is systematically undermining interoperability</a>. At the hardware
level, it does this via nonstandard plugs, buses and networks. At
the software level, it does this by not letting the user have any
data except within one app.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-08' --><!--#set -->
<!--#set var='PUB' value='2018-08-13' --><li><small --> <!--#set var='ID' value='M201808130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Since the beginning of 2017, <a
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">Android
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled">Android
phones have been collecting the addresses of nearby cellular
towers</a>, even when location services are disabled, and sending
that data back to Google.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-06-02' --><!--#set -->
<!--#set var='PUB' value='2021-05-24' --><li><small --> <!--#set var='ID' value='M202105240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple
is moving its Chinese customers' iCloud data to a datacenter controlled
by the Chinese government</a>. Apple is already storing the encryption
keys on these servers, obeying Chinese authority, making all Chinese
user data available to the government.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-05-26' --><!--#set -->
<!--#set var='PUB' value='2021-05-13' --><li><small --> <!--#set var='ID' value='M202105130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://gizmodo.com/get-ready-for-in-car-ads-1846888390">Ford
is planning to force ads on drivers in cars</a>, with the ability for
the owner to pay extra to turn them off. The system probably imposes
surveillance on drivers too.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-05-18' --><!--#set -->
<!--#set var='PUB' value='2021-05-04' --><li><small --> <!--#set var='ID' value='M202105040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A motorcycle company named Klim is selling airbag
vests with different payment methods, one of them is through a <a
href="https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment">proprietary
subscription-based option that will block the vest from inflating if
the payments don't go through</a>.</p>
<p>They say there is a 30-days grace period if you miss a payment
but the grace period is no excuse to the insecurity.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-05-13' --><!--#set -->
<!--#set var='PUB' value='2021-05-06' --><li><small --> <!--#set var='ID' value='M202105060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://me2ba.org/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
href="https://internetsafetylabs.org/blog/news-press/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
of school apps are sending student data to potentially high-risk
third parties</a>, putting students and possibly all other school
workers under surveillance. This is made possible by using unsafe
and proprietary programs made by data-hungry corporations.</p>
<p><small>Please note that whether students consent to this or not,
doesn't justify the surveillance they're imposed to.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-05-06' --><!--#set -->
<!--#set var='PUB' value='2021-05-03' --><li><small --> <!--#set var='ID' value='M202105030' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The United States' government is reportedly considering <a
href="https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/">teaming
up with private companies to monitor American citizens' private online
activity and digital communications</a>.</p>
<p>What creates the opportunity to try this is the fact that these
companies are already snooping on users' private activities. That
in turn is due to people's use of nonfree software which snoops,
and online dis-services which snoop.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-04-26' --><!--#set -->
<!--#set var='PUB' value='2021-04-06' --><li><small --> <!--#set var='ID' value='M202104060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The <a
href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire
app saves people's wedding photos forever and hands over data
to others</a>, giving users no control over their personal
information/data. The app also sometimes shows old photos and
memories to users, without giving them any control over this
either.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-04-16' --><!--#set -->
<!--#set var='PUB' value='2021-04-09' --><li><small --> <!--#set var='ID' value='M202104090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A zero-day vulnerability in Zoom which <a
href="https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/">can
be used to launch remote code execution (RCE) attacks</a> has been
disclosed by researchers. The researchers demonstrated a three-bug
attack chain that caused an RCE on a target machine, all this without
any form of user interaction.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-04-11' --><!--#set -->
<!--#set var='PUB' value='2021-02-16' --><li><small --> <!--#set var='ID' value='M202102160' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google <a
href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed
over personal data of Indian protesters and activists to Indian
police</a> which led to their arrest. The cops requested the IP
address and the location where a document was created and with that
information, they identified protesters and activists.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-04-11' --><!--#set -->
<!--#set var='PUB' value='2020-07-02' --><li><small --> <!--#set var='ID' value='M202007020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>BMW is trying to <a
href="https://www.theverge.com/2020/7/2/21311332/bmw-in-car-purchase-heated-seats-software-over-the-air-updates">lock
certain features of its cars, and force people to pay to use part of
the car they already bought</a>. This is done through forced update
of the car software via a radio-operated back door.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-16' --><!--#set -->
<!--#set var='PUB' value='2021-03-10' --><li><small --> <!--#set var='ID' value='M202103100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Amazon's monopoly and DRM is <a
href="https://www.washingtonpost.com/technology/2021/03/10/amazon-library-ebook-monopoly/">stopping
public libraries from lending e-books and
audiobooks</a>. Amazon became powerful in e-book world by <a
href="/philosophy/why-call-it-the-swindle.html">Swindle</a>,
and is now misusing its power and violates people's rights using
<a href="https://www.defectivebydesign.org">Digital Restrictions
Management</a>.</p>
<p>The article is written in a way that endorses DRM in general, which
is unacceptable. <a href="/proprietary/proprietary-drm.html">DRM is
an injustice to people</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-16' --><!--#set -->
<!--#set var='PUB' value='2021-03-09' --><li><small --> <!--#set var='ID' value='M202103090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a href="https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams">Over 150 thousand security cameras that used Verkada
company's proprietary software are cracked</a> by a major security
breach. Crackers have had access to security archives of various
gyms, hospitals, jails, schools, and police stations that have used
Verkada's cameras.</p>
<p><a href="/philosophy/surveillance-vs-democracy.html">It is injustice
to the public</a> for gyms, stores, hospitals, jails, and schools to
hand “security” footage to a company from which the government can
collect it at any time, without even telling them.</p>
<p><small>Please note that the article
wrongly refers to crackers as “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-16' --><!--#set -->
<!--#set var='PUB' value='2020-10-28' --><li><small --> <!--#set var='ID' value='M202010282' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>TV manufacturers are turning to produce only
“Smart” TV sets (which include spyware) that <a
href="https://frame.work/blog/in-defense-of-dumb-tvs">it's now very
hard to find a TV that doesn't spy on you</a>.</p>
<p>It appears that those manufacturers business model is not to produce
TV and sell them for money, but to collect your personal data and
(possibly) hand over them to others for benefit.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-12' --><!--#set -->
<!--#set var='PUB' value='2018-09-12' --><li><small --> <!--#set var='ID' value='M201809121' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tiny Lab Productions, along with online ad businesses run
by Google, Twitter and three other companies are facing a lawsuit <a
href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for
violating people's privacy by collecting their data from mobile games
and handing over these data to other companies/advertisers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-09' --><!--#set -->
<!--#set var='PUB' value='2021-03-05' --><li><small --> <!--#set var='ID' value='M202103050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>At least 30 thousand organizations
in the United States are newly “<a
href="/philosophy/words-to-avoid.html#Hacker">cracked</a>” via <a
href="https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/">holes
in Microsoft's proprietary email software, named Microsoft 365</a>. It
is unclear whether there are other holes and vulnerabilities in the
program or not but history and experience tells us it wouldn't be
the last disaster with proprietary programs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-09' --><!--#set -->
<!--#set var='PUB' value='2021-02-11' --><li><small --> <!--#set var='ID' value='M202102110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Researchers at the security firm SentinelOne discovered a <a
href="https://www.wired.com/story/windows-defender-vulnerability-twelve-years/">security
flaw in proprietary program Microsoft Windows Defender that lurked
undetected for 12 years</a>. If the program was free (as in freedom),
more people would have had a chance to notice the problem, therefore,
it could've been fixed a lot sooner.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-09' --><!--#set -->
<!--#set var='PUB' value='2020-04-30' --><li><small --> <!--#set var='ID' value='M202004301' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex-a7383469308/">are
collecting user's personal and identifiable data</a> including how long
a call lasts, who's participating in the call, and the IP addresses
of everyone taking part. From experience, this can even harm users
physically if those companies hand over data to governments.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-08' --><!--#set -->
<!--#set var='PUB' value='2020-04-27' --><li><small --> <!--#set var='ID' value='M202004270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The proprietary program Microsoft Teams' insecurity <a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif">could
href="https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/">could
have let a malicious GIF steal user data from Microsoft Teams
accounts</a>, possibly across an entire company, and taken control
of “an organization's entire roster of Teams accounts.”</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-03-07' --><!--#set -->
<!--#set var='PUB' value='2020-10-18' --><li><small --> <!--#set var='ID' value='M202010180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is <a
href="https://www.slashgear.com/windows-10-users-are-grumpy-over-forced-updates-and-unwanted-apps-18643135/">forcing
Windows users</a> to <a
href="https://support.microsoft.com/en-us/windows/manage-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe">install
upgrades it pushes</a> using <a
href="/proprietary/proprietary-back-doors.html#windows-update">its
universal back doors</a>. These upgrades can do various harms to
users such as restricting computers from some functions and/or forcing
users to defenselessly do whatever Microsoft tells them to do.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-25' --><!--#set -->
<!--#set var='PUB' value='2021-02-20' --><li><small --> <!--#set var='ID' value='M202102200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The proprietary program Clubhouse
is malware and a privacy disaster. Clubhouse <a
href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects
people's personal data such as recordings of people's
conversations</a>, and, as a secondary problem, does not encrypt them,
which shows a bad security part of the issue.</p>
<p>A user's unique Clubhouse ID number and chatroom ID are transmitted
in plaintext, and Agora (the company behind the app) would likely
have access to users' raw audio, potentially providing access to
the Chinese government.</p>
<p>Even with good security of data transmission, collecting personal
data of people is wrong and a violation of people's privacy rights.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-25' --><!--#set -->
<!--#set var='PUB' value='2021-02-18' --><li><small --> <!--#set var='ID' value='M202102180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is <a
href="https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows">forcibly
removing the Flash player from computers running Windows 10</a>, using
<a href="/proprietary/proprietary-back-doors.html#windows-update">a
universal backdoor in Windows</a>.</p>
<p>The fact that Flash has been <a
href="/proprietary/proprietary-back-doors.html#M202012020">disabled
by Adobe</a> is no excuse for this abuse of power. The nature of
proprietary software, such as Microsoft Windows, gives the developers
power to impose their decisions on users. Free software on the other
hand empowers users to make their own decisions.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-22' --><!--#set -->
<!--#set var='PUB' value='2021-02-19' --><li><small --> <!--#set var='ID' value='M202102190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Prodigy maths game played in schools
at no cost entices students to play it at home, where <a
href="https://www.theguardian.com/technology/2021/feb/19/maths-app-targeting-uk-schools-is-criticised-over-premium-model">
the company tries to lure them into paying for a premium
subscription</a> in exchange for mere cosmetic features that, at
school, underline the socioeconomic gap between those who can afford
it and those who can't.</p>
<p>The strategy of <a href="/education/edu-schools.html">using
schools as a fishing pool for customers</a> is a common practice
traditionally adopted by nonfree software companies.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-22' --><!--#set -->
<!--#set var='PUB' value='2020-12-25' --><li><small --> <!--#set var='ID' value='M202012250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The HonorLock online exam
proctoring program is a surveillance tool that <a
href="https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps">tracks
students and collects data</a> such as face, driving license, and
network information, among others, in blatant violation of students'
privacy.</p>
<p>Preventing students from cheating should not be an excuse for
running malware/spyware on their computers, and it's good that students
are protesting. But their petitions overlook a crucial issue, namely,
the injustice of being forced to run nonfree software in order to
get an education.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-06' --><!--#set -->
<!--#set var='PUB' value='2021-02-01' --><li><small --> <!--#set var='ID' value='M202102010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many cr…apps, developed by various
companies for various organizations, do <a
href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
location tracking unknown to those companies and those
organizations</a>. It's actually some widely used libraries that do
the tracking.</p>
<p>What's unusual here is that proprietary software developer A tricks
proprietary software developers B1 … B50 into making platforms for
A to mistreat the end user.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-02-04' --><!--#set -->
<!--#set var='PUB' value='2020-10-12' --><li><small --> <!--#set var='ID' value='M202010120' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Samsung is forcing its smartphone users in Hong Kong (and Macau) <a
href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
href="https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
use a public DNS in Mainland China</a>, using software update released
in September 2020, which causes many unease and privacy concerns.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-27' --><!--#set -->
<!--#set var='PUB' value='2021-01-13' --><li><small --> <!--#set var='ID' value='M202101130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The authorities in Venice track the <a
href="https://edition.cnn.com/travel/article/venice-control-room-tourism/index.html">
movements of all tourists</a> using their portable phones. The article
says that <em>at present</em> the system is configured to report only
aggregated information. But that could be changed. What will that
system do 10 years from now? What will a similar system in another
country do? Those are the questions this raises.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-19' --><!--#set -->
<!--#set var='PUB' value='2021-01-11' --><li><small --> <!--#set var='ID' value='M202101110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A cracker <a
href="https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom">took
control of people's internet-connected chastity cages and demanded
ransom</a>. The chastity cages are being controlled by a proprietary
app (mobile program).</p>
<p><small>(Please note that the article
wrongly refers to crackers as "<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>".)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-11' --><!--#set -->
<!--#set var='PUB' value='2021-01-08' --><li><small --> <!--#set var='ID' value='M202101080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As of 2021, WhatsApp (one of Facebook's subsidiaries) is <a
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
its users to hand over sensitive personal data</a> to its parent
company. This increases Facebook's power over users, and further
jeopardizes people's privacy and security.</p>
<p>Instead of WhatsApp you can use <a
href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>, which is
free software and will not collect your data.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-08' --><!--#set -->
<!--#set var='PUB' value='2016-04-04' --><li><small --> <!--#set var='ID' value='M201604040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many popular mobile games include a random-reward system called
<a href="#gacha"><i>gacha</i></a> href="/proprietary/proprietary-addictions.html#gacha">
<i>gacha</i></a> which is especially effective on
children. One variant of gacha was declared illegal in Japan in 2012,
but the other variants are still <a
href="https://www.forbes.com/sites/olliebarder/2016/04/04/japanese-mobile-gaming-still-cant-shake-off-the-spectre-of-exploitation/">
luring players into compulsively spending</a> inordinate amounts of
money on virtual toys.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-05' --><!--#set -->
<!--#set var='PUB' value='2021-01-05' --><li><small --> <!--#set var='ID' value='M202101050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Most Internet connected devices in Mozilla's <a
href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
href="https://www.mozillafoundation.org/privacynotincluded/">“Privacy
Not Included”</a> list <a
href="https://foundation.mozilla.org/privacynotincluded/arlo-video-doorbell">are
href="https://www.mozillafoundation.org/privacynotincluded/arlo-video-doorbell/">are
designed to snoop on users</a> even if they meet
Mozilla's “Minimum Security Standards.” Insecure
design of the program running on some of these devices <a
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
href="https://www.mozillafoundation.org/privacynotincluded/vibratissimo-panty-buster/">makes
the user susceptible to be snooped on and exploited by crackers as
well</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-04' --><!--#set -->
<!--#set var='PUB' value='2021-01-04' --><li><small --> <!--#set var='ID' value='M202101040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The personal finance management software “Quicken” <a
href="https://www.quicken.com/support/quicken-discontinuation-policy">
href="https://www.quicken.com/support/quicken-discontinuation-policy/">
has a discontinuation policy, a.k.a. planned obsolescence</a>, which is
an injustice to users. A free (as in freedom) program would let users
control the software. But when you use a proprietary software,
you won't be in control.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-04' --><!--#set -->
<!--#set var='PUB' value='2020-12-02' --><li><small --> <!--#set var='ID' value='M202012020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Adobe Flash Player <a
href="https://www.adobe.com/products/flashplayer/end-of-life.html">
has a universal back door</a> which lets Adobe control
the software and, for example, disable it whenever it
wants. Adobe will block Flash content from running in Flash Player
beginning January 12, 2021, which indicates that they have access to
every Flash Player through a back door.</p>
<p>The back door won't be dangerous in the future, as it'll disable
a proprietary program and make users delete the software, but it
was an injustice for many years. Users should have deleted Flash Player
even before its end of life.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-04' --><!--#set -->
<!--#set var='PUB' value='2020-10-21' --><li><small --> <!--#set var='ID' value='M202010210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As of 2019-2020, Minecraft players are <a
href="https://www.minecraft.net/en-us/article/java-edition-moving-house">being
forced to move to Microsoft servers</a>, which results in
privacy violation. Microsoft publishes a program so users can run
their own server, but the program is proprietary and it's another <a
href="/philosophy/free-software-even-more-important.html">injustice
to users</a>.</p>
<p>People can play <a
href="https://directory.fsf.org/wiki/Minetest">Minetest</a>
instead. Minetest is free software and respects the user's computer
freedom.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2021-01-04' --><!--#set -->
<!--#set var='PUB' value='2020-09-07' --><li><small --> <!--#set var='ID' value='M202009070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>While the world is still
struggling with COVID-19 coronavirus, many <a
href="https://mashable.com/article/privacy-in-the-age-of-coronavirus/">people
href="https://mashable.com/article/privacy-in-the-age-of-coronavirus">people
are in danger of surveillance</a> and their computers are infected
with malware as a result of installing proprietary software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-26' --><!--#set -->
<!--#set var='PUB' value='2020-11-05' --><li><small --> <!--#set var='ID' value='M202011050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>HP tricked users into installing
a mischievous update in their printers that <a
href="https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer">made
the devices reject all third-party ink cartridges</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-23' --><!--#set -->
<!--#set var='PUB' value='2020-12-15' --><li><small --> <!--#set var='ID' value='M202012150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>United States officials are facing
one of biggest crackings against them in years, when <a
href="https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department">malicious
code was sneaked into SolarWinds' proprietary software named
Orion</a>. Crackers got access to networks when users downloaded
a tainted software update. Crackers were able to monitor internal
emails at some of the top agencies in the US.</p>
<p><small>(Please note that the article
wrongly refers to crackers as "<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>".)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-22' --><!--#set -->
<!--#set var='PUB' value='2020-12-20' --><li><small --> <!--#set var='ID' value='M202012200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Commercial crackware can <a
href="https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say">
get passwords out of an iMonster</a>, use the microphone and camera,
and other things.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-21' --><!--#set -->
<!--#set var='PUB' value='2020-12-19' --><li><small --> <!--#set var='ID' value='M202012190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/">
A Zoom executive carried out snooping and censorship for
China</a>.</p> the Chinese
government</a>.</p>
<p>This abuse of Zoom's power shows how dangerous that power is. The
root problem is not the surveillance and censorship, but rather the
power that Zoom has. It gets that power partly from the use of its
server, but also partly from the nonfree client program.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-18' --><!--#set -->
<!--#set var='PUB' value='2020-11-23' --><li><small --> <!--#set var='ID' value='M202011230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Wavelink and JetStream wifi routers have
universal back doors that enable unauthenticated
users to remotely control not only the routers, but
also any devices connected to the network. There is evidence that <a
href="https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/">
this vulnerability is actively exploited</a>.</p>
<p>If you consider buying a router, we encourage you to get one
that <a href="https://ryf.fsf.org/categories/routers">runs on free
software</a>. Any attempts at introducing malicious functionalities in
it (e.g., through a firmware update) will be detected by the community,
and soon corrected.</p>
<p>If unfortunately you own a router that runs on
proprietary software, don't panic! You may be able to
replace its firmware with a free operating system such as <a
href="https://librecmc.org">libreCMC</a>. If you don't know how,
you can get help from a nearby GNU/Linux user group.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-17' --><!--#set -->
<!--#set var='PUB' value='2020-12-07' --><li><small --> <!--#set var='ID' value='M202012070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Baidu apps were <a
href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
caught collecting sensitive personal data</a> that can be used for
lifetime tracking of users, and putting them in danger. More than 1.4
billion people worldwide are affected by these proprietary apps, and
users' privacy is jeopardized by this surveillance tool. Data collected
by Baidu may be handed over to the Chinese government, possibly
putting Chinese people in danger.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-12-05' --><!--#set -->
<!--#set var='PUB' value='2020-11-26' --><li><small --> <!--#set var='ID' value='M202011260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft's Office 365 suite enables employers <a
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
snoop on each employee</a>. After
a public outburst, Microsoft stated that <a
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
would remove this capability</a>. Let's hope so.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-25' --><!--#set -->
<!--#set var='PUB' value='2020-11-12' --><li><small --> <!--#set var='ID' value='M202011120' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple has <a
href="https://sneak.berlin/20201112/your-computer-isnt-yours">implemented
href="https://sneak.berlin/20201112/your-computer-isnt-yours/">implemented
a malware in its computers that imposes surveillance</a> on users
and reports users' computing to Apple.</p>
<p>The reports are even unencrypted and they've been leaking this
data for two years already. This malware is reporting to Apple what
user opens what program at what time. It also gives Apple
power to sabotage users' computing.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-23' --><!--#set -->
<!--#set var='PUB' value='2020-11-09' --><li><small --> <!--#set var='ID' value='M202011090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>According to FTC, the
company behind the Zoom conferencing software <a
href="https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/">has
lied to users about its end-to-end encryption</a> for years, at least
since 2016.</p>
<p>People can use free (as in freedom) programs such as <a
href="https://directory.fsf.org/wiki/Jitsi">Jitsi</a> or <a
href="https://directory.fsf.org/wiki/BigBlueButton">BigBlueButton</a>,
better still if installed in a server controlled by the users.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-21' --><!--#set -->
<!--#set var='PUB' value='2020-04-15' --><li><small --> <!--#set var='ID' value='M202004150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Riot Games' new anti-cheat is malware; <a
href="https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver">runs
on system boot at kernel level</a> on Windows. It is insecure software
that increases the attack surface of the operating system.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-19' --><!--#set -->
<!--#set var='PUB' value='2020-03-26' --><li><small --> <!--#set var='ID' value='M202003260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Apple iOS version of Zoom <a
href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
sending users' data to Facebook</a> even if the user doesn't have
a Facebook account. According to the article, Zoom and Facebook
don't even mention this surveillance on their privacy policy page,
making this an obvious violation of people's privacy even in their
own terms.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-14' --><!--#set -->
<!--#set var='PUB' value='2020-11-06' --><li><small --> <!--#set var='ID' value='M202011060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A new app published by Google <a
href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets
banks and creditors deactivate people's Android devices</a> if they
fail to make payments. If someone's device gets deactivated, it will
be limited to basic functionality, such as emergency calling and
access to settings.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-14' --><!--#set -->
<!--#set var='PUB' value='2019-05-28' --><li><small --> <!--#set var='ID' value='M201905281' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft <a
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
people to give their phone number</a> in order to be able to create an account on
the company's network. On top of mistreating their users by providing
nonfree software, Microsoft is tracking their lives outside the computer and
violates their privacy.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-10' --><!--#set -->
<!--#set var='PUB' value='2020-06-12' --><li><small --> <!--#set var='ID' value='M202006120' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The company behind Zoom does not only deny
users' computer freedom by developing this piece
of nonfree software, it also violates users' civil rights by <a
href="https://www.theverge.com/2020/6/12/21288995/zoom-blocking-feature-chinese-government-censorship">banning
events and censoring users</a> to serve the agenda of governments.</p>
<p>Freedom respecting programs such as <a
href="https://directory.fsf.org/wiki/Jitsi">Jitsi</a> or <a
href="https://directory.fsf.org/wiki/BigBlueButton">BigBlueButton</a>
can be used instead, better still if installed in a server controlled
by its users.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-02' --><!--#set -->
<!--#set var='PUB' value='2020-10-22' --><li><small --> <!--#set var='ID' value='M202010221' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is imposing its
surveillance on the game of Minecraft by <a
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
every player to open an account on Microsoft's network</a>. Microsoft
has bought the game and will merge all accounts into its network,
which will give them access to people's data.</p>
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play Minetest</a>
instead. The essential advantage of Minetest is that it is free
software, meaning it respects the user's computer freedom. As a bonus,
it offers more options.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-11-02' --><!--#set -->
<!--#set var='PUB' value='2019-12-16' --><li><small --> <!--#set var='ID' value='M201912160' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft is <a
href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
users to create an account on their network</a> to be able to install
and use the Windows operating system, which is malware. The account can
be used for surveillance and/or violating people's rights in many ways,
such as turning their purchased software to a subscription product.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-10-28' --><!--#set -->
<!--#set var='PUB' value='2020-10-22' --><li><small --> <!--#set var='ID' value='M202010220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The addictive Genshin Impact relentlessly <a
href="https://www.theguardian.com/games/2020/oct/22/genshin-impact-video-game-slowly-taking-over-the-world">coerces
players to spend money by overwhelming the game play with loot
boxes</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-10-16' --><!--#set -->
<!--#set var='PUB' value='2020-09-10' --><li><small --> <!--#set var='ID' value='M202009100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Internet-enabled watches with proprietary software
are malware, violating people (specially children's)
privacy. In addition, they have a lot of security flaws. They <a
href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
permit security breakers (and unauthorized people) to access</a> the watch.</p>
<p>Thus, ill-intentioned unauthorized people can intercept communications between parent and child and spoof messages to and from the watch, possibly endangering the child.</p>
<p><small>(Note that this article misuses the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
to mean “crackers.”)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-10-06' --><!--#set -->
<!--#set var='PUB' value='2020-03-11' --><li><small --> <!--#set var='ID' value='M202003110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Roblox (among many other games)
created anti-features which sucker children into <a
href="https://www.theguardian.com/money/2020/mar/11/my-kids-spent-600-on-their-ipads-without-my-knowledge">
utilizing third-party payment services without authorization.</a></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-09-30' --><!--#set -->
<!--#set var='PUB' value='2020-07-27' --><li><small --> <!--#set var='ID' value='M202007270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Mellow sous-vide cooker is
tethered to a server. The company suddenly <a
href="https://www.slashgear.com/mellow-sous-vide-owners-get-unwelcome-subscription-surprise-27630842/">
href="https://www.slashgear.com/mellow-sous-vide-owners-get-unwelcome-subscription-surprise-28630842/">
turned this tethering into a subscription</a>, forbidding users from
taking advantage of the “advanced features” of the cooker
unless they pay a monthly fee.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-09-28' --><!--#set -->
<!--#set var='PUB' value='2020-09-27' --><li><small --> <!--#set var='ID' value='M202009270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many employers are using nonfree
software, including videoconference software, to <a
href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
surveil and monitor staff working at home</a>. If the program reports
whether you are “active,” that is in effect a malicious
surveillance feature.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-09-28' --><!--#set -->
<!--#set var='PUB' value='2020-09-18' --><li><small --> <!--#set var='ID' value='M202009183' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Facebook <a
href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
on Instagram</a> users by surreptitously turning on the device's
camera.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-09-23' --><!--#set -->
<!--#set var='PUB' value='2020-08-18' --><li><small --> <!--#set var='ID' value='M202008182' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Oculus headsets <a
href="https://www.theverge.com/2020/8/18/21372435/oculus-facebook-login-change-separate-account-support-end-quest-october">require
users to identify themselves to Facebook</a>. This will give Facebook
free rein to pervasively snoop on Oculus users.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-09-02' --><!--#set -->
<!--#set var='PUB' value='2020-08-30' --><li><small --> <!--#set var='ID' value='M202008300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple is <a
href="https://www.theguardian.com/technology/2020/aug/30/this-isnt-the-1990s-apple-under-pressure-from-app-developers">
putting the squeeze on all business</a> conducted through apps
for iMonsters.</p>
<p>This is a symptom of a very big injustice: that Apple has the
power to decide what software can be installed on an iMonster.
That it is a jail.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-21' --><!--#set -->
<!--#set var='PUB' value='2020-08-18' --><li><small --> <!--#set var='ID' value='M202008181' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>New Toyotas will <a
href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
upload data to AWS to help create custom insurance premiums</a>
based on driver behaviour.</p>
<p>Before you buy a “connected” car, make sure you can
disconnect its cellular antenna and its GPS antenna. If you want
GPS navigation, get a separate navigator which runs free software
and works with Open Street Map.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-21' --><!--#set -->
<!--#set var='PUB' value='2020-08-18' --><li><small --> <!--#set var='ID' value='M202008180' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple can remotely <a
href="https://www.theguardian.com/games/2020/aug/18/apple-sets-deadline-in-feud-with-fortnite-maker-epic-games">
cut off any developer's access to the tools for developing software</a>
for iOS or MacOS.</p>
<p>Epic (Apple's target in this example)
makes nonfree games which have their own <a
href="https://ekgaming.com/2019/03/17/is-the-epic-games-store-spying-on-your-computer/">
malicious features</a>, but that doesn't make it acceptable for Apple
to have this sort of power.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-20' --><!--#set -->
<!--#set var='PUB' value='2020-08-11' --><li><small --> <!--#set var='ID' value='M202008110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>TikTok <a
href="https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html">
exploited an Android vulnerability</a> to obtain user MAC
addresses.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-18' --><!--#set -->
<!--#set var='PUB' value='2020-04-20' --><li><small --> <!--#set var='ID' value='M202004200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple whistleblower Thomas Le Bonniec reports that Apple
made a practice of surreptitiously activating the Siri software to <a
href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
record users' conversations when they had not activated Siri</a>.
This was not just occasional, it was systematic practice.</p>
<p>His job was to listen to these recordings, in a group that made
transcripts of them. He does not believes that Apple has ceased this
practice.</p>
<p>The only reliable way to prevent this is, for the program that
controls access to the microphone to decide when the user has
“activated” any service, to be free software, and the
operating system under it free as well. This way, users could make
sure Apple can't listen to them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-14' --><!--#set -->
<!--#set var='PUB' value='2020-08-03' --><li><small --> <!--#set var='ID' value='M202008030' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google Nest <a
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
is taking over ADT</a>. Google sent out a software
update to its speaker devices using their back door <a
href="https://www.protocol.com/google-smart-speaker-alarm-adt">
href="https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt"> that
listens for things like smoke alarms</a> and then notifies your phone
that an alarm is happening. This means the devices now listen for more
than just their wake words. Google says the software update was sent
out prematurely and on accident and Google was planning on disclosing
this new feature and offering it to customers who pay for it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-08-12' --><!--#set -->
<!--#set var='PUB' value='2020-07-28' --><li><small --> <!--#set var='ID' value='M202007280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Focals eyeglass display, with snooping
microphone, has been eliminated. Google eliminated
it by buying the manufacturer and shutting it down. It also <a
href="https://www.ctvnews.ca/sci-tech/canadian-smart-glasses-going-offline-weeks-after-company-bought-by-google-1.5042010">shut
href="https://www.ctvnews.ca/sci-tech/article/canadian-smart-glasses-going-offline-weeks-after-company-bought-by-google/">shut
down the server these devices depend on</a>, which caused the ones
already sold to cease to function.</p>
<p>It may be a good thing to wipe out this product—for
“smart,” read “snoop”—but Google
didn't do that for the sake of privacy. Rather, it was eliminating
competition for its own snooping product.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-07-09' --><!--#set -->
<!--#set var='PUB' value='2020-07-01' --><li><small --> <!--#set var='ID' value='M202007010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>BMW will remotely <a
href="https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/">
enable and disable functionality in cars</a> through a universal
back door.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-07-09' --><!--#set -->
<!--#set var='PUB' value='2020-06-30' --><li><small --> <!--#set var='ID' value='M202006300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>“Bossware” is malware that bosses <a
href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
coerce workers into installing in their own computers</a>, so the
bosses can spy on them.</p>
<p>This shows why requiring the user's “consent” is not
an adequate basis for protecting digital privacy. The boss can coerce
most workers into consenting to almost anything, even probable exposure
to contagious disease that can be fatal. Software like this should
be illegal and bosses that demand it should be prosecuted for it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-07-01' --><!--#set -->
<!--#set var='PUB' value='2015-04-21' --><li><small --> <!--#set var='ID' value='M201504210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Runescape is a popular online game with some <a
href="https://www.reddit.com/r/runescape/comments/33cd8g/question_why_is_runescape_so_addicting/">
href="https://web.archive.org/web/20230329031353/https://www.reddit.com/r/runescape/comments/33cd8g/question_why_is_runescape_so_addicting/">
addictive features</a> derived from <a
href="/proprietary/proprietary-addictions.html#addictiveness">
behavioral manipulation techniques</a>. Certain
repetitive aspects of the game, like <a
href="https://en.wikipedia.org/wiki/Grinding_(video_games)">
grinding</a>, can be minimised by becoming a paying member, and can
thus encourage children and impressionable people to spend money on
the game.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-06-26' --><!--#set -->
<!--#set var='PUB' value='2020-06-26' --><li><small --> <!--#set var='ID' value='M202006260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Most apps are malware, but
Trump's campaign app, like Modi's campaign app, is <a
href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
especially nasty malware, helping companies snoop on users as well
as snooping on them itself</a>.</p>
<p>The article says that Biden's app has a less manipulative overall
approach, but that does not tell us whether it has functionalities we
consider malicious, such as sending data the user has not explicitly
asked to send.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-06-25' --><!--#set -->
<!--#set var='PUB' value='2020-06-25' --><li><small --> <!--#set var='ID' value='M202006250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>TV manufacturers are able to <a
href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
every second of what the user is watching</a>. This is illegal due to
the Video Privacy Protection Act of 1988, but they're circumventing
it through EULAs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-06-22' --><!--#set -->
<!--#set var='PUB' value='2020-06-16' --><li><small --> <!--#set var='ID' value='M202006160' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p><a
href="https://www.wired.com/story/ripple20-iot-vulnerabilities/?bxid=5bd66d4c2ddf9c619437e4b8&cndid=9608804&esrc=Wired_etl_load&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ&utm_bran%5C">
href="https://www.wired.com/story/ripple20-iot-vulnerabilities/">
A disasterous security bug</a> touches millions of products in the
Internet of Stings.</p>
<p>As a result, anyone can sting the user, not only the
manufacturer.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-06-13' --><!--#set -->
<!--#set var='PUB' value='2019-09-06' --><li><small --> <!--#set var='ID' value='M201909061' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Best Buy made controllable appliances and <a
href="https://www.theverge.com/2019/9/6/20853671/best-buy-connect-insignia-smart-plug-wifi-freezer-mobile-app-shutdown-november-6">
shut down the service to control them through</a>.</p>
<p>While it is laudable that Best
<p>Best Buy recognized acknowledged that it was mistreating
the its customers by
doing so, this doesn't alter and offered reimbursement of the facts affected appliances. The
fact remains, however, that tethering the a device to a particular server is a path to screwing the
users, and that it is a consequence way
of having restricting and harassing users. The nonfree software in the
device.</p>
device is what stops users from cutting the tether.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-06-07' --><!--#set -->
<!--#set var='PUB' value='2020-05-07' --><li><small --> <!--#set var='ID' value='M202005070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Wink sells a “smart” home hub that is tethered
to a server. In May 2020, it ordered the purchasers to start <a
href="https://www.techhive.com/article/3542631/wink-users-revolt-following-its-sudden-shift-to-a-subscription-model.html">
href="https://www.techhive.com/article/578539/wink-users-revolt-following-its-sudden-shift-to-a-subscription-model.html">
paying a monthly fee for the use of that server</a>. Because of the
tethering, the hub is useless without that.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-05-25' --><!--#set -->
<!--#set var='PUB' value='2020-05-25' --><li><small --> <!--#set var='ID' value='M202005250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tesla's cars have a <a
href="/proprietary/proprietary-back-doors.html#M201709090.1">
universal remote back door</a>. Tesla used it to <a
href="https://www.theverge.com/2020/2/6/21127243/tesla-model-s-autopilot-disabled-remotely-used-car-update">
disable the autopilot features</a> on people's cars to make them pay
extra for re-enabling the features.</p>
<p>This kind of malfeature is only possible with proprietary
software—free software is controlled by its users who wouldn't
let do such things to them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-05-03' --><!--#set -->
<!--#set var='PUB' value='2020-04-30' --><li><small --> <!--#set var='ID' value='M202004300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Xiaomi phones <a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
many actions the user takes</a>: starting an app, looking at a folder,
visiting a website, listening to a song. They send device identifying
information too.</p>
<p>Other nonfree programs snoop too. For instance, Spotify and
other streaming dis-services make a dossier about each user, and <a
href="/malware/proprietary-surveillance.html#M201508210"> they make
users identify themselves to pay</a>. Out, out, damned Spotify!</p>
<p>Forbes exonerates the same wrongs when the culprits are not Chinese,
but we condemn this no matter who does it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-04-14' --><!--#set -->
<!--#set var='PUB' value='2020-04-13' --><li><small --> <!--#set var='ID' value='M202004130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The <a href="https://www.google.com/mobile/android/market-tos.html"> href="https://play.google.com/about/play-terms/">
Google Play Terms of Service</a> insist that the user of Android accept
the presence of universal back doors in apps released by Google.</p>
<p>This does not tell us whether any of Google's apps currently
contains a universal back door, but that is a secondary question.
In moral terms, demanding that people accept in advance certain bad
treatment is equivalent to actually doing it. Whatever condemnation
the latter deserves, the former deserves the same.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-03-25' --><!--#set -->
<!--#set var='PUB' value='2017-03-07' --><li><small --> <!--#set var='ID' value='M201703070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The CIA exploited existing vulnerabilities
in “smart” TVs and phones to design a malware that <a
href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html">
href="https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html">
spies through their microphones and cameras while making them appear
to be turned off</a>. Since the spyware sniffs signals, it bypasses
encryption.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-03-04' --><!--#set -->
<!--#set var='PUB' value='2020-03-01' --><li><small --> <!--#set var='ID' value='M202003010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Alipay Health Code app
estimates whether the user has Covid-19 and <a
href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
tells the cops directly</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-24' --><!--#set -->
<!--#set var='PUB' value='2019-11-19' --><li><small --> <!--#set var='ID' value='M201911190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Internet-tethered Amazon Ring had
a security vulnerability that enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
access the user's wifi password</a>, and snoop on the household
through connected surveillance devices.</p>
<p>Knowledge of the wifi password would not be sufficient to carry
out any significant surveillance if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
manufacturers for snooping.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-17' --><!--#set -->
<!--#set var='PUB' value='2019-12-22' --><li><small --> <!--#set var='ID' value='M201912220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The ToToc messaging app seems to be a <a
href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
spying tool for the government of the United Arab Emirates</a>.
Any nonfree program could be doing this, and that is a good
reason to use free software instead.</p>
<p><small>Note: this article uses the word “free” in
the sense of “gratis.”</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-17' --><!--#set -->
<!--#set var='PUB' value='2019-12-19' --><li><small --> <!--#set var='ID' value='M201912190' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Avast and AVG extensions
for Firefox and Chrome were found to <a
href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
snoop on users' detailed browsing habits</a>. Mozilla and Google
removed the problematic extensions from their stores, but this shows
once more how unsafe nonfree software can be. Tools that are supposed
to protect a proprietary system are, instead, infecting it with
additional malware (the system itself being the original malware).</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-15' --><!--#set -->
<!--#set var='PUB' value='2020-02-02' --><li><small --> <!--#set var='ID' value='M202002020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many Android apps fool their users by asking
them to decide what permissions to give the program, and then <a
href="https://nakedsecurity.sophos.com/2019/07/10/android-apps-sidestepping-permissions-to-access-sensitive-data/">
bypassing these permissions</a>.</p>
<p>The Android system is supposed to prevent data leaks by running apps
in isolated sandboxes, but developers have found ways to access the
data by other means, and there is nothing the user can do to stop
them from doing so, since both the system and the apps are nonfree.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-15' --><!--#set -->
<!--#set var='PUB' value='2019-12-17' --><li><small --> <!--#set var='ID' value='M201912171' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Most modern cars now <a
href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
record and send various kinds of data to the manufacturer</a>. For
the user, access to the data is nearly impossible, as it involves
cracking the car's computer, which is always hidden and running with
proprietary software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-15' --><!--#set -->
<!--#set var='PUB' value='2019-12-09' --><li><small --> <!--#set var='ID' value='M201912090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>iMonsters and Android phones,
when used for work, give employers powerful <a
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
snooping and sabotage capabilities</a> if they install their own
software on the device. Many employers demand to do this. For the
employee, this is simply nonfree software, as fundamentally unjust
and as dangerous as any other nonfree software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-02-01' --><!--#set -->
<!--#set var='PUB' value='2020-01-29' --><li><small --> <!--#set var='ID' value='M202001290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Amazon Ring app does <a
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
surveillance for other companies as well as for Amazon</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2020-01-20' --><!--#set -->
<!--#set var='PUB' value='2020-01-09' --><li><small --> <!--#set var='ID' value='M202001090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Android phones subsidized by the US government come with <a
href="https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/">
preinstalled adware and a back door for forcing installation of
apps</a>.</p>
<p>The adware is in a modified version of an
essential system configuration app. The back door is a
surreptitious addition to a program whose stated purpose is to be a <a
href="https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/">
universal back door for firmware</a>.</p>
<p>In other words, a program whose raison d'être is malicious has
a secret secondary malicious purpose. All this is in addition to the
malware of Android itself.</p>
</li>
<!--#set var='ADD' value='2019-12-17' --><!--#set var='PUB' value='2019-12-17' --><li><small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo encoding='none' var='ADD' --><span class="gnun-split"></span> — Latest reference: <span class="gnun-split"></span><!--#echo encoding='none' var='PUB' --></small>
<p>Some security breakers (wrongly referred
<!-- Copied from workshop/mal.rec; don't edit in this article as <a
href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>)
managed to interfere the Amazon Ring proprietary system, and <a
href="https://www.theguardian.com/technology/2019/dec/13/ring-hackers-reportedly-watching-talking-strangers-in-home-cameras">access
its camera, speakers and microphones</a>.</p>
</li> all.html. -->
<!--#set var='ADD' value='2019-10-31' --><!--#set -->
<!--#set var='PUB' value='2019-10-13' --><li><small --> <!--#set var='ID' value='M201910131' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Safari occasionally <a
href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
sends browsing data from Apple devices in China to the Tencent Safe
Browsing service</a>, to check URLs that possibly correspond to
“fraudulent” websites. Since Tencent collaborates
with the Chinese government, its Safe Browsing black list most certainly
contains the websites of political opponents. By linking the requests
originating from single IP addresses, the government can identify
dissenters in China and Hong Kong, thus endangering their lives.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-20' --><!--#set -->
<!--#set var='PUB' value='2019-04-08' --><li><small --> <!--#set var='ID' value='M201904080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple plans to require that <a
href="https://www.macrumors.com/2019/04/08/mac-apps-notarization-macos-10-14-5/">
all application software for MacOS be approved by Apple first</a>.</p>
<p>Offering a checking service as an option could be
useful and would not be wrong. Requiring users to get
Apple's approval is tyranny. Apple says the check will
only look for malware (not counting the malware that is <a
href="/proprietary/malware-apple.html#TOC">part of
the operating system</a>), but Apple could change that policy step
by step. Or perhaps Apple will define malware to include any app
that China the Chinese government does not like.</p>
<p>For free software, this means users will need to get Apple's
approval after compilation. This amounts to a system of surveilling
the use of free programs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-19' --><!--#set -->
<!--#set var='PUB' value='2019-10-13' --><li><small --> <!--#set var='ID' value='M201910130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Chinese Communist Party's “Study
the Great Nation” app requires users to grant it <a
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
access to the phone's microphone, photos, text messages, contacts, and
internet history</a>, and the Android version was found to contain a
back-door allowing developers to run any code they wish in the users'
phone, as “superusers.” Downloading and using this
app is mandatory at some workplaces.</p>
<p>Note: The <a
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
Washington Post version of the article</a> (partly obfuscated, but
readable after copy-pasting in a text editor) includes a clarification
saying that the tests were only performed on the Android version
of the app, and that, according to Apple, “this kind of
‘superuser’ surveillance could not be conducted on
Apple's operating system.”</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-16' --><!--#set -->
<!--#set var='PUB' value='2019-10-07' --><li><small --> <!--#set var='ID' value='M201910070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple <a
href="https://boingboing.net/2019/10/07/apple-ios-13-1-2-for-hong-kong.html">
censors the Taiwan flag in iOS</a> on behalf of the Chinese
government. When the region is set to Hong Kong, this flag is not
visible in the emoji selection widget but is still accessible. When the
region is set to mainland China, all attempts to display it will result
in the “empty emoji” icon as if the flag never existed.</p>
<p>Thus, not only does Apple use the App Store as an instrument
of censorship, it also uses the iThing operating system for that
purpose.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-15' --><!--#set -->
<!--#set var='PUB' value='2019-10-10' --><li><small --> <!--#set var='ID' value='M201910100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple has <a
href="https://www.theguardian.com/world/2019/oct/10/hong-kong-protests-apple-pulls-tracking-app-after-china-criticism">
banned the app that Hong Kong protesters use to communicate</a>.</p>
<p>Obeying the “local laws” about what people can do with
software is no excuse for censoring what software people can use.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-15' --><!--#set -->
<!--#set var='PUB' value='2019-10-07' --><li><small --> <!--#set var='ID' value='M201910071' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Adobe has <a
href="https://www.bleepingcomputer.com/news/software/adobe-to-ban-users-from-venezuela-due-to-us-executive-order/">
cancelled the software subscriptions of all users in
Venezuela</a>. This demonstrates how a requirement for subscription can be
turned into a tool for sabotage.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-04' --><!--#set -->
<!--#set var='PUB' value='2019-08-27' --><li><small --> <!--#set var='ID' value='M201908270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A very popular app found in the
Google Play store contained a module that was designed to <a
href="https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/">secretly
install malware on the user's computer</a>. The app developers
regularly used it to make the computer download and execute any code
they wanted.</p>
<p>This is a concrete example of what users are exposed to when they
run nonfree apps. They can never be completely sure that a nonfree
app is safe.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-03' --><!--#set -->
<!--#set var='PUB' value='2019-09-09' --><li><small --> <!--#set var='ID' value='M201909091' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Facebook app <a
href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
tracks users even when it is turned off</a>, after tricking them
into giving the app broad permissions in order to use one of its
functionalities.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-10-03' --><!--#set -->
<!--#set var='PUB' value='2017-08-31' --><li><small --> <!--#set var='ID' value='M201708310' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The recent versions of Microsoft Office require the user to <a
href="https://products.office.com/en-us/microsoft-office-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372">
href="https://www.microsoft.com/en-us/microsoft-365/microsoft-365-for-home-and-school-faq?legRedir=true&CorrelationId=c9c5b549-11ad-4f71-bf81-b7e069fdb372">
connect to Microsoft servers at least every thirty-one
days</a>. Otherwise, the software will refuse to edit any documents
or create new ones. It will be restricted to viewing and printing.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-18' --><!--#set -->
<!--#set var='PUB' value='2019-09-09' --><li><small --> <!--#set var='ID' value='M201909090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some nonfree period-tracking apps including MIA Fem and Maya <a
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
send intimate details of users' lives to Facebook</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-16' --><!--#set -->
<!--#set var='PUB' value='2019-09-16' --><li><small --> <!--#set var='ID' value='M201909160' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tesla users claim Tesla <a
href="https://www.reuters.com/article/us-tesla-battery/tesla-owner-lawsuit-claims-software-update-fraudulently-cut-battery-capacity-idUSKCN1UY2TW">force-installed
href="https://www.reuters.com/article/us-tesla-battery/tesla-owner-lawsuit-claims-software-update-fraudulently-cut-battery-capacity-idUSKCN1UY2TW/">force-installed
software to cut down on battery range</a>, rather than replace the
defective batteries. Tesla did this to avoid having to run their
warranty.</p>
<p>This means that proprietary software can potentially be a way to
commit perjury with impunity.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-11' --><!--#set -->
<!--#set var='PUB' value='2019-08-22' --><li><small --> <!--#set var='ID' value='M201908220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>ChromeBooks are programmed for obsolescence:
ChromeOS has a universal back door that is used for updates and <a
href="https://www.theregister.co.uk/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/">
href="https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/">
ceases to operate at a predefined date</a>. From then on, there
appears to be no support whatsoever for the computer.</p>
<p>In other words, when you stop getting screwed by the back door,
you start getting screwed by the obsolescence.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-11' --><!--#set -->
<!--#set var='PUB' value='2019-08-21' --><li><small --> <!--#set var='ID' value='M201908210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft recorded users of Xboxes and had <a
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
human workers listen to the recordings</a>.</p>
<p>Morally, we see no difference between having human workers listen and
having speech-recognition systems listen. Both intrude on privacy.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-10' --><!--#set -->
<!--#set var='PUB' value='2019-09-06' --><li><small --> <!--#set var='ID' value='M201909060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Keeping track of who downloads a proprietary
program is a form of surveillance. There is a
proprietary program for adjusting a certain telescopic rifle sight. <a
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
A US prosecutor has demanded the list of all the 10,000 or more people
who have installed it</a>.</p>
<p>With a free program there would not be a list of who has installed
it.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-09-10' --><!--#set -->
<!--#set var='PUB' value='2019-08-31' --><li><small --> <!--#set var='ID' value='M201908310' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A series of vulnerabilities <a
href="https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/">found
in iOS allowed attackers to gain access to sensitive information
including private messages, passwords, photos and contacts stored on
the user's iMonster</a>.</p>
<p>The deep insecurity of iMonsters is even more pertinent given that
Apple's proprietary software makes users totally dependent on Apple
for even a modicum of security. It also means that the devices do
not even try to offer security against Apple itself.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-31' --><!--#set -->
<!--#set var='PUB' value='2019-08-16' --><li><small --> <!--#set var='ID' value='M201908160' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A game published on Facebook <a
href="https://www.revealnews.org/article/so-your-child-racked-up-unwanted-credit-card-charges-playing-video-games-now-what/">aimed
href="https://revealnews.org/article/so-your-child-racked-up-unwanted-credit-card-charges-playing-video-games-now-what/">aimed
at leading children to spend</a> large amounts of their parents'
money without explaining it to them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-23' --><!--#set -->
<!--#set var='PUB' value='2019-08-13' --><li><small --> <!--#set var='ID' value='M201908130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>When Apple suspects a user of fraud, it
judges the case secretly and presents the verdict
as a fait accompli. The punishment to a user found guilty <a
href="https://qz.com/1683460/what-happens-to-your-itunes-account-when-apple-says-youve-committed-fraud/">is
href="https://qz.com/1683460/what-happens-to-your-itunes-account-when-apple-says-youve-committed-fraud">is
being cut off for life, which more-or-less cripples the user's Apple
devices forever</a>. There is no appeal.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-15' --><!--#set -->
<!--#set var='PUB' value='2019-08-15' --><li><small --> <!--#set var='ID' value='M201908151' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Skype refuses to say whether it can <a
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
on calls</a>.</p>
<p>That almost certainly means it can do so.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-15' --><!--#set -->
<!--#set var='PUB' value='2019-08-15' --><li><small --> <!--#set var='ID' value='M201908150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple is putting DRM on iPhone
batteries, and the system proprietary software <a
href="https://www.vice.com/en/article/59nz3k/apple-is-locking-batteries-to-specific-iphones-a-nightmare-for-diy-repair">turns
off certain features when batteries are replaced other than by
Apple.</a></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-06' --><!--#set -->
<!--#set var='PUB' value='2019-08-02' --><li><small --> <!--#set var='ID' value='M201908020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Out of 21 gratis Android antivirus apps
that were tested by security researchers, eight <a
href="https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/">
failed to detect a test virus</a>. All of them asked for dangerous
permissions or contained advertising trackers, with seven being more
risky than the average of the 100 most popular Android apps.</p>
<p><small>(Note that the article refers to these proprietary apps as
“free”. It should have said “gratis”
instead.)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-08-03' --><!--#set -->
<!--#set var='PUB' value='2019-07-08' --><li><small --> <!--#set var='ID' value='M201907081' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many unscrupulous mobile-app developers keep finding ways to <a
href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
bypass user's settings</a>, regulations, and privacy-enhancing features
of the operating system, in order to gather as much private data as
they possibly can.</p>
<p>Thus, we can't trust rules against spying. What we can trust is
having control over the software we run.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-07-21' --><!--#set -->
<!--#set var='PUB' value='2019-07-21' --><li><small --> <!--#set var='ID' value='M201907210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google “Assistant” records users' conversations <a
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
when it is not supposed to listen</a>. Thus, when one of Google's
subcontractors discloses a thousand confidential voice recordings,
users were easily identified from these recordings.</p>
<p>Since Google “Assistant” uses proprietary software, there is no
way to see or control what it records or sends.</p>
<p>Rather than trying to better control the use of recordings, Google
should not record or listen to the person's voice. It should only
get commands that the user wants to send to some Google service.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-07-17' --><!--#set -->
<!--#set var='PUB' value='2019-07-09' --><li><small --> <!--#set var='ID' value='M201907090' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Resourceful children figured out how to <a
href="https://www.bbc.co.uk/news/technology-48908766"> empty their
parents' bank account</a> buying packs of special players for an
Electronic Arts soccer game.</p>
<p>The random element of these packs (also called “loot
boxes”) makes the game <a
href="/proprietary/proprietary-addictions#addictiveness">
strongly addictive</a>, but the fact that players
are pressured to spend more in order to get ahead of their
competitors further qualifies it as <em>predatory</em>.
Note that Belgium <a
href="https://www.rockpapershotgun.com/2019/01/29/fifa-ultimate-team-packs-blocked-in-belgium/">
href="https://www.rockpapershotgun.com/fifa-ultimate-team-packs-blocked-in-belgium">
made these loot boxes illegal</a> in 2018.</p>
<p>The only good reason to have a copy of such a proprietary
game is to study it for free software development.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-07-16' --><!--#set -->
<!--#set var='PUB' value='2019-07-10' --><li><small --> <!--#set var='ID' value='M201907100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple appears to say that <a
href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/">
there is a back door in MacOS</a> for automatically updating some
(all?) apps.</p>
<p>The specific change described in the article was not
malicious—it protected users from surveillance by third
parties—but that is a separate question.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-07-15' --><!--#set -->
<!--#set var='PUB' value='2019-07-08' --><li><small --> <!--#set var='ID' value='M201907080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many Android apps can track
users' movements even when the user says <a
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
not to allow them access to locations</a>.</p>
<p>This involves an apparently unintentional weakness in Android,
exploited intentionally by malicious apps.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-07-15' --><!--#set -->
<!--#set var='PUB' value='2018-09-21' --><li><small --> <!--#set var='ID' value='M201809210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Clash of Clans is a good example of a gratis mobile game that its
developers <a href="https://gamerant.com/clash-of-clans-addiction/">
made very addictive</a> for a large proportion of its users—and
turned into a cash machine for themselves—by using <a
href="/proprietary/proprietary-addictions.html#addictiveness">
psychological manipulation techniques</a>.</p>
<p><small>(The article uses “free” to mean “zero
price,” which is a usage we should avoid. We recommend saying
“gratis” instead.)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-06-27' --><!--#set -->
<!--#set var='PUB' value='2019-06-22' --><li><small --> <!--#set var='ID' value='M201906220' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google Chrome is an <a
href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
instrument of surveillance</a>. It lets thousands of trackers invade
users' computers and report the sites they visit to advertising and
data companies, first of all to Google. Moreover, if users have a
Gmail account, Chrome automatically logs them in to the browser for
more convenient profiling. On Android, Chrome also reports their
location to Google.</p>
<p>The best way to escape surveillance is to switch to <a
href="/software/icecat/">IceCat</a>, a modified version of Firefox
with several changes to protect users' privacy.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-06-10' --><!--#set -->
<!--#set var='PUB' value='2019-05-28' --><li><small --> <!--#set var='ID' value='M201905280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In spite of Apple's supposed commitment to
privacy, iPhone apps contain trackers that are busy at night <a
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
sending users' personal information to third parties</a>.</p>
<p>The article mentions specific examples: Microsoft OneDrive,
Intuit's Mint, Nike, Spotify, The Washington Post, The Weather
Channel (owned by IBM), the crime-alert service Citizen, Yelp
and DoorDash. But it is likely that most nonfree apps contain
trackers. Some of these send personally identifying data such as phone
fingerprint, exact location, email address, phone number or even
delivery address (in the case of DoorDash). Once this information
is collected by the company, there is no telling what it will be
used for.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-06-01' --><!--#set -->
<!--#set var='PUB' value='2019-05-30' --><li><small --> <!--#set var='ID' value='M201905300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Femm “fertility” app is secretly a <a
href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
tool for propaganda</a> by natalist Christians. It spreads distrust
for contraception.</p>
<p>It snoops on users, too, as you must expect from nonfree
programs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-05-29' --><!--#set -->
<!--#set var='PUB' value='2019-05-06' --><li><small --> <!--#set var='ID' value='M201905061' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Amazon Alexa collects a lot more information from users
than is necessary for correct functioning (time, location,
recordings made without a legitimate prompt), and sends
it to Amazon's servers, which store it indefinitely. Even
worse, Amazon forwards it to third-party companies. Thus,
even if users request deletion of their data from Amazon's servers, <a
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
href="https://web.archive.org/web/20190507014804/https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
the data remain on other servers</a>, where they can be accessed by
advertising companies and government agencies. In other words,
deleting the collected information doesn't cancel the wrong of
collecting it.</p>
<p>Data collected by devices such as the Nest thermostat, the Philips
Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
speakers are likewise stored longer than necessary on the servers
the devices are tethered to. Moreover, they are made available to
Alexa. As a result, Amazon has a very precise picture of users' life
at home, not only in the present, but in the past (and, who knows,
in the future too?)</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-05-18' --><!--#set -->
<!--#set var='PUB' value='2019-05-15' --><li><small --> <!--#set var='ID' value='M201905150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Users caught in the jail of an iMonster are <a
href="https://boingboing.net/2019/05/15/brittle-security.html"> sitting
ducks for other attackers</a>, and the app censorship prevents security
companies from figuring out how those attacks work.</p>
<p>Apple's censorship of apps is fundamentally unjust, and would be
inexcusable even if it didn't lead to security threats as well.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-05-10' --><!--#set -->
<!--#set var='PUB' value='2019-05-06' --><li><small --> <!--#set var='ID' value='M201905060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>BlizzCon 2019 imposed a <a
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
requirement to run a proprietary phone app</a> to be allowed into
the event.</p>
<p>This app is a spyware that can snoop on a lot of
sensitive data, including user's location and contact list, and has <a
href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
href="https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
near-complete control</a> over the phone.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-05-08' --><!--#set -->
<!--#set var='PUB' value='2019-04-26' --><li><small --> <!--#set var='ID' value='M201904260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Jibo robot toys were tethered to the manufacturer's server,
and <a href="https://www.apnews.com/99c9ec8ebad242ca88178e22c7642648"> href="https://apnews.com/article/san-francisco-north-america-technology-business-ap-top-news-99c9ec8ebad242ca88178e22c7642648">
the company made them all cease to work</a> by shutting down that
server.</p>
<p>The shutdown might ironically be good for their users, since the
product was designed to manipulate people by presenting a phony
semblance of emotions, and was most certainly spying on them.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-05-08' --><!--#set -->
<!--#set var='PUB' value='2019-02-01' --><li><small --> <!--#set var='ID' value='M201902011' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The FordPass Connect feature of some Ford vehicles has <a
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
href="https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
near-complete access to the internal car network</a>. It is constantly
connected to the cellular phone network and sends Ford a lot of data,
including car location. This feature operates even when the ignition
key is removed, and users report that they can't disable it.</p>
<p>If you own one of these cars, have you succeeded in breaking the
connectivity by disconnecting the cellular modem, or wrapping the
antenna in aluminum foil?</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-27' --><!--#set -->
<!--#set var='PUB' value='2019-04-24' --><li><small --> <!--#set var='ID' value='M201904240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some of users' commands to the Alexa service are <a
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
recorded for Amazon employees to listen to</a>. The Google and Apple
voice assistants do similar things.</p>
<p>A fraction of the Alexa service staff even has access to <a
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
href="https://news.bloomberglaw.com/tech-and-telecom-law/amazons-alexa-reviewers-can-access-customers-home-addresses">
location and other personal data</a>.</p>
<p>Since the client program is nonfree, and data processing is done
“<a href="/philosophy/words-to-avoid.html#CloudComputing">in
the cloud</a>” (a soothing way of saying “We won't
tell you how and where it's done”), users have no way
to know what happens to the recordings unless human eavesdroppers <a
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
href="https://web.archive.org/web/20240416214211/https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
break their non-disclosure agreements</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-22' --><!--#set -->
<!--#set var='PUB' value='2019-04-21' --><li><small --> <!--#set var='ID' value='M201904210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>As of April 2019, it is <a
href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
longer possible to disable an
unscrupulous tracking anti-feature</a> that <a
href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
users when they follow ping links</a> in Apple Safari, Google Chrome,
Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is
going to be based on Chromium.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-22' --><!--#set -->
<!--#set var='PUB' value='2019-04-13' --><li><small --> <!--#set var='ID' value='M201904131' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Data collected by menstrual and pregnancy monitoring apps is often <a
href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
available to employers and insurance companies</a>. Even though the
data is “anonymized and aggregated,” it can easily be
traced back to the woman who uses the app.</p>
<p>This has harmful implications for women's rights to equal employment
and freedom to make their own pregnancy choices. Don't use
these apps, even if someone offers you a reward to do so. A
free-software app that does more or less the same thing without
spying on you is available from <a
href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
href="https://web.archive.org/web/20231230011724/https://dcs.megaphone.fm/BLM6228935164.mp3?key=23a58d3f686794e6d8b8678a5204887b&request_event_id=36469053-3d0b-4724-bf2d-6dbeeeac282e">
a new one is being developed</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-21' --><!--#set -->
<!--#set var='PUB' value='2019-04-04' --><li><small --> <!--#set var='ID' value='M201904041' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Microsoft has been <a
href="https://borncity.com/win/2019/01/17/windows-10-update-kb4023057-re-released-1-16-2019/">
force-installing a “remediation”
program</a> on computers running certain
versions of Windows 10. Remediation, in Microsoft's view, means <a
href="https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
href="https://support.microsoft.com/en-us/topic/kb4023057-update-health-tools-windows-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a">
tampering with users' settings and files</a>, notably to
“repair” any components of the updating system that users
may have intentionally disabled, and thus regain full power over
them. Microsoft repeatedly pushed faulty versions of this program to
users' machines, causing numerous problems, some of which <a
href="https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/">
href="https://web.archive.org/web/20240223182933/https://www.windowsmode.com/microsoft-suspends-windows-10-october-2018-update-rollout-due-to-critical-bugs/">
critical</a>.</p>
<p>This exemplifies the arrogant and manipulative attitude
that proprietary software developers have learned to adopt
toward the people they are supposedly serving. Migrate to a <a
href="/distros/free-distros.html">free operating system</a> if you
can!</p>
<p>If your employer makes you run Windows, tell the financial
department how this wastes your time dealing with endless connections
and premature hardware failures.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-20' --><!--#set -->
<!--#set var='PUB' value='2019-04-15' --><li><small --> <!--#set var='ID' value='M201904150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p id="M201509210">Volkswagen programmed its car engine computers to <a
href="https://www.petri.com/volkswagen-used-software-to-cheat-on-emissions">
href="https://petri.com/volkswagen-used-software-to-cheat-on-emissions/">
detect the Environmental Protection Agency's emission tests</a>, and
run dirty the rest of the time. In real driving, the cars exceeded
emissions standards by a factor of up to 35.</p>
<p>Using free software would not have stopped Volkswagen from
programming it this way, but would have made it harder to conceal,
and given the users the possibility of correcting the deception.</p>
<p>Former executives of Volkswagen are being <a
href="https://www.theguardian.com/business/2019/apr/15/former-head-of-volkswagen-could-face-10-years-in-prison">
sued over this fraud</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-18' --><!--#set -->
<!--#set var='PUB' value='2019-04-13' --><li><small --> <!--#set var='ID' value='M201904130' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google tracks the movements of Android phones and iPhones
running Google apps, and sometimes <a
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
saves the data for years</a>.</p>
<p>Nonfree software in the phone has to be responsible for sending
the location data to Google.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-18' --><!--#set -->
<!--#set var='PUB' value='2018-11-23' --><li><small --> <!--#set var='ID' value='M201811230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>An Android phone was observed to track location even while
in airplane mode. It didn't send the location data while in
airplane mode. Instead, <a
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
it saved up the data, and sent them all later</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-17' --><!--#set -->
<!--#set var='PUB' value='2019-04-04' --><li><small --> <!--#set var='ID' value='M201904040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Ebooks “bought” from Microsoft's store check that
their DRM is valid by connecting to the store every time their
“owner” wants to read them. Microsoft is going to close
this store, <a href="https://www.bbc.com/news/technology-47810367">
bricking all DRM'ed ebooks it has ever “sold”</a>. (The
article additionally highlights the pitfalls of DRM.)</p>
<p>This is another proof that a DRM-encumbered product doesn't belong
to the person who bought it. Microsoft said it will refund customers,
but this is no excuse for selling them restricted books.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-15' --><!--#set -->
<!--#set var='PUB' value='2019-03-28' --><li><small --> <!--#set var='ID' value='M201903281' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>OfficeMax cheated customers by <a
href="https://arstechnica.com/tech-policy/2019/03/office-depot-tricked-people-into-buying-pc-support-with-fake-virus-scans/">
using proprietary “PC Health Check” software</a> rigged
to give false results, deceiving the customer into thinking per
computer was infected and buy unneeded support services from the
company.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-11' --><!--#set -->
<!--#set var='PUB' value='2019-03-21' --><li><small --> <!--#set var='ID' value='M201903210' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Medtronics Conexus Telemetry Protocol has <a
href="http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/">
href="https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/">
two vulnerabilities that affect several models of implantable
defibrillators</a> and the devices they connect to.</p>
<p>This protocol has been around since 2006, and similar
vulnerabilities were discovered in an earlier Medtronics communication
protocol in 2008. Apparently, nothing was done by the company to
correct them. This means you can't rely on proprietary software
developers to fix bugs in their products.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-09' --><!--#set -->
<!--#set var='PUB' value='2019-03-28' --><li><small --> <!--#set var='ID' value='M201903280' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Car companies are coming up with a list of clever reasons why <a
href="https://www.nytimes.com/2019/03/28/business/autonomous-cars-technology-privacy.html">
they “have to” put cameras and microphones in the
car</a>.</p>
<p>BMW says its software does not store any driver-monitoring
information. If this means none of the data that come out of the
cameras and microphones can be seen by anyone else, the cameras and
microphones are not dangerous. But should we trust this claim?
The only way it can deserve rational trust is if the software is
free.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-09' --><!--#set -->
<!--#set var='PUB' value='2019-03-25' --><li><small --> <!--#set var='ID' value='M201903251' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many Android phones come with a huge number of <a
href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
preinstalled nonfree apps that have access to sensitive data without
users' knowledge</a>. These hidden apps may either call home with
the data, or pass it on to user-installed apps that have access to
the network but no direct access to the data. This results in massive
surveillance on which the user has absolutely no control.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-05' --><!--#set -->
<!--#set var='PUB' value='2019-03-29' --><li><small --> <!--#set var='ID' value='M201903290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Tesla cars collect lots of personal data, and <a
href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
when they go to a junkyard the driver's personal data goes with
them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-04-01' --><!--#set -->
<!--#set var='PUB' value='2019-03-25' --><li><small --> <!--#set var='ID' value='M201903250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The British supermarket Tesco sold tablets which were tethered
to Tesco's server for reinstalling default settings. Tesco <a
href="https://www.theguardian.com/money/2019/mar/25/tesco-hudl-tablet-support-kill-fix">
turned off the server for old models</a>, so now if you try to
reinstall the default settings, it bricks them instead.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-28' --><!--#set -->
<!--#set var='PUB' value='2019-03-20' --><li><small --> <!--#set var='ID' value='M201903201' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A study of 24 “health” apps found that 19 of them <a
href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
send sensitive personal data to third parties</a>, which can use it
for invasive advertising or discriminating against people in poor
medical condition.</p>
<p>Whenever user “consent” is sought, it is buried in
lengthy terms of service that are difficult to understand. In any case,
“consent” is not sufficient to legitimize snooping.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-28' --><!--#set -->
<!--#set var='PUB' value='2019-03-20' --><li><small --> <!--#set var='ID' value='M201903200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Volvo plans to <a
href="https://www.theguardian.com/business/2019/mar/20/volvo-to-install-cameras-in-new-cars-to-reduce-road-deaths">
install cameras inside cars</a> to monitor the driver for signs of
impairment that could cause an accident.</p>
<p>However, there is nothing to prevent these cameras from doing
other things, such as biometrically identifying the driver or
passengers, other than proprietary software which Volvo—or
various governments and criminals—could change at any time.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-26' --><!--#set -->
<!--#set var='PUB' value='2017-04-13' --><li><small --> <!--#set var='ID' value='M201704131' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Low-priced Chromebooks for schools are <a
href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
collecting far more data on students than is necessary, and store
it indefinitely</a>. Parents and students complain about the lack
of transparency on the part of both the educational services and the
schools, the difficulty of opting out of these services, and the lack
of proper privacy policies, among other things.</p>
<p>But complaining is not sufficient. Parents, students and teachers
should realize that the software Google uses to spy on students is
nonfree, so they can't verify what it really does. The only remedy is
to persuade school officials to <a href="/education/edu-schools.html">
exclusively use free software</a> for both education and school
administration. If the school is run locally, parents and teachers
can mandate their representatives at the School Board to refuse the
budget unless the school initiates a switch to free software. If
education is run nation-wide, they need to persuade legislators
(e.g., through free software organizations, political parties,
etc.) to migrate the public schools to free software.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-23' --><!--#set -->
<!--#set var='PUB' value='2017-01-27' --><li><small --> <!--#set var='ID' value='M201701271' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A cracker would be able to <a
href="https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/">
turn the Oculus Rift sensors into spy cameras</a> after breaking into
the computer they are connected to.</p>
<p><small>(Unfortunately, the article <a
href="/philosophy/words-to-avoid.html#Hacker">improperly refers
to crackers as “hackers”</a>.)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-13' --><!--#set -->
<!--#set var='PUB' value='2018-11-30' --><li><small --> <!--#set var='ID' value='M201811300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In China, it is mandatory for electric
cars to be equipped with a terminal that <a
href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
href="https://apnews.com/article/north-america-ap-top-news-international-news-shanghai-china-4a749a4211904784826b45e812cff4ca">
transfers technical data, including car location,
to a government-run platform</a>. In practice, <a
href="/proprietary/proprietary-surveillance.html#car-spying">
manufacturers collect this data</a> as part of their own spying, then
forward it to the government-run platform.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-11' --><!--#set -->
<!--#set var='PUB' value='2019-03-08' --><li><small --> <!--#set var='ID' value='M201903080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Malware installed into the processor in a hard drive could <a
href="https://yro.slashdot.org/story/19/03/08/1928257/hard-disks-can-be-turned-into-listening-devices-researchers-find">
use the disk itself as a microphone to detect speech</a>.</p>
<p>The article refers to the “Linux operating system” but
seems to mean <a href="/gnu/linux-and-gnu.html">GNU/Linux</a>. That
hack would not require changing Linux itself.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-10' --><!--#set -->
<!--#set var='PUB' value='2015-07-29' --><li><small --> <!--#set var='ID' value='M201507290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Game Of War: Fire Age is an iPhone game with <a
href="https://www.cracked.com/article_18461_5-creepy-ways-video-games-are-trying-to-get-you-addicted.html">
addictive features</a> which are based on <a
href="/proprietary/proprietary-addictions.html#addictiveness">behavioral
manipulation techniques</a>, compounded with group emulation. After a
fairly easy start, the game slows down and becomes more difficult,
so gamers are led to spend more and more money in order to keep up
with their group. And if they stop playing for a while, the equipment
they invested in gets destroyed by the “enemy” unless
they buy an expensive “shield” to protect it. This game
is also deceptive, as it uses confusing menus and complex stats to
obfuscate true monetary costs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-04' --><!--#set -->
<!--#set var='PUB' value='2019-02-27' --><li><small --> <!--#set var='ID' value='M201902270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Ring (now Amazon) doorbell camera is designed so that the
manufacturer (now Amazon) can watch all the time. Now it turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do not expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows
Amazon to watch</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-03-04' --><!--#set -->
<!--#set var='PUB' value='2019-02-14' --><li><small --> <!--#set var='ID' value='M201902140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The AppCensus database gives information on <a
href="https://www.appcensus.mobi">
href="https://www.appcensus.io/"> how Android apps use and
misuse users' personal data</a>. As of March 2019, nearly
78,000 have been analyzed, of which 24,000 (31%) transmit the <a
href="/proprietary/proprietary-surveillance.html#M201812290">
Advertising ID</a> to other companies, and <a
href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
href="https://web.archive.org/web/20240501141046/https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/">
18,000 (23% of the total) link this ID to hardware identifiers</a>,
so that users cannot escape tracking by resetting it.</p>
<p>Collecting hardware identifiers is in apparent violation of
Google's policies. But it seems that Google wasn't aware of it,
and, once informed, was in no hurry to take action. This proves
that the policies of a development platform are ineffective at
preventing nonfree software developers from including malware in
their programs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-28' --><!--#set -->
<!--#set var='PUB' value='2019-02-23' --><li><small --> <!--#set var='ID' value='M201902230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Facebook offered a convenient proprietary
library for building mobile apps, which also <a
href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
sent personal data to Facebook</a>. Lots of companies built apps that
way and released them, apparently not realizing that all the personal
data they collected would go to Facebook as well.</p>
<p>It shows that no one can trust a nonfree program, not even the
developers of other nonfree programs.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-28' --><!--#set -->
<!--#set var='PUB' value='2019-02-08' --><li><small --> <!--#set var='ID' value='M201902080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The HP <a
href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
“ink subscription” cartridges have DRM that constantly
communicates with HP servers</a> to make sure the user is still
paying for the subscription, and hasn't printed more pages than were
paid for.</p>
<p>Even though the ink subscription program may be cheaper in some
specific cases, it spies on users, and involves totally unacceptable
restrictions in the use of ink cartridges that would otherwise be in
working order.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-22' --><!--#set -->
<!--#set var='PUB' value='2019-01-07' --><li><small --> <!--#set var='ID' value='M201901070' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Vizio TVs <a
href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
collect “whatever the TV sees,”</a> in the own words of the company's
CTO, and this data is sold to third parties. This is in return for
“better service” (meaning more intrusive ads?) and slightly
lower retail prices.</p>
<p>What is supposed to make this spying acceptable, according to him,
is that it is opt-in in newer models. But since the Vizio software is
nonfree, we don't know what is actually happening behind the scenes,
and there is no guarantee that all future updates will leave the
settings unchanged.</p>
<p>If you already own a Vizio “smart” TV (or any “smart” TV, for that
matter), the easiest way to make sure it isn't spying on you is
to disconnect it from the Internet, and use a terrestrial antenna
instead. Unfortunately, this is not always possible. Another option,
if you are technically oriented, is to get your own router (which can
be an old computer running completely free software), and set up a
firewall to block connections to Vizio's servers. Or, as a last resort,
you can replace your TV with another model.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-21' --><!--#set -->
<!--#set var='PUB' value='2019-02-20' --><li><small --> <!--#set var='ID' value='M201902200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some portable surveillance
devices (“phones”) now have <a
href="https://www.theguardian.com/technology/2019/feb/20/samsung-galaxy-s10-launch-triple-cameras-ultrasonic-fingerprint-sensors-and-5g">
fingerprint sensors in the display</a>. Does that imply they could
take the fingerprint of anyone who operates the touch screen?</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-20' --><!--#set -->
<!--#set var='PUB' value='2019-02-04' --><li><small --> <!--#set var='ID' value='M201902041' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Twenty nine “beauty camera” apps that used to be
on Google Play had one or more malicious functionalities, such
as stealing users' photos instead of “beautifying” them, <a
href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
href="https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/">
pushing unwanted and often malicious ads on users, and redirecting them
to phishing sites</a> that stole their credentials. Furthermore, the
user interface of most of them was designed to make uninstallation
difficult.</p>
<p>Users should of course uninstall these dangerous apps if they
haven't yet, but they should also stay away from nonfree apps in
general. <em>All</em> nonfree apps carry a potential risk because
there is no easy way of knowing what they really do.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-13' --><!--#set -->
<!--#set var='PUB' value='2019-02-06' --><li><small --> <!--#set var='ID' value='M201902060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many nonfree apps have a surveillance feature for <a
href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
recording all the users' actions</a> in interacting with the app.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-08' --><!--#set -->
<!--#set var='PUB' value='2019-02-01' --><li><small --> <!--#set var='ID' value='M201902010' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>An investigation of the 150 most popular
gratis VPN apps in Google Play found that <a
href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
href="https://www.top10vpn.com/research/free-vpn-investigations/risk-index/">
25% fail to protect their users' privacy</a> due to DNS leaks. In
addition, 85% feature intrusive permissions or functions in their
source code—often used for invasive advertising—that could
potentially also be used to spy on users. Other technical flaws were
found as well.</p>
<p>Moreover, a previous investigation had found that <a
href="https://www.top10vpn.com/free-vpn-app-investigation/">half
href="https://www.top10vpn.com/research/free-vpn-investigations/ownership/">half of
the top 10 gratis VPN apps have lousy privacy policies</a>.</p>
<p><small>(It is unfortunate that these articles talk about “free
apps.” These apps are gratis, but they are <em>not</em> <a
href="/philosophy/free-sw.html">free software</a>.)</small></p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-07' --><!--#set -->
<!--#set var='PUB' value='2019-02-04' --><li><small --> <!--#set var='ID' value='M201902040' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google invites people to <a
href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
let Google monitor their phone use, and all internet use in their
homes, for an extravagant payment of $20</a>.</p>
<p>This is not a malicious functionality of a program with some other
purpose; this is the software's sole purpose, and Google says so. But
Google says it in a way that encourages most people to ignore the
details. That, we believe, makes it fitting to list here.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-03' --><!--#set -->
<!--#set var='PUB' value='2019-01-23' --><li><small --> <!--#set var='ID' value='M201901230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Google is modifying Chromium so that <a
href="https://tech.slashdot.org/story/19/01/23/0048202/google-proposes-changes-to-chromium-browser-that-will-break-content-blocking-extensions-including-various-ad-blockers">
extensions won't be able to alter or block whatever the page
contains</a>. Users could conceivably reverse the change in a fork
of Chromium, but surely Chrome (nonfree) will have the same change,
and users can't fix it there.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-02' --><!--#set -->
<!--#set var='PUB' value='2018-12-29' --><li><small --> <!--#set var='ID' value='M201812290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Around 40% of gratis Android apps <a
href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
report on the user's actions to Facebook</a>.</p>
<p>Often they send the machine's “advertising ID,” so that
Facebook can correlate the data it obtains from the same machine via
various apps. Some of them send Facebook detailed information about
the user's activities in the app; others only say that the user is
using that app, but that alone is often quite informative.</p>
<p>This spying occurs regardless of whether the user has a Facebook
account.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-02-02' --><!--#set -->
<!--#set var='PUB' value='2018-11-02' --><li><small --> <!--#set var='ID' value='M201811020' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Foundry's graphics software <a
href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
reports information to identify who is running it</a>. The result is
often a legal threat demanding a lot of money.</p>
<p>The fact that this is used for repression of forbidden sharing
makes it even more vicious.</p>
<p>This illustrates that making unauthorized copies of nonfree software
is not a cure for the injustice of nonfree software. It may avoid
paying for the nasty thing, but cannot make it less nasty.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-28' --><!--#set -->
<!--#set var='PUB' value='2019-01-11' --><li><small --> <!--#set var='ID' value='M201901110' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Samsung phones come preloaded with <a
href="https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook">
a version of the Facebook app that can't be deleted</a>. <a
href="https://www.infopackets.com/news/10484/truth-behind-undeletable-facebook-app">
Facebook claims this is a stub</a> which doesn't do anything, but we
have to take their word for it, and there is the permanent risk that
the app will be activated by an automatic update.</p>
<p>Preloading crapware along with a nonfree operating system is common
practice, but by making the crapware undeletable, Facebook and Samsung (<a
class="not-a-duplicate"
href="https://www.bloomberg.com/news/articles/2019-01-08/samsung-phone-users-get-a-shock-they-can-t-delete-facebook">among others</a>)
are going one step further in their hijacking of users' devices.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-21' --><!--#set -->
<!--#set var='PUB' value='2019-01-10' --><li><small --> <!--#set var='ID' value='M201901101' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Until 2015, any tweet that listed a geographical tag <a
href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/">
sent the precise GPS location to Twitter's server</a>. It still
contains these GPS locations.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-15' --><!--#set -->
<!--#set var='PUB' value='2016-12-29' --><li><small --> <!--#set var='ID' value='M201612290' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In the game Fruit Pop, the player buys boosts with coins to get
a high score. The player gets coins at the end of each game, and can
buy more coins with real money.</p>
<p>Getting a higher score once leads the player to desire higher
score again later. But the higher score resulting from the boost <a
href="https://qz.com/873348/50000-coins-for-1-99-how-mobile-game-in-app-purchases-are-warping-kids-understanding-of-basic-economic-ideas/">does
href="https://qz.com/873348/50000-coins-for-1-99-how-mobile-game-in-app-purchases-are-warping-kids-understanding-of-basic-economic-ideas">does
not give the player more coins, and does not help the player get
a higher score in subsequent games</a>. To get that, the player
will need a boost frequently, and usually has to pay real money
for that. Since boosts are exciting and entertaining, the player is
subtly pushed to purchase more coins with real money to get boosts,
and it can develop into a costly habit.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-14' --><!--#set -->
<!--#set var='PUB' value='2016-12-14' --><li><small --> <!--#set var='ID' value='M201612140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Microsoft Telemetry Compatibility service <a
href="https://answers.microsoft.com/en-us/windows/forum/all/microsoft-telemetry-compatibility/cefa7c8e-49c9-4965-aef6-2d5f01bb38f2">
drastically reduces the performances of machines running
Windows 10</a>, and can't be disabled easily.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-13' --><!--#set -->
<!--#set var='PUB' value='2019-01-10' --><li><small --> <!--#set var='ID' value='M201901100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
href="https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html">
send the video they capture to Amazon servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone that comes near, or merely
passes by, the user's front door.</p>
<p>The article focuses on how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but the primary abuse—that Amazon gets the
video—Amazon expects society to surrender to.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-06' --><!--#set -->
<!--#set var='PUB' value='2019-01-05' --><li><small --> <!--#set var='ID' value='M201901050' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The Weather Channel app <a
href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
stored users' locations to the company's server</a>. The company is
being sued, demanding that it notify the users of what it will do
with the data.</p>
<p>We think that lawsuit is about a side issue. What the company does
with the data is a secondary issue. The principal wrong here is that
the company gets that data at all.</p>
<p><a
href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
Other weather apps</a>, including Accuweather and WeatherBug, are
tracking people's locations.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2019-01-01' --><!--#set -->
<!--#set var='PUB' value='2018-12-30' --><li><small --> <!--#set var='ID' value='M201812300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>New GM cars <a
href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html">
offer the feature of a universal back door</a>.</p>
<p>Every nonfree program offers the user zero security against its
developer. With this malfeature, GM has explicitly made things even
worse.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-12-11' --><!--#set -->
<!--#set var='PUB' value='2018-12-06' --><li><small --> <!--#set var='ID' value='M201812060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Facebook's app got “consent” to <a
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
upload call logs automatically from Android phones</a> while disguising
what the “consent” was for.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-12-04' --><!--#set -->
<!--#set var='PUB' value='2018-11-27' --><li><small --> <!--#set var='ID' value='M201811270' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Many web sites use JavaScript code <a
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
href="https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
to snoop on information that users have typed into a
form but not sent</a>, in order to learn their identity. Some are <a
href="https://www.manatt.com/insights/newsletters/advertising-law/sites-illegally-tracked-consumers-new-suits-allege">
getting sued</a> for this.</p>
<p>The chat facilities of some customer services use the same sort of
malware to <a
href="https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119">
read what the user is typing before it is posted</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-11-13' --><!--#set -->
<!--#set var='PUB' value='2018-11-10' --><li><small --> <!--#set var='ID' value='M201811100' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Corel Paintshop Pro has a <a
href="https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/">
back door that can make it cease to function</a>.</p>
<p>The article is full of confusions, errors and biases that we have
an obligation to expose, given that we are making a link to them.</p>
<ul>
<li>Getting a patent does not “enable” a company to do
any particular thing in its products. What it does enable the company
to do is sue other companies if they do some particular thing in
their products.</li>
<li>A company's policies about when to attack users through a back
door are beside the point. Inserting the back door is wrong in the
first place, and using the back door is always wrong too. No software
developer should have that power over users.</li>
<li>“<a
href="/philosophy/words-to-avoid.html#Piracy">Piracy</a>” means
attacking ships. Using that word to refer to sharing copies is a smear;
please don't smear sharing.</li>
<li><p>The idea of “protecting our IP” is
total confusion. The term “IP” itself is a <a
href="/philosophy/not-ipr.html">bogus generalization about things
that have nothing in common</a>.</p>
<p>In addition, to speak of “protecting” that bogus
generalization is a separate absurdity. It's like calling the cops
because neighbors' kids are playing on your front yard, and saying
that you're “protecting the boundary line”. The kids can't do harm
to the boundary line, not even with a jackhammer, because it is an
abstraction and can't be affected by physical action.</p></li>
</ul>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-11-04' --><!--#set -->
<!--#set var='PUB' value='2018-10-30' --><li><small --> <!--#set var='ID' value='M201810300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Nearly all “home security cameras” <a
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds-a8814384448/">
give the manufacturer an unencrypted copy of everything they
see</a>. “Home insecurity camera” would be a better
name!</p>
<p>When Consumer Reports tested them, it suggested that these
manufacturers promise not to look at what's in the videos. That's not
security for your home. Security means making sure they don't get to
see through your camera.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-30' --><!--#set -->
<!--#set var='PUB' value='2018-10-24' --><li><small --> <!--#set var='ID' value='M201810244' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Some Android apps <a
href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
href="https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
track the phones of users that have deleted them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-29' --><!--#set -->
<!--#set var='PUB' value='2018-10-24' --><li><small --> <!--#set var='ID' value='M201810240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Apple and Samsung deliberately <a
href="https://www.theguardian.com/technology/2018/oct/24/apple-samsung-fined-for-slowing-down-phones">degrade
the performance of older phones to force users to buy their newer
phones</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-26' --><!--#set -->
<!--#set var='PUB' value='2018-10-23' --><li><small --> <!--#set var='ID' value='M201810230' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>GM <a
href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
tracked the choices of radio programs</a> in its
“connected” cars, minute by minute.</p>
<p>GM did not get users' consent, but it could have got that easily by
sneaking it into the contract that users sign for some digital service
or other. A requirement for consent is effectively no protection.</p>
<p>The cars can also collect lots of other data: listening to you,
watching you, following your movements, tracking passengers' cell
phones. <em>All</em> such data collection should be forbidden.</p>
<p>But if you really want to be safe, we must make sure the car's
hardware cannot collect any of that data, or that the software
is free so we know it won't collect any of that data.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-22' --><!--#set -->
<!--#set var='PUB' value='2018-10-15' --><li><small --> <!--#set var='ID' value='M201810150' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Printer manufacturers are very innovative—at blocking the
use of independent replacement ink cartridges. Their “security
upgrades” occasionally impose new forms of cartridge DRM. <a
href="https://www.vice.com/en/article/pa98ab/printer-makers-are-crippling-cheap-ink-cartridges-via-bogus-security-updates">
HP and Epson have done this</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-11' --><!--#set -->
<!--#set var='PUB' value='2018-07-31' --><li><small --> <!--#set var='ID' value='M201807310' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A nonfree video game, available through the nonfree Steam client, <a
href="https://www.extremetech.com/gaming/274552-great-now-games-are-hijacking-systems-with-">
href="https://www.extremetech.com/gaming/274552-great-now-games-are-hijacking-systems-with-cryptocurrency-miners">
included a “miner”</a>, i.e. an executable that hijacks
the CPU in users' computers to mine a cryptocurrency.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-11' --><!--#set -->
<!--#set var='PUB' value='2018-05-08' --><li><small --> <!--#set var='ID' value='M201805080' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>A cracker used an exploit in outdated software to <a
href="https://www.pcmag.com/news/360968/400-websites-secretly-served-cryptocurrency-miners-to-visito">
href="https://www.pcmag.com/news/400-websites-secretly-served-cryptocurrency-miners-to-visitors">
inject a “miner” in web pages</a> served to visitors. This
type of malware hijacks the computer's processor to mine a
cryptocurrency.</p>
<p><small>(Note that the article refers to the infected software
as “content management system”. A better term would be
“<a href="/philosophy/words-to-avoid.html#Content">website
revision system</a>”.)</small></p>
<p>Since the miner was a nonfree JavaScript program,
visitors wouldn't have been affected if they had used <a
href="/software/librejs/index.html">LibreJS</a>. Some
browser extensions that <a
href="https://www.cnet.com/tech/computing/how-to-stop-sites-from-using-your-cpu-to-mine-coins/">
specifically block JavaScript miners</a> are also available.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-10-01' --><!--#set -->
<!--#set var='PUB' value='2018-09-26' --><li><small --> <!--#set var='ID' value='M201809260' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Honeywell's “smart” thermostats communicate
only through the company's server. They have
all the nasty characteristics of such devices: <a
href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9">
surveillance, and danger of sabotage</a> (of a specific user, or of
all users at once), as well as the risk of an outage (which is what
just happened).</p>
<p>In addition, setting the desired temperature requires running
nonfree software. With an old-fashioned thermostat, you can do it
using controls right on the thermostat.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-09-25' --><!--#set -->
<!--#set var='PUB' value='2018-09-24' --><li><small --> <!--#set var='ID' value='M201809240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Researchers have discovered how to <a
href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
href="https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co">
hide voice commands in other audio</a>, so that people cannot hear
them, but Alexa and Siri can.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-09-22' --><!--#set -->
<!--#set var='PUB' value='2018-09-14' --><li><small --> <!--#set var='ID' value='M201809140' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Android has a <a
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
href="https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
back door for remotely changing “user” settings</a>.</p>
<p>The article suggests it might be a universal back door, but this
isn't clear.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-09-18' --><!--#set -->
<!--#set var='PUB' value='2018-09-12' --><li><small --> <!--#set var='ID' value='M201809120' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>One version of Windows 10 <a
href="https://www.ghacks.net/2018/09/12/microsoft-intercepting-firefox-chrome-installation-on-windows-10/">
harangues users if they try to install Firefox (or Chrome)</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-09-15' --><!--#set -->
<!--#set var='PUB' value='2017-12-06' --><li><small --> <!--#set var='ID' value='M201712060' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Learn how <a
href="https://web.archive.org/web/20170319013045/https://www.huffingtonpost.com/joseph-farrell/the-fascinating-psycholog_b_6076502.html">
gratis-to-play-and-not-win-much games manipulate their useds
psychologically</a>.</p>
<p>These manipulative behaviors are malicious functionalities, and they
are possible because the game is proprietary. If it were free, people
could publish a non-manipulative version and play that instead.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-08-24' --><!--#set -->
<!--#set var='PUB' value='2018-06-24' --><li><small --> <!--#set var='ID' value='M201806240' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Red Shell is a spyware that
is found in many proprietary games. It <a
href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
tracks data on users' computers and sends it to third parties</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-08-24' --><!--#set -->
<!--#set var='PUB' value='2005-10-20' --><li><small --> <!--#set var='ID' value='M200510200' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>Blizzard Warden is a hidden
“cheating-prevention” program that <a
href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
spies on every process running on a gamer's computer and sniffs a
good deal of personal data</a>, including lots of activities which
have nothing to do with cheating.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-07-15' --><!--#set -->
<!--#set var='PUB' value='2018-06-25' --><li><small --> <!--#set var='ID' value='M201806250' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>The game Metal Gear Rising for
MacOS was tethered to a server. The company <a
href="http://www.gamerevolution.com/news/400087-metal-gear-rising-mac-unplayable-drm">
href="https://www.gamerevolution.com/news/400087-metal-gear-rising-mac-unplayable-drm">
shut down the server, and all copies stopped working</a>.</p>
</li>
<!-- Copied from workshop/mal.rec; don't edit in all.html. -->
<!--#set var='ADD' value='2018-02-10' --><!--#set -->
<!--#set var='PUB' value='2018-03-30' --><li><small --> <!--#set var='ID' value='M201803300' -->
<li id='<!--#echo encoding='none' var='ID' -->'>
<small class='date-tag'>Added: <span class="gnun-split"></span><!--#echo
encoding='none' var='ADD' --><span class="gnun-split"></span>
— Latest reference: <span class="gnun-split"></span><!--#echo
encoding='none' var='PUB' --></small>
<p>In MacOS and iOS, the procedure for <a
href="https://support.apple.com/guide/photos/export-photos-videos-and-slideshows-pht6e157c5f/mac">
converting images from the Photos format</a> to a free format is so
tedious and time-consuming that users just give up if they have a
lot of them.</p>
</li>
</ul>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2018-2021 2018-2025 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025/05/09 11:37:22 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>