<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Amazon's Software Is Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<!--#include virtual="/proprietary/po/malware-amazon.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="32"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="24"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
By company /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Amazon's Software Is Malware</h2>
<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>
<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>
<div id="TOC" class="toc-inline">
<ul>
<li> <a href="#swindle">Kindle Swindle</a> </li>
<li> <a href="#echo">Echo</a> </li>
<li> <a href="#misc">Other products</a> </li>
</ul>
</div>
<div class="big-section">
<h3 id="swindle">Kindle Swindle</h3>
</div>
<div style="clear: left;"></div>
<p>We refer to this product as the
<a href="/philosophy/why-call-it-the-swindle.html">Amazon Swindle</a>
because it has <a href="/proprietary/proprietary-drm.html">Digital restrictions
management (DRM)</a> and <a href="/philosophy/ebooks.html">
other malicious functionalities</a>.</p>
<h4 id="back-doors">Back Doors</h4>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201503210">
<!--#set var="DATE" value='<small class="date-tag">2015-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon <a
href="https://www.techdirt.com/articles/20150321/13350230396/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices.shtml">
href="https://www.techdirt.com/2015/03/24/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices/">
downgraded the software in users' Swindles</a> so that those already
rooted would cease to function at all.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201210220.1">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Kindle-Swindle has a back door that has been used to <a
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
href="https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
remotely erase books</a>. One of the books erased was
<cite>1984</cite>, by George Orwell.</p>
<p>Amazon responded to criticism by saying it
would delete books only following orders from the
state. However, that policy didn't last. In 2012 it <a
href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
href="https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
wiped a user's Kindle-Swindle and deleted her account</a>, then
offered her kafkaesque “explanations.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M200700000"> id="M201207150">
<!--#set var="DATE" value='<small class="date-tag">[2007]</small>' class="date-tag">2012-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Kindle also has a <a
href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
href="https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090">
universal back door</a>.</p>
</li>
</ul>
<h4 id="surveillance">Surveillance</h4>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M202001290">
<!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Ring app does <a
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
surveillance for other companies as well as for Amazon</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201902270">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Ring doorbell camera is designed so that the
manufacturer (now Amazon) can watch all the time. Now it turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do not expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows
Amazon to watch</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201901100">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html">
send the video they capture to Amazon servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone that comes near, or merely
passes by, the user's front door.</p>
<p>The article focuses on how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but the primary abuse—that Amazon gets the
video—Amazon expects society to surrender to.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201411090">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon “Smart” TV is <a
href="https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201212030.1">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Electronic Frontier Foundation has examined and found <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">various
kinds of surveillance in the Swindle and other e-readers</a>.</p>
</li>
</ul>
<h4 id="drm">DRM</h4>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M202103100">
<!--#set var="DATE" value='<small class="date-tag">2021-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon's monopoly and DRM is <a
href="https://www.washingtonpost.com/technology/2021/03/10/amazon-library-ebook-monopoly/">stopping
public libraries from lending e-books and
audiobooks</a>. Amazon became powerful in e-book world by <a
href="/philosophy/why-call-it-the-swindle.html">Swindle</a>,
and is now misusing its power and violates people's rights using
<a href="https://www.defectivebydesign.org">Digital Restrictions
Management</a>.</p>
<p>The article is written in a way that endorses DRM in general, which
is unacceptable. <a href="/proprietary/proprietary-drm.html">DRM is
an injustice to people</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201704130.1">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="https://itstillworks.com/kindle-drm-17841.html">
The Amazon Kindle has DRM</a>. That article is flawed in that it
fails to treat DRM as an ethical question; it takes for granted that
whatever Amazon might do to its users is legitimate. It refers to
DRM as digital “rights” management, which is the spin
term used to promote DRM. Nonetheless it serves as a reference for
the facts.</p>
</li>
</ul>
<div class="big-section">
<h3 id="echo">Echo</h3>
</div>
<div style="clear: left;"></div>
<h4 id="echo-back-doors">Back Doors</h4>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201606060">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Echo appears to have a universal back door, since <a
href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
it installs “updates” automatically</a>.</p>
<p>We have found nothing explicitly documenting the lack of any way
to disable remote changes to the software, so we are not completely
sure there isn't one, but this seems pretty clear.</p>
</li>
</ul>
<h4 id="echo-surveillance">Surveillance</h4>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201905061">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Alexa collects a lot more information from users
than is necessary for correct functioning (time, location,
recordings made without a legitimate prompt), and sends
it to Amazon's servers, which store it indefinitely. Even
worse, Amazon forwards it to third-party companies. Thus,
even if users request deletion of their data from Amazon's servers, <a
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
href="https://web.archive.org/web/20190507014804/https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
the data remain on other servers</a>, where they can be accessed by
advertising companies and government agencies. In other words,
deleting the collected information doesn't cancel the wrong of
collecting it.</p>
<p>Data collected by devices such as the Nest thermostat, the Philips
Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
speakers are likewise stored longer than necessary on the servers
the devices are tethered to. Moreover, they are made available to
Alexa. As a result, Amazon has a very precise picture of users' life
at home, not only in the present, but in the past (and, who knows,
in the future too?)</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201904240">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some of users' commands to the Alexa service are <a
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
recorded for Amazon employees to listen to</a>. The Google and Apple
voice assistants do similar things.</p>
<p>A fraction of the Alexa service staff even has access to <a
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
href="https://news.bloomberglaw.com/tech-and-telecom-law/amazons-alexa-reviewers-can-access-customers-home-addresses">
location and other personal data</a>.</p>
<p>Since the client program is nonfree, and data processing is done
“<a href="/philosophy/words-to-avoid.html#CloudComputing">in
the cloud</a>” (a soothing way of saying “We won't
tell you how and where it's done”), users have no way
to know what happens to the recordings unless human eavesdroppers <a
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
href="https://web.archive.org/web/20240416214211/https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
break their non-disclosure agreements</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201808120">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Crackers found a way to break the security of an Amazon device,
and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
turn it into a listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
easier for Amazon. And if some government such as China or the US
told Amazon to do this, or cease to sell the product in that country,
do you think Amazon would have the moral fiber to say no?</p>
<p><small>(These crackers are probably hackers too, but please <a
href="https://stallman.org/articles/on-hacking.html"> don't use
“hacking” to mean “breaking security”</a>.)</small></p>
</li>
</ul>
<div class="big-section">
<h3 id="misc">Other products</h3>
</div>
<div style="clear: left;"></div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201912170"> id="M202204040">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>' class="date-tag">2022-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some security breakers (wrongly referred in this article as <a
href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>)
managed to interfere the
<p>New Amazon Ring proprietary system, and worker chat app <a
href="https://www.theguardian.com/technology/2019/dec/13/ring-hackers-reportedly-watching-talking-strangers-in-home-cameras">access
its camera, speakers
href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would
ban specific words Amazon doesn't like</a>, such as
“union”, “restrooms”, and microphones</a>.</p>
</li>
<li id="M201902270">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Ring (now Amazon) doorbell camera is designed so that “pay
raise”. If the
manufacturer (now Amazon) can watch all app was free, workers could modify the time. Now program
so it turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do acts as they wish, not expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows how Amazon to watch</a>.</p> wants it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201901100"> id="M201911190">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>' class="date-tag">2019-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
send the video they capture to
<p>Internet-tethered Amazon servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone Ring had
a security vulnerability that comes near, or merely
passes by, enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
access the user's front door.</p>
<p>The article focuses wifi password</a>, and snoop on how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but the primary abuse—that Amazon gets household
through connected surveillance devices.</p>
<p>Knowledge of the
video—Amazon expects society wifi password would not be sufficient to surrender to.</p> carry
out any significant surveillance if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
manufacturers for snooping.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201711200">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon recently invited consumers to be suckers and <a
href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo">
href="https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/">
allow delivery staff to open their front doors</a>. Wouldn't you know
it, the system has a grave security flaw.</p>
</li>
<li id="M201411090">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon “Smart” TV is <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
</ul>
</div>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2014-2022 2014-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024/10/05 16:35:16 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>