msgid "Malware in Appliances - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "product /" msgstr "" #. type: Content of: <div><h2> msgid "Malware in Appliances" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Don't trust “connected” appliances" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Most of the devices listed here are “connected”—they try " "to talk over the internet with someone (typically a company) other than the " "nominal owner. Such an appliance is inherently untrustworthy: no matter " "what company it is, you should never trust it <em>that far</em>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The appliances we are dealing with contain software, almost always nonfree " "software. It is reasonable to treat this software as <a " "href=\"/philosophy/free-hardware-designs.html#boundary\">equivalent to a " "bunch of circuits</a>, provided it is <em>never</em> changed (not even if " "the change is called an “upgrade”)." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In a connected appliance, it is hard to ensure that software won't be " "changed. Typically a connected appliance will have a universal back " "door—a feature that allows the company to remotely replace the " "software in it, over the internet. Some appliances might be exceptions, but " "we can never verify that a given appliance is an exception. Thus, we can " "never be sure that software in it won't be changed." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In practice, these “upgrades” can amount to sabotage. Let's " "assume, for instance, that your printer accepts third-party ink " "cartridges. You have no guarantee that, some day, the manufacturer will not " "install malicious code to reject them. With a connected device, you must " "expect this." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The manufacturer may try to justify these “upgrades” in the name " "of “security.” You can respond by asking: “Whose security? " "Security for me, or for the manufacturer against me?” If the " "manufacturer writes the software, in practice it implements security for " "itself against the customers." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Even without changing the code in the device, the company can use the " "“connection” to do nasty things to you—for instance, snoop " "on you, your family and your guests, or make it stop running at all." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The reliable way to prevent abuse of this sort is to block the appliance " "from communicating by internet with anything other than <em>your own " "computer</em>. (You can make your own computer more secure by running " "exclusively free software in it.)" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In an ideal world, appliances would contain 100% free software, so our " "community could correct any problems the software might have. The free " "software would obey <em>us</em>, not companies. That software would not let " "anyone change it without entering passwords that the <em>owners</em> chose." msgstr "" #. type: Content of: <div><div><h3> msgid "Examples of malware in appliances" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Canon is <a " "href=\"https://arstechnica.com/gadgets/2025/01/canon-charges-50-per-year-to-use-a-900-camera-as-a-functional-webcam/\"> " "preventing customers from using one of its cameras as a webcam</a> unless " "they create an account on the company's server, and pay an additional " "subscription. This unjust practice could be eliminated if the camera " "firmware were free (as in freedom)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company making a “smart” bassinet called Snoo has <a " "href=\"https://www.theverge.com/2024/7/20/24202166/snoo-premium-subscription-happiest-baby\"> " "locked the most advanced functionalities of the Snoo behind a " "paywall</a>. This unexpected change mainly affects users who received the " "appliance as a gift, or bought it second-hand on the assumption that all " "these functionalities would be available to them, as they used to be. This " "is another example of the deceptive behavior of proprietary software " "developers who take advantage of their power over users to change rules at " "will." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Another malicious feature of the Snoo is the fact that users need to create " "an account with the company, which thus has access to personal data, " "location (SSID), appliance log, etc., as well as manual notes about baby " "history." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Surveillance cameras put in by government A to surveil for it may be " "surveilling for government B as well. That's because A put in a product <a " "href=\"https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html\"> " "made by B with nonfree software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Please note that this article misuses the word “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hack</a>” to mean " "“break security.”)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Australia, people assume that “smart” means " "“tethered.” When people's ISP goes down, <a " "href=\"https://www.theguardian.com/business/2023/nov/10/optus-went-down-and-the-smart-lights-came-on-and-then-marayke-was-stranded-in-bed\"> " "all the tethered devices become useless</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That's in addition to the nasty things tethered devices do when they are " "“functioning” normally—such as snoop on the commands sent " "to the device and the results they report." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Smart <em>users</em> know better than to accept tethered devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Chamberlain Group <a " "href=\"https://arstechnica.com/gadgets/2023/11/chamberlain-blocks-smart-garage-door-opener-from-working-with-smart-homes/\">blocks " "users from using third-party software</a> with its garage openers. This is " "an intentional attack on using free software. The official garage opener " "proprietary mobile app is now also <a " "href=\"https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain\">infested " "with ads, including up-selling its other services and devices.</a>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Philips Hue, the most ubiquitous home automation product in the US, is " "planning to soon <a " "href=\"https://boingboing.net/2023/09/27/philips-hue-to-make-you-create-an-account-and-log-in-to-adjust-your-lightbulbs.html\"> " "force users to log in to the app server</a> in order to be able to adjust a " "lightbulb, or use other functionalities, in what amounts to a massive " "user-tracking data grab." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google Nest snooper/surveillance cameras are always tethered to Google " "servers, record videos 24/7, and are <a " "href=\"https://arstechnica.com/gadgets/2023/09/google-nest-cameras-get-a-25-33-subscription-price-hike/\"> " "subscription-based, which is an injustice to people who use them</a>. The " "article discusses the rise in prices for “plans” you can buy " "from Google, which include storing videos in the " "“cloud”—another word for someone else's computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Bambu Lab 3D printers were reported to <a " "href=\"https://arstechnica.com/gadgets/2023/08/3d-printers-print-break-on-their-own-due-to-cloud-outage/\"> " "start printing without user's consent</a>, as a result of a malfunction of " "the servers to which they were tethered. This caused significant damage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2023/jul/04/smile-youre-on-camera-self-driving-cars-are-here-and-theyre-watching-you\"> " "Driverless cars in San Francisco collect videos constantly</a>, using " "cameras inside and outside, and governments have already collected those " "videos secretly." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "As the Surveillance Technology Oversight Project says, they are " "“driving us straight into authoritarianism.” We must <a " "href=\"/philosophy/surveillance-vs-democracy.html\">regulate <em>all</em> " "cameras that collect images that can be used to track people</a>, to make " "sure they are not used for that." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP delivers printers with a universal back door, and recently used it to <a " "href=\"https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge\"> " "sabotage them by remotely installing malware</a>. The malware makes the " "printer refuse to function with non-HP ink cartrides, and even with old HP " "cartridges which HP now declares to have “expired.” HP calls the " "back door “dynamic security,” and has the gall to claim that " "this “security” protects users from malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own an HP printer that can still use non-HP cartridges, we urge you " "to disconnect it from the internet. This will ensure that HP doesn't " "sabotage it by “updating” its software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note how the author of the Guardian article credulously repeats HP's " "assertion that the “dynamic security” feature protects users " "against malware, not recognizing that the article demonstrates it does the " "opposite.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Controlling Honeywell internet thermostats with the dedicated app has proven " "unreliable, due to <a " "href=\"https://piunikaweb.com/2022/03/15/honeywell-total-connect-comfort-app-website-not-working-issue/\"> " "recurrent connection issues with the server these thermostats are tethered " "to</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a hreflang=\"ja\" href=\"https://ja.wikipedia.org/wiki/B-CAS\">B-CAS</a> <a " "href=\"#m1\">[1]</a> is the digital restrictions management (DRM) system " "used by Japanese TV broadcasters, including NHK (public-service TV). It is " "sold by the B-CAS company, which has a de-facto monopoly on it. Initially " "intended for pay-TV, its use was extended to digital free-to-air " "broadcasting as a means to enforce restrictions on copyrighted works. The " "system encrypts works that permit free redistribution just like other works, " "thus denying users their nominal rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "On the client side, B-CAS is typically implemented by a card that plugs into " "a compatible receiver, or alternatively by a tuner card that plugs into a " "computer. Beside implementing drastic copying and viewing restrictions, this " "system gives broadcasters full power over users, through back doors among " "other means. For example:" msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "It can force messages to the user's TV screen, and the user can't turn them " "off." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "It can collect viewing information and send it to other companies to take " "surveys. Until 2011, user registration was required, so the viewing habits " "of each customer were recorded. We don't know whether this personal " "information was deleted from the company's servers after 2011." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "Each card has an ID, which enables broadcasters to force customer-specific " "updates via the back door normally used to update the decryption key. Thus " "pay-TV broadcasters can disable decryption of the broadcast wave if " "subscription fees are not paid on time. This feature could also be used by " "any broadcaster (possibly instructed by the government) to stop certain " "persons from watching TV." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "As the export of B-CAS cards is illegal, people outside Japan can't " "(officially) decrypt the satellite broadcast signal that may spill over to " "their location. They are thus deprived of a valuable source of information " "about what happens in Japan." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "These unacceptable restrictions led to a sort of cat-and-mouse game, with " "some users doing their best to bypass the system, and broadcasters trying to " "stop them without much success: cryptographic keys were retrieved through " "the back door of the B-CAS card, illegal cards were made and sold on the " "black market, as well as a tuner for PC that disables the copy control " "signal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While B-CAS cards are still in use with older equipment, modern high " "definition TVs have an even nastier version of this DRM (called ACAS) in a " "special chip that is built into the receiver. The chip can update its own " "software from the company's servers, even when the receiver is turned off " "(but still plugged into an outlet). This feature could be abused to disable " "stored TV programs that the power in place doesn't agree with, thus " "interfering with free speech." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Being part of the receiver, the ACAS chip is supposed to be " "tamper-resistant. Time will tell…" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>[1] We thank the free software supporter who translated this article " "from Japanese, and shared his experience of B-CAS with us. (Unfortunately, " "the article presents DRM as a good thing.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Epson printers are programmed to <a " "href=\"https://hardware.slashdot.org/story/22/08/07/0350244/epson-programs-some-printers-to-stop-operating-claiming-danger-of-ink-spills\"> " "stop working after they have printed a predetermined number of pages</a>, on " "the pretext that ink pads become saturated with ink. This constitutes an " "unacceptable infringement on users' freedom to use their printers as they " "wish, and on their <a " "href=\"https://fighttorepair.substack.com/p/citing-danger-of-ink-spills-epson\"> " "right to repair them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Today's “smart” TVs <a " "href=\"https://www.techdirt.com/2022/04/14/its-still-stupidly-ridiculously-difficult-to-buy-a-dumb-tv/\"> " "push people to surrender to tracking via internet</a>. Some won't work " "unless they have a chance to download nonfree software. And they are " "designed for programmed obsolescence." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hewlett-Packard is <a " "href=\"https://www.theguardian.com/money/2022/feb/19/how-cheap-ink-cartridges-can-cost-you-dear\"> " "implementing DRM in its printers</a> so they refuse to print with ink " "cartridges from another supplier." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.eff.org/deeplinks/2022/02/worst-timeline-printer-company-putting-drm-paper-now\"> " "Dymo is now embedding DRM in the paper rolls for its label printers</a> to " "make those printers reject equivalent paper rolls made by other " "companies. This is implemented by an RFID tag, which keeps track of how many " "labels remain on the roll, and blocks further printing when the roll is " "empty—an efficient way to prevent reusing the same RFID with a " "third-party roll." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Smart” TV manufacturers <a " "href=\"https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data\"> " "spy on people using various methods</a>, and harvest their data. They are " "collecting audio, video, and TV usage data to profile people." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "NordicTrack, a company that sells exercise machines with ability to show " "videos <a " "href=\"https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/\">limits " "what people can watch, and recently disabled a feature</a> that was " "originally functional. This happened through automatic update and probably " "involved a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Recent Samsung TVs have a back door with which Samsung can <a " "href=\"https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide\"> " "brick them remotely</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most Internet connected devices in Mozilla's <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/\">“Privacy " "Not Included”</a> list <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/arlo-video-doorbell/\">are " "designed to snoop on users</a> even if they meet Mozilla's “Minimum " "Security Standards.” Insecure design of the program running on some of " "these devices <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/vibratissimo-panty-buster/\">makes " "the user susceptible to be snooped on and exploited by crackers as well</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Wavelink and JetStream wifi routers have universal back doors that " "enable unauthenticated users to remotely control not only the routers, but " "also any devices connected to the network. There is evidence that <a " "href=\"https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/\"> " "this vulnerability is actively exploited</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you consider buying a router, we encourage you to get one that <a " "href=\"https://ryf.fsf.org/categories/routers\">runs on free " "software</a>. Any attempts at introducing malicious functionalities in it " "(e.g., through a firmware update) will be detected by the community, and " "soon corrected." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If unfortunately you own a router that runs on proprietary software, don't " "panic! You may be able to replace its firmware with a free operating system " "such as <a href=\"https://librecmc.org\">libreCMC</a>. If you don't know " "how, you can get help from a nearby GNU/Linux user group." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Focals eyeglass display, with snooping microphone, has been eliminated. " "Google eliminated it by buying the manufacturer and shutting it down. It " "also <a " "href=\"https://www.ctvnews.ca/sci-tech/article/canadian-smart-glasses-going-offline-weeks-after-company-bought-by-google/\">shut " "down the server these devices depend on</a>, which caused the ones already " "sold to cease to function." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It may be a good thing to wipe out this product—for " "“smart,” read “snoop”—but Google didn't do " "that for the sake of privacy. Rather, it was eliminating competition for " "its own snooping product." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Mellow sous-vide cooker is tethered to a server. The company suddenly <a " "href=\"https://www.slashgear.com/mellow-sous-vide-owners-get-unwelcome-subscription-surprise-28630842/\"> " "turned this tethering into a subscription</a>, forbidding users from taking " "advantage of the “advanced features” of the cooker unless they " "pay a monthly fee." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "TV manufacturers are able to <a " "href=\"https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/\">snoop " "every second of what the user is watching</a>. This is illegal due to the " "Video Privacy Protection Act of 1988, but they're circumventing it through " "EULAs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.wired.com/story/ripple20-iot-vulnerabilities/\"> A " "disasterous security bug</a> touches millions of products in the Internet of " "Stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "As a result, anyone can sting the user, not only the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Wink sells a “smart” home hub that is tethered to a server. In " "May 2020, it ordered the purchasers to start <a " "href=\"https://www.techhive.com/article/578539/wink-users-revolt-following-its-sudden-shift-to-a-subscription-model.html\"> " "paying a monthly fee for the use of that server</a>. Because of the " "tethering, the hub is useless without that." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Ring app does <a " "href=\"https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report\"> " "surveillance for other companies as well as for Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "As tech companies add microphones to a wide range of products, including " "refrigerators and motor vehicles, they also set up transcription farms where " "human employees <a " "href=\"https://getpocket.com/explore/item/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in\"> " "listen to what people say</a> and tweak the recognition algorithms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Internet-tethered Amazon Ring had a security vulnerability that enabled " "attackers to <a " "href=\"https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password\"> " "access the user's wifi password</a>, and snoop on the household through " "connected surveillance devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Knowledge of the wifi password would not be sufficient to carry out any " "significant surveillance if the devices implemented proper security, " "including encryption. But many devices with proprietary software lack " "this. Of course, they are also used by their manufacturers for snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Best Buy made controllable appliances and <a " "href=\"https://www.theverge.com/2019/9/6/20853671/best-buy-connect-insignia-smart-plug-wifi-freezer-mobile-app-shutdown-november-6\"> " "shut down the service to control them through</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Best Buy acknowledged that it was mistreating its customers by doing so, and " "offered reimbursement of the affected appliances. The fact remains, however, " "that tethering a device to a server is a way of restricting and harassing " "users. The nonfree software in the device is what stops users from cutting " "the tether." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Jibo robot toys were tethered to the manufacturer's server, and <a " "href=\"https://apnews.com/article/san-francisco-north-america-technology-business-ap-top-news-99c9ec8ebad242ca88178e22c7642648\"> " "the company made them all cease to work</a> by shutting down that server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The shutdown might ironically be good for their users, since the product was " "designed to manipulate people by presenting a phony semblance of emotions, " "and was most certainly spying on them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The British supermarket Tesco sold tablets which were tethered to Tesco's " "server for reinstalling default settings. Tesco <a " "href=\"https://www.theguardian.com/money/2019/mar/25/tesco-hudl-tablet-support-kill-fix\"> " "turned off the server for old models</a>, so now if you try to reinstall the " "default settings, it bricks them instead." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Ring doorbell camera is designed so that the manufacturer (now Amazon) " "can watch all the time. Now it turns out that <a " "href=\"https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> " "anyone else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The HP <a href=\"https://boingboing.net/2019/02/08/inkjet-dystopias.html\"> " "“ink subscription” cartridges have DRM that constantly " "communicates with HP servers</a> to make sure the user is still paying for " "the subscription, and hasn't printed more pages than were paid for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even though the ink subscription program may be cheaper in some specific " "cases, it spies on users, and involves totally unacceptable restrictions in " "the use of ink cartridges that would otherwise be in working order." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon Ring “security” devices <a " "href=\"https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html\"> " "send the video they capture to Amazon servers</a>, which save it long-term." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In many cases, the video shows everyone that comes near, or merely passes " "by, the user's front door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article focuses on how Ring used to let individual employees look at the " "videos freely. It appears Amazon has tried to prevent that secondary abuse, " "but the primary abuse—that Amazon gets the video—Amazon expects " "society to surrender to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio TVs <a " "href=\"https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019\"> " "collect “whatever the TV sees,”</a> in the own words of the " "company's CTO, and this data is sold to third parties. This is in return for " "“better service” (meaning more intrusive ads?) and slightly " "lower retail prices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What is supposed to make this spying acceptable, according to him, is that " "it is opt-in in newer models. But since the Vizio software is nonfree, we " "don't know what is actually happening behind the scenes, and there is no " "guarantee that all future updates will leave the settings unchanged." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you already own a Vizio “smart” TV (or any " "“smart” TV, for that matter), the easiest way to make sure it " "isn't spying on you is to disconnect it from the Internet, and use a " "terrestrial antenna instead. Unfortunately, this is not always " "possible. Another option, if you are technically oriented, is to get your " "own router (which can be an old computer running completely free software), " "and set up a firewall to block connections to Vizio's servers. Or, as a last " "resort, you can replace your TV with another model." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nearly all “home security cameras” <a " "href=\"https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds-a8814384448/\"> " "give the manufacturer an unencrypted copy of everything they " "see</a>. “Home insecurity camera” would be a better name!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Consumer Reports tested them, it suggested that these manufacturers " "promise not to look at what's in the videos. That's not security for your " "home. Security means making sure they don't get to see through your camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Printer manufacturers are very innovative—at blocking the use of " "independent replacement ink cartridges. Their “security " "upgrades” occasionally impose new forms of cartridge DRM. <a " "href=\"https://www.vice.com/en/article/pa98ab/printer-makers-are-crippling-cheap-ink-cartridges-via-bogus-security-updates\"> " "HP and Epson have done this</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Honeywell's “smart” thermostats communicate only through the " "company's server. They have all the nasty characteristics of such devices: " "<a " "href=\"https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9\"> " "surveillance, and danger of sabotage</a> (of a specific user, or of all " "users at once), as well as the risk of an outage (which is what just " "happened)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition, setting the desired temperature requires running nonfree " "software. With an old-fashioned thermostat, you can do it using controls " "right on the thermostat." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Jawbone fitness tracker was tethered to a proprietary phone app. In " "2017, the company shut down and made the app stop working. <a " "href=\"https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which\">All " "the existing trackers stopped working forever</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article focuses on a further nasty fillip, that sales of the broken " "devices continued. But we think that is a secondary issue; it made the nasty " "consequences extend to some additional people. The fundamental wrong was to " "design the devices to depend on something else that didn't respect users' " "freedom." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A medical insurance company <a " "href=\"https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next/\"> " "offers a gratis electronic toothbrush that snoops on its user by sending " "usage data back over the Internet</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some “Smart” TVs automatically <a " "href=\"https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928\"> " "load downgrades that install a surveillance app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We link to the article for the facts it presents. It is too bad that the " "article finishes by advocating the moral weakness of surrendering to " "Netflix. The Netflix app <a " "href=\"/proprietary/malware-google.html#netflix-app-geolocation-drm\">is " "malware too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple devices lock users in <a " "href=\"https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347\"> " "solely to Apple services</a> by being designed to be incompatible with all " "other options, ethical or unethical." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A remote-control sex toy was found to make <a " "href=\"https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance\">audio " "recordings of the conversation between two users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Logitech will sabotage all Harmony Link household control devices by <a " "href=\"https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/\"> " "turning off the server through which the products' supposed owners " "communicate with them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The owners suspect this is to pressure them to buy a newer model. If they " "are wise, they will learn, rather, to distrust any product that requires " "users to talk with them through some specialized service." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sony has brought back its robotic pet Aibo, this time <a " "href=\"https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet\"> " "with a universal back door, and tethered to a server that requires a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Canary home surveillance camera has been sabotaged by its manufacturer, " "<a " "href=\"https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change\"> " "turning off many features unless the user starts paying for a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With manufacturers like these, who needs security breakers?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The purchasers should learn the larger lesson and reject connected " "appliances with embedded proprietary software. Every such product is a " "temptation to commit sabotage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every “home security” camera, if its manufacturer can " "communicate with it, is a surveillance device. <a " "href=\"https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change\"> " "Canary camera is an example</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article describes wrongdoing by the manufacturer, based on the fact that " "the device is tethered to a server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/proprietary-tethers.html\">More about proprietary " "tethering</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "But it also demonstrates that the device gives the company surveillance " "capability." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sonos <a " "href=\"https://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/\"> " "told all its customers, “Agree” to snooping or the product will " "stop working</a>. <a " "href=\"https://www.consumerreports.org/consumerist/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/\"> " "Another article</a> says they won't forcibly change the software, but people " "won't be able to get any upgrades and eventually it will stop working." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While you're using a DJI drone to snoop on other people, DJI is in many " "cases <a " "href=\"https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity\">snooping " "on you</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras are tremendously insecure. They " "have login accounts with hard-coded passwords, which can't be changed, and " "<a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">there " "is no way to delete these accounts either</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"https://www.bbc.com/news/technology-40042584\"> full of " "gross security faults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Bird and rabbit pets were implemented for Second Life by a company that " "tethered their food to a server. <a " "href=\"https://www.rockpapershotgun.com/second-life-ozimals-pet-rabbits-dying\"> " "It shut down the server and the pets more or less died</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users are suing Bose for <a " "href=\"https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/\"> " "distributing a spyware app for its headphones</a>. Specifically, the app " "would record the names of the audio files users listen to along with the " "headphone's unique serial number." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The suit accuses that this was done without the users' consent. If the fine " "print of the app said that users gave consent for this, would that make it " "acceptable? No way! It should be flat out <a " "href=\"/philosophy/surveillance-vs-democracy.html\"> illegal to design the " "app to snoop at all</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anova sabotaged users' cooking devices with a downgrade that tethered them " "to a remote server. <a " "href=\"https://web.archive.org/web/20170415145520/https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/\">Unless " "users create an account on Anova's servers, their cookers won't " "function</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A computerized vibrator <a " "href=\"https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack\"> " "was snooping on its users through the proprietary control app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The app was reporting the temperature of the vibrator minute by minute " "(thus, indirectly, whether it was surrounded by a person's body), as well as " "the vibration frequency." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note the totally inadequate proposed response: a labeling standard with " "which manufacturers would make statements about their products, rather than " "free software which users could have checked and changed." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company that made the vibrator <a " "href=\"https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit\"> " "was sued for collecting lots of personal information about how people used " "it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company's statement that it was anonymizing the data may be true, but it " "doesn't really matter. If it had sold the data to a data broker, the data " "broker would have been able to figure out who the user was." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following this lawsuit, <a " "href=\"https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits\"> " "the company has been ordered to pay a total of C$4m</a> to its customers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“CloudPets” toys with microphones <a " "href=\"https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults\"> " "leak childrens' conversations to the manufacturer</a>. Guess what? <a " "href=\"https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings\"> " "Crackers found a way to access the data</a> collected by the manufacturer's " "snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That the manufacturer and the FBI could listen to these conversations was " "unacceptable by itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"https://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” <a " "href=\"https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen\">TVs " "report everything that is viewed on them, and not just broadcasts and " "cable</a>. Even if the image is coming from the user's own computer, the TV " "reports what it is. The existence of a way to disable the surveillance, even " "if it were not hidden as it was in these TVs, does not legitimize the " "surveillance." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "VR equipment, measuring every slight motion, creates the potential for the " "most intimate surveillance ever. All it takes to make this potential real <a " "href=\"https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/\">is " "software as malicious as many other programs listed in this page</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "You can bet Facebook will implement the maximum possible surveillance on " "Oculus Rift devices. The moral is, never trust a VR system with nonfree " "software in it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developer of Ham Radio Deluxe <a " "href=\"https://www.techdirt.com/2016/12/22/software-company-shows-how-not-to-handle-negative-review/\">sabotaged " "a customer's installation as punishment for posting a negative review</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most proprietary software companies don't use their power so harshly, but it " "is an injustice that they all <em>have</em> such power." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP's firmware downgrade <a " "href=\"https://www.theguardian.com/technology/2016/sep/20/hp-inkjet-printers-unofficial-cartridges-software-update\">imposed " "DRM on some printers, which now refuse to function with third-party ink " "cartridges</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Revolv is a device that managed “smart home” operations: " "switching lights, operate motion sensors, regulating temperature, etc. Its " "proprietary software depends on a remote server to do these tasks. On May " "15th, 2016, Google/Alphabet <a " "href=\"https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be\">intentionally " "broke it by shutting down the server</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If it were free software, users would have the ability to make it work " "again, differently, and then have a freedom-respecting home instead of a " "“smart” home. Don't let proprietary software control your " "devices and turn them into $300 out-of-warranty bricks. Insist on " "self-contained computers that run free software!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"https://web.archive.org/web/20250117130741/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a href=\"https://michaelweinberg.org/post/137045828005/free-the-cube\"> " "“Cube” 3D printer was designed with DRM</a>: it won't accept " "third-party printing materials. It is the Keurig of printers. Now it is " "being discontinued, which means that eventually authorized materials won't " "be available and the printers may become unusable." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "With a <a " "href=\"https://www.fsf.org/resources/hw/endorsement/aleph-objects\"> printer " "that gets the Respects Your Freedom</a>, this problem would not even be a " "remote possibility." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "How pitiful that the author of that article says that there was " "“nothing wrong” with designing the device to restrict users in " "the first place. This is like putting a “cheat me and mistreat " "me” sign on your chest. We should know better: we should condemn all " "companies that take advantage of people like him. Indeed, it is the " "acceptance of their unjust practice that teaches people to be doormats." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Philips “smart” lightbulbs had initially been designed to " "interact with other companies' smart light bulbs, but <a " "href=\"https://www.techdirt.com/2015/12/14/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update/\"> " "later the company updated the firmware to disallow interoperability</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If a product is “smart”, and you didn't build it, it is cleverly " "serving its manufacturer <em>against you</em>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html\"> " "Some D-Link routers</a> have a back door for changing settings in a dlink of " "an eye." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://sekurak.pl/tp-link-httptftp-backdoor/\"> The TP-Link " "router has a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://gothub.projectsegfau.lt/elvanderb/TCP-32764/\">Many models " "of routers have back doors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Nest Cam “smart” camera is <a " "href=\"https://www.bbc.com/news/technology-34922712\">always watching</a>, " "even when the “owner” switches it “off.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” device means the manufacturer is using it to outsmart " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ARRIS cable modem has a <a " "href=\"https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1\"> " "back door in the back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some web and TV advertisements play inaudible sounds to be picked up by " "proprietary malware running on other devices in range so as to determine " "that they are nearby. Once your Internet devices are paired with your TV, " "advertisers can correlate ads with Web activity, and other <a " "href=\"https://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/\"> " "cross-device tracking</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio goes a step further than other TV manufacturers in spying on their " "users: their <a " "href=\"https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you\"> " "“smart” TVs analyze your viewing habits in detail and link them " "your IP address</a> so that advertisers can track you across devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to turn this off, but having it enabled by default is an " "injustice already." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tivo's alliance with Viacom adds 2.3 million households to the 600 millions " "social media profiles the company already monitors. Tivo customers are " "unaware they're being watched by advertisers. By combining TV viewing " "information with online social media participation, Tivo can now <a " "href=\"https://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102/\"> " "correlate TV advertisement with online purchases</a>, exposing all users to " "new combined surveillance by default." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” TVs recognize and <a " "href=\"https://www.engadget.com/2015-07-24-vizio-ipo-inscape-acr.html\">track " "what people are watching</a>, even if it isn't a TV channel." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Verizon cable TV <a " "href=\"https://arstechnica.com/information-technology/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/\"> " "snoops on what programs people watch, and even what they wanted to " "record</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio <a " "href=\"https://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html\"> " "used a firmware “upgrade” to make its TVs snoop on what users " "watch</a>. The TVs did not do that when first sold." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Barbie <a " "href=\"https://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673\">is " "going to spy on children and adults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Samsung “Smart” TV <a " "href=\"https://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm\"> " "transmits users' voice on the internet to another company, Nuance</a>. " "Nuance can save it and would then have to give it to the US or some other " "government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Speech recognition is not to be trusted unless it is done by free software " "in your own computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In its privacy policy, Samsung explicitly confirms that <a " "href=\"https://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs\">voice " "data containing sensitive information will be transmitted to third " "parties</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon “Smart” TV is <a " "href=\"https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance\"> " "snooping all the time</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More or less all “smart” TVs <a " "href=\"https://myce.wiki/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/\">spy " "on their users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "The report was as of 2014, but we don't expect this has got better." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This shows that laws requiring products to get users' formal consent before " "collecting personal data are totally inadequate. And what happens if a user " "declines consent? Probably the TV will say, “Without your consent to " "tracking, the TV will not work.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Proper laws would say that TVs are not allowed to report what the user " "watches—no exceptions!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nest thermometers send <a " "href=\"https://bgr.com/general/google-nest-jailbreak-hack/\">a lot of data " "about the user</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "LG <a " "href=\"https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/\"> " "disabled network features</a> on <em>previously purchased</em> " "“smart” TVs, unless the purchasers agreed to let LG begin to " "snoop on them and distribute their personal data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Spyware in LG “smart” TVs <a " "href=\"http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html\"> " "reports what the user watches, and the switch to turn this off has no " "effect</a>. (The fact that the transmission reports a 404 error really " "means nothing; the server could save that data anyway.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even worse, it <a " "href=\"https://rrrrambles.wordpress.com/2013/11/21/lg-tv-logging-filenames-from-network-folders/\"> " "snoops on other devices on the user's local network</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "LG later said it had installed a patch to stop this, but any product could " "spy this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Meanwhile, LG TVs <a " "href=\"https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/\"> " "do lots of spying anyway</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Lots of <a " "href=\"https://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Spyware in LG “smart” TVs <a " "href=\"https://doctorbeet.blogspot.com/2013/11/lg-smart-tvs-logging-usb-filenames-and.html\"> " "reports what the user watches, and the switch to turn this off has no " "effect</a>. (The fact that the transmission reports a 404 error really " "means nothing; the server could save that data anyway.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up\"> " "DVDs and Blu-ray disks have DRM</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That page uses spin terms that favor DRM, including <a " "href=\"/philosophy/words-to-avoid.html#DigitalRightsManagement\"> digital " "“rights” management</a> and <a " "href=\"/philosophy/words-to-avoid.html#Protection\">“protect”</a>, " "and it claims that “artists” (rather than companies) are " "primarily responsible for putting digital restrictions management into these " "disks. Nonetheless, it is a reference for the facts." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every Blu-ray disk (with few, rare exceptions) has DRM—so don't use " "Blu-ray disks!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"https://www.bbc.com/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP “storage appliances” that use the proprietary “Left " "Hand” operating system have back doors that give HP <a " "href=\"https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/\"> " "remote login access</a> to them. HP claims that this does not give HP " "access to the customer's data, but if the back door allows installation of " "software changes, a change could be installed that would give access to the " "customer's data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Cisco TNP IP phones are <a " "href=\"https://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html\"> " "spying devices</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung “Smart” TVs have <a " "href=\"https://wiki.samygo.tv/index.php?title=SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F\"> " "turned Linux into the base for a tyrant system</a> so as to impose DRM. " "What enables Samsung to do this is that Linux is released under GNU GPL " "version 2, <a href=\"/licenses/rms-why-gplv3.html\">not version 3</a>, " "together with a weak interpretation of GPL version 2." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some LG TVs <a " "href=\"https://web.archive.org/web/20190917164647/http://openlgtv.org.ru/wiki/index.php/Achievements\"> " "are tyrants</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2016-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""

# LANGUAGE translation of https://www.gnu.org/proprietary/malware-appliances.html # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the original article. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: malware-appliances.html\n" "POT-Creation-Date: 2025-05-04 12:27+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: msgid "Malware in Appliances - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "product /" msgstr "" #. type: Content of: <div><h2> msgid "Malware in Appliances" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Don't trust “connected” appliances" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Most of the devices listed here are “connected”—they try " "to talk over the internet with someone (typically a company) other than the " "nominal owner. Such an appliance is inherently untrustworthy: no matter " "what company it is, you should never trust it <em>that far</em>." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The appliances we are dealing with contain software, almost always nonfree " "software. It is reasonable to treat this software as <a " "href=\"/philosophy/free-hardware-designs.html#boundary\">equivalent to a " "bunch of circuits</a>, provided it is <em>never</em> changed (not even if " "the change is called an “upgrade”)." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In a connected appliance, it is hard to ensure that software won't be " "changed. Typically a connected appliance will have a universal back " "door—a feature that allows the company to remotely replace the " "software in it, over the internet. Some appliances might be exceptions, but " "we can never verify that a given appliance is an exception. Thus, we can " "never be sure that software in it won't be changed." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In practice, these “upgrades” can amount to sabotage. Let's " "assume, for instance, that your printer accepts third-party ink " "cartridges. You have no guarantee that, some day, the manufacturer will not " "install malicious code to reject them. With a connected device, you must " "expect this." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The manufacturer may try to justify these “upgrades” in the name " "of “security.” You can respond by asking: “Whose security? " "Security for me, or for the manufacturer against me?” If the " "manufacturer writes the software, in practice it implements security for " "itself against the customers." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "Even without changing the code in the device, the company can use the " "“connection” to do nasty things to you—for instance, snoop " "on you, your family and your guests, or make it stop running at all." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "The reliable way to prevent abuse of this sort is to block the appliance " "from communicating by internet with anything other than <em>your own " "computer</em>. (You can make your own computer more secure by running " "exclusively free software in it.)" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "In an ideal world, appliances would contain 100% free software, so our " "community could correct any problems the software might have. The free " "software would obey <em>us</em>, not companies. That software would not let " "anyone change it without entering passwords that the <em>owners</em> chose." msgstr "" #. type: Content of: <div><div><h3> msgid "Examples of malware in appliances" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Canon is <a " "href=\"https://arstechnica.com/gadgets/2025/01/canon-charges-50-per-year-to-use-a-900-camera-as-a-functional-webcam/\"> " "preventing customers from using one of its cameras as a webcam</a> unless " "they create an account on the company's server, and pay an additional " "subscription. This unjust practice could be eliminated if the camera " "firmware were free (as in freedom)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company making a “smart” bassinet called Snoo has <a " "href=\"https://www.theverge.com/2024/7/20/24202166/snoo-premium-subscription-happiest-baby\"> " "locked the most advanced functionalities of the Snoo behind a " "paywall</a>. This unexpected change mainly affects users who received the " "appliance as a gift, or bought it second-hand on the assumption that all " "these functionalities would be available to them, as they used to be. This " "is another example of the deceptive behavior of proprietary software " "developers who take advantage of their power over users to change rules at " "will." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Another malicious feature of the Snoo is the fact that users need to create " "an account with the company, which thus has access to personal data, " "location (SSID), appliance log, etc., as well as manual notes about baby " "history." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Surveillance cameras put in by government A to surveil for it may be " "surveilling for government B as well. That's because A put in a product <a " "href=\"https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html\"> " "made by B with nonfree software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Please note that this article misuses the word “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hack</a>” to mean " "“break security.”)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Australia, people assume that “smart” means " "“tethered.” When people's ISP goes down, <a " "href=\"https://www.theguardian.com/business/2023/nov/10/optus-went-down-and-the-smart-lights-came-on-and-then-marayke-was-stranded-in-bed\"> " "all the tethered devices become useless</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That's in addition to the nasty things tethered devices do when they are " "“functioning” normally—such as snoop on the commands sent " "to the device and the results they report." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Smart <em>users</em> know better than to accept tethered devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Chamberlain Group <a " "href=\"https://arstechnica.com/gadgets/2023/11/chamberlain-blocks-smart-garage-door-opener-from-working-with-smart-homes/\">blocks " "users from using third-party software</a> with its garage openers. This is " "an intentional attack on using free software. The official garage opener " "proprietary mobile app is now also <a " "href=\"https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain\">infested " "with ads, including up-selling its other services and devices.</a>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Philips Hue, the most ubiquitous home automation product in the US, is " "planning to soon <a " "href=\"https://boingboing.net/2023/09/27/philips-hue-to-make-you-create-an-account-and-log-in-to-adjust-your-lightbulbs.html\"> " "force users to log in to the app server</a> in order to be able to adjust a " "lightbulb, or use other functionalities, in what amounts to a massive " "user-tracking data grab." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google Nest snooper/surveillance cameras are always tethered to Google " "servers, record videos 24/7, and are <a " "href=\"https://arstechnica.com/gadgets/2023/09/google-nest-cameras-get-a-25-33-subscription-price-hike/\"> " "subscription-based, which is an injustice to people who use them</a>. The " "article discusses the rise in prices for “plans” you can buy " "from Google, which include storing videos in the " "“cloud”—another word for someone else's computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Bambu Lab 3D printers were reported to <a " "href=\"https://arstechnica.com/gadgets/2023/08/3d-printers-print-break-on-their-own-due-to-cloud-outage/\"> " "start printing without user's consent</a>, as a result of a malfunction of " "the servers to which they were tethered. This caused significant damage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2023/jul/04/smile-youre-on-camera-self-driving-cars-are-here-and-theyre-watching-you\"> " "Driverless cars in San Francisco collect videos constantly</a>, using " "cameras inside and outside, and governments have already collected those " "videos secretly." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "As the Surveillance Technology Oversight Project says, they are " "“driving us straight into authoritarianism.” We must <a " "href=\"/philosophy/surveillance-vs-democracy.html\">regulate <em>all</em> " "cameras that collect images that can be used to track people</a>, to make " "sure they are not used for that." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP delivers printers with a universal back door, and recently used it to <a " "href=\"https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge\"> " "sabotage them by remotely installing malware</a>. The malware makes the " "printer refuse to function with non-HP ink cartrides, and even with old HP " "cartridges which HP now declares to have “expired.” HP calls the " "back door “dynamic security,” and has the gall to claim that " "this “security” protects users from malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own an HP printer that can still use non-HP cartridges, we urge you " "to disconnect it from the internet. This will ensure that HP doesn't " "sabotage it by “updating” its software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note how the author of the Guardian article credulously repeats HP's " "assertion that the “dynamic security” feature protects users " "against malware, not recognizing that the article demonstrates it does the " "opposite.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Controlling Honeywell internet thermostats with the dedicated app has proven " "unreliable, due to <a " "href=\"https://piunikaweb.com/2022/03/15/honeywell-total-connect-comfort-app-website-not-working-issue/\"> " "recurrent connection issues with the server these thermostats are tethered " "to</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a hreflang=\"ja\" href=\"https://ja.wikipedia.org/wiki/B-CAS\">B-CAS</a> <a " "href=\"#m1\">[1]</a> is the digital restrictions management (DRM) system " "used by Japanese TV broadcasters, including NHK (public-service TV). It is " "sold by the B-CAS company, which has a de-facto monopoly on it. Initially " "intended for pay-TV, its use was extended to digital free-to-air " "broadcasting as a means to enforce restrictions on copyrighted works. The " "system encrypts works that permit free redistribution just like other works, " "thus denying users their nominal rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "On the client side, B-CAS is typically implemented by a card that plugs into " "a compatible receiver, or alternatively by a tuner card that plugs into a " "computer. Beside implementing drastic copying and viewing restrictions, this " "system gives broadcasters full power over users, through back doors among " "other means. For example:" msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "It can force messages to the user's TV screen, and the user can't turn them " "off." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "It can collect viewing information and send it to other companies to take " "surveys. Until 2011, user registration was required, so the viewing habits " "of each customer were recorded. We don't know whether this personal " "information was deleted from the company's servers after 2011." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "Each card has an ID, which enables broadcasters to force customer-specific " "updates via the back door normally used to update the decryption key. Thus " "pay-TV broadcasters can disable decryption of the broadcast wave if " "subscription fees are not paid on time. This feature could also be used by " "any broadcaster (possibly instructed by the government) to stop certain " "persons from watching TV." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "As the export of B-CAS cards is illegal, people outside Japan can't " "(officially) decrypt the satellite broadcast signal that may spill over to " "their location. They are thus deprived of a valuable source of information " "about what happens in Japan." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "These unacceptable restrictions led to a sort of cat-and-mouse game, with " "some users doing their best to bypass the system, and broadcasters trying to " "stop them without much success: cryptographic keys were retrieved through " "the back door of the B-CAS card, illegal cards were made and sold on the " "black market, as well as a tuner for PC that disables the copy control " "signal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While B-CAS cards are still in use with older equipment, modern high " "definition TVs have an even nastier version of this DRM (called ACAS) in a " "special chip that is built into the receiver. The chip can update its own " "software from the company's servers, even when the receiver is turned off " "(but still plugged into an outlet). This feature could be abused to disable " "stored TV programs that the power in place doesn't agree with, thus " "interfering with free speech." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Being part of the receiver, the ACAS chip is supposed to be " "tamper-resistant. Time will tell…" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>[1] We thank the free software supporter who translated this article " "from Japanese, and shared his experience of B-CAS with us. (Unfortunately, " "the article presents DRM as a good thing.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Epson printers are programmed to <a " "href=\"https://hardware.slashdot.org/story/22/08/07/0350244/epson-programs-some-printers-to-stop-operating-claiming-danger-of-ink-spills\"> " "stop working after they have printed a predetermined number of pages</a>, on " "the pretext that ink pads become saturated with ink. This constitutes an " "unacceptable infringement on users' freedom to use their printers as they " "wish, and on their <a " "href=\"https://fighttorepair.substack.com/p/citing-danger-of-ink-spills-epson\"> " "right to repair them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Today's “smart” TVs <a " "href=\"https://www.techdirt.com/2022/04/14/its-still-stupidly-ridiculously-difficult-to-buy-a-dumb-tv/\"> " "push people to surrender to tracking via internet</a>. Some won't work " "unless they have a chance to download nonfree software. And they are " "designed for programmed obsolescence." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hewlett-Packard is <a " "href=\"https://www.theguardian.com/money/2022/feb/19/how-cheap-ink-cartridges-can-cost-you-dear\"> " "implementing DRM in its printers</a> so they refuse to print with ink " "cartridges from another supplier." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.eff.org/deeplinks/2022/02/worst-timeline-printer-company-putting-drm-paper-now\"> " "Dymo is now embedding DRM in the paper rolls for its label printers</a> to " "make those printers reject equivalent paper rolls made by other " "companies. This is implemented by an RFID tag, which keeps track of how many " "labels remain on the roll, and blocks further printing when the roll is " "empty—an efficient way to prevent reusing the same RFID with a " "third-party roll." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Smart” TV manufacturers <a " "href=\"https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data\"> " "spy on people using various methods</a>, and harvest their data. They are " "collecting audio, video, and TV usage data to profile people." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "NordicTrack, a company that sells exercise machines with ability to show " "videos <a " "href=\"https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/\">limits " "what people can watch, and recently disabled a feature</a> that was " "originally functional. This happened through automatic update and probably " "involved a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Recent Samsung TVs have a back door with which Samsung can <a " "href=\"https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide\"> " "brick them remotely</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most Internet connected devices in Mozilla's <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/\">“Privacy " "Not Included”</a> list <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/arlo-video-doorbell/\">are " "designed to snoop on users</a> even if they meet Mozilla's “Minimum " "Security Standards.” Insecure design of the program running on some of " "these devices <a " "href=\"https://www.mozillafoundation.org/privacynotincluded/vibratissimo-panty-buster/\">makes " "the user susceptible to be snooped on and exploited by crackers as well</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Wavelink and JetStream wifi routers have universal back doors that " "enable unauthenticated users to remotely control not only the routers, but " "also any devices connected to the network. There is evidence that <a " "href=\"https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/\"> " "this vulnerability is actively exploited</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you consider buying a router, we encourage you to get one that <a " "href=\"https://ryf.fsf.org/categories/routers\">runs on free " "software</a>. Any attempts at introducing malicious functionalities in it " "(e.g., through a firmware update) will be detected by the community, and " "soon corrected." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If unfortunately you own a router that runs on proprietary software, don't " "panic! You may be able to replace its firmware with a free operating system " "such as <a href=\"https://librecmc.org\">libreCMC</a>. If you don't know " "how, you can get help from a nearby GNU/Linux user group." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Focals eyeglass display, with snooping microphone, has been eliminated. " "Google eliminated it by buying the manufacturer and shutting it down. It " "also <a " "href=\"https://www.ctvnews.ca/sci-tech/article/canadian-smart-glasses-going-offline-weeks-after-company-bought-by-google/\">shut " "down the server these devices depend on</a>, which caused the ones already " "sold to cease to function." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It may be a good thing to wipe out this product—for " "“smart,” read “snoop”—but Google didn't do " "that for the sake of privacy. Rather, it was eliminating competition for " "its own snooping product." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Mellow sous-vide cooker is tethered to a server. The company suddenly <a " "href=\"https://www.slashgear.com/mellow-sous-vide-owners-get-unwelcome-subscription-surprise-28630842/\"> " "turned this tethering into a subscription</a>, forbidding users from taking " "advantage of the “advanced features” of the cooker unless they " "pay a monthly fee." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "TV manufacturers are able to <a " "href=\"https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/\">snoop " "every second of what the user is watching</a>. This is illegal due to the " "Video Privacy Protection Act of 1988, but they're circumventing it through " "EULAs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.wired.com/story/ripple20-iot-vulnerabilities/\"> A " "disasterous security bug</a> touches millions of products in the Internet of " "Stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "As a result, anyone can sting the user, not only the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Wink sells a “smart” home hub that is tethered to a server. In " "May 2020, it ordered the purchasers to start <a " "href=\"https://www.techhive.com/article/578539/wink-users-revolt-following-its-sudden-shift-to-a-subscription-model.html\"> " "paying a monthly fee for the use of that server</a>. Because of the " "tethering, the hub is useless without that." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Ring app does <a " "href=\"https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report\"> " "surveillance for other companies as well as for Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "As tech companies add microphones to a wide range of products, including " "refrigerators and motor vehicles, they also set up transcription farms where " "human employees <a " "href=\"https://getpocket.com/explore/item/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in\"> " "listen to what people say</a> and tweak the recognition algorithms." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Internet-tethered Amazon Ring had a security vulnerability that enabled " "attackers to <a " "href=\"https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password\"> " "access the user's wifi password</a>, and snoop on the household through " "connected surveillance devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Knowledge of the wifi password would not be sufficient to carry out any " "significant surveillance if the devices implemented proper security, " "including encryption. But many devices with proprietary software lack " "this. Of course, they are also used by their manufacturers for snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Best Buy made controllable appliances and <a " "href=\"https://www.theverge.com/2019/9/6/20853671/best-buy-connect-insignia-smart-plug-wifi-freezer-mobile-app-shutdown-november-6\"> " "shut down the service to control them through</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Best Buy acknowledged that it was mistreating its customers by doing so, and " "offered reimbursement of the affected appliances. The fact remains, however, " "that tethering a device to a server is a way of restricting and harassing " "users. The nonfree software in the device is what stops users from cutting " "the tether." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Jibo robot toys were tethered to the manufacturer's server, and <a " "href=\"https://apnews.com/article/san-francisco-north-america-technology-business-ap-top-news-99c9ec8ebad242ca88178e22c7642648\"> " "the company made them all cease to work</a> by shutting down that server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The shutdown might ironically be good for their users, since the product was " "designed to manipulate people by presenting a phony semblance of emotions, " "and was most certainly spying on them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The British supermarket Tesco sold tablets which were tethered to Tesco's " "server for reinstalling default settings. Tesco <a " "href=\"https://www.theguardian.com/money/2019/mar/25/tesco-hudl-tablet-support-kill-fix\"> " "turned off the server for old models</a>, so now if you try to reinstall the " "default settings, it bricks them instead." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Ring doorbell camera is designed so that the manufacturer (now Amazon) " "can watch all the time. Now it turns out that <a " "href=\"https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> " "anyone else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The HP <a href=\"https://boingboing.net/2019/02/08/inkjet-dystopias.html\"> " "“ink subscription” cartridges have DRM that constantly " "communicates with HP servers</a> to make sure the user is still paying for " "the subscription, and hasn't printed more pages than were paid for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even though the ink subscription program may be cheaper in some specific " "cases, it spies on users, and involves totally unacceptable restrictions in " "the use of ink cartridges that would otherwise be in working order." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon Ring “security” devices <a " "href=\"https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html\"> " "send the video they capture to Amazon servers</a>, which save it long-term." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In many cases, the video shows everyone that comes near, or merely passes " "by, the user's front door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article focuses on how Ring used to let individual employees look at the " "videos freely. It appears Amazon has tried to prevent that secondary abuse, " "but the primary abuse—that Amazon gets the video—Amazon expects " "society to surrender to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio TVs <a " "href=\"https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019\"> " "collect “whatever the TV sees,”</a> in the own words of the " "company's CTO, and this data is sold to third parties. This is in return for " "“better service” (meaning more intrusive ads?) and slightly " "lower retail prices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What is supposed to make this spying acceptable, according to him, is that " "it is opt-in in newer models. But since the Vizio software is nonfree, we " "don't know what is actually happening behind the scenes, and there is no " "guarantee that all future updates will leave the settings unchanged." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you already own a Vizio “smart” TV (or any " "“smart” TV, for that matter), the easiest way to make sure it " "isn't spying on you is to disconnect it from the Internet, and use a " "terrestrial antenna instead. Unfortunately, this is not always " "possible. Another option, if you are technically oriented, is to get your " "own router (which can be an old computer running completely free software), " "and set up a firewall to block connections to Vizio's servers. Or, as a last " "resort, you can replace your TV with another model." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nearly all “home security cameras” <a " "href=\"https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds-a8814384448/\"> " "give the manufacturer an unencrypted copy of everything they " "see</a>. “Home insecurity camera” would be a better name!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Consumer Reports tested them, it suggested that these manufacturers " "promise not to look at what's in the videos. That's not security for your " "home. Security means making sure they don't get to see through your camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Printer manufacturers are very innovative—at blocking the use of " "independent replacement ink cartridges. Their “security " "upgrades” occasionally impose new forms of cartridge DRM. <a " "href=\"https://www.vice.com/en/article/pa98ab/printer-makers-are-crippling-cheap-ink-cartridges-via-bogus-security-updates\"> " "HP and Epson have done this</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Honeywell's “smart” thermostats communicate only through the " "company's server. They have all the nasty characteristics of such devices: " "<a " "href=\"https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9\"> " "surveillance, and danger of sabotage</a> (of a specific user, or of all " "users at once), as well as the risk of an outage (which is what just " "happened)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition, setting the desired temperature requires running nonfree " "software. With an old-fashioned thermostat, you can do it using controls " "right on the thermostat." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Jawbone fitness tracker was tethered to a proprietary phone app. In " "2017, the company shut down and made the app stop working. <a " "href=\"https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which\">All " "the existing trackers stopped working forever</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article focuses on a further nasty fillip, that sales of the broken " "devices continued. But we think that is a secondary issue; it made the nasty " "consequences extend to some additional people. The fundamental wrong was to " "design the devices to depend on something else that didn't respect users' " "freedom." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A medical insurance company <a " "href=\"https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next/\"> " "offers a gratis electronic toothbrush that snoops on its user by sending " "usage data back over the Internet</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some “Smart” TVs automatically <a " "href=\"https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928\"> " "load downgrades that install a surveillance app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We link to the article for the facts it presents. It is too bad that the " "article finishes by advocating the moral weakness of surrendering to " "Netflix. The Netflix app <a " "href=\"/proprietary/malware-google.html#netflix-app-geolocation-drm\">is " "malware too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple devices lock users in <a " "href=\"https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347\"> " "solely to Apple services</a> by being designed to be incompatible with all " "other options, ethical or unethical." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A remote-control sex toy was found to make <a " "href=\"https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance\">audio " "recordings of the conversation between two users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Logitech will sabotage all Harmony Link household control devices by <a " "href=\"https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/\"> " "turning off the server through which the products' supposed owners " "communicate with them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The owners suspect this is to pressure them to buy a newer model. If they " "are wise, they will learn, rather, to distrust any product that requires " "users to talk with them through some specialized service." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sony has brought back its robotic pet Aibo, this time <a " "href=\"https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet\"> " "with a universal back door, and tethered to a server that requires a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Canary home surveillance camera has been sabotaged by its manufacturer, " "<a " "href=\"https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change\"> " "turning off many features unless the user starts paying for a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "With manufacturers like these, who needs security breakers?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The purchasers should learn the larger lesson and reject connected " "appliances with embedded proprietary software. Every such product is a " "temptation to commit sabotage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every “home security” camera, if its manufacturer can " "communicate with it, is a surveillance device. <a " "href=\"https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change\"> " "Canary camera is an example</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article describes wrongdoing by the manufacturer, based on the fact that " "the device is tethered to a server." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/proprietary-tethers.html\">More about proprietary " "tethering</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "But it also demonstrates that the device gives the company surveillance " "capability." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sonos <a " "href=\"https://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/\"> " "told all its customers, “Agree” to snooping or the product will " "stop working</a>. <a " "href=\"https://www.consumerreports.org/consumerist/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/\"> " "Another article</a> says they won't forcibly change the software, but people " "won't be able to get any upgrades and eventually it will stop working." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While you're using a DJI drone to snoop on other people, DJI is in many " "cases <a " "href=\"https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity\">snooping " "on you</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras are tremendously insecure. They " "have login accounts with hard-coded passwords, which can't be changed, and " "<a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">there " "is no way to delete these accounts either</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"https://www.bbc.com/news/technology-40042584\"> full of " "gross security faults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Bird and rabbit pets were implemented for Second Life by a company that " "tethered their food to a server. <a " "href=\"https://www.rockpapershotgun.com/second-life-ozimals-pet-rabbits-dying\"> " "It shut down the server and the pets more or less died</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users are suing Bose for <a " "href=\"https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/\"> " "distributing a spyware app for its headphones</a>. Specifically, the app " "would record the names of the audio files users listen to along with the " "headphone's unique serial number." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The suit accuses that this was done without the users' consent. If the fine " "print of the app said that users gave consent for this, would that make it " "acceptable? No way! It should be flat out <a " "href=\"/philosophy/surveillance-vs-democracy.html\"> illegal to design the " "app to snoop at all</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anova sabotaged users' cooking devices with a downgrade that tethered them " "to a remote server. <a " "href=\"https://web.archive.org/web/20170415145520/https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/\">Unless " "users create an account on Anova's servers, their cookers won't " "function</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A computerized vibrator <a " "href=\"https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack\"> " "was snooping on its users through the proprietary control app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The app was reporting the temperature of the vibrator minute by minute " "(thus, indirectly, whether it was surrounded by a person's body), as well as " "the vibration frequency." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note the totally inadequate proposed response: a labeling standard with " "which manufacturers would make statements about their products, rather than " "free software which users could have checked and changed." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company that made the vibrator <a " "href=\"https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit\"> " "was sued for collecting lots of personal information about how people used " "it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The company's statement that it was anonymizing the data may be true, but it " "doesn't really matter. If it had sold the data to a data broker, the data " "broker would have been able to figure out who the user was." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Following this lawsuit, <a " "href=\"https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits\"> " "the company has been ordered to pay a total of C$4m</a> to its customers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“CloudPets” toys with microphones <a " "href=\"https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults\"> " "leak childrens' conversations to the manufacturer</a>. Guess what? <a " "href=\"https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings\"> " "Crackers found a way to access the data</a> collected by the manufacturer's " "snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That the manufacturer and the FBI could listen to these conversations was " "unacceptable by itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"https://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” <a " "href=\"https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen\">TVs " "report everything that is viewed on them, and not just broadcasts and " "cable</a>. Even if the image is coming from the user's own computer, the TV " "reports what it is. The existence of a way to disable the surveillance, even " "if it were not hidden as it was in these TVs, does not legitimize the " "surveillance." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "VR equipment, measuring every slight motion, creates the potential for the " "most intimate surveillance ever. All it takes to make this potential real <a " "href=\"https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/\">is " "software as malicious as many other programs listed in this page</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "You can bet Facebook will implement the maximum possible surveillance on " "Oculus Rift devices. The moral is, never trust a VR system with nonfree " "software in it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developer of Ham Radio Deluxe <a " "href=\"https://www.techdirt.com/2016/12/22/software-company-shows-how-not-to-handle-negative-review/\">sabotaged " "a customer's installation as punishment for posting a negative review</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Most proprietary software companies don't use their power so harshly, but it " "is an injustice that they all <em>have</em> such power." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP's firmware downgrade <a " "href=\"https://www.theguardian.com/technology/2016/sep/20/hp-inkjet-printers-unofficial-cartridges-software-update\">imposed " "DRM on some printers, which now refuse to function with third-party ink " "cartridges</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Revolv is a device that managed “smart home” operations: " "switching lights, operate motion sensors, regulating temperature, etc. Its " "proprietary software depends on a remote server to do these tasks. On May " "15th, 2016, Google/Alphabet <a " "href=\"https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be\">intentionally " "broke it by shutting down the server</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If it were free software, users would have the ability to make it work " "again, differently, and then have a freedom-respecting home instead of a " "“smart” home. Don't let proprietary software control your " "devices and turn them into $300 out-of-warranty bricks. Insist on " "self-contained computers that run free software!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"https://web.archive.org/web/20250117130741/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a href=\"https://michaelweinberg.org/post/137045828005/free-the-cube\"> " "“Cube” 3D printer was designed with DRM</a>: it won't accept " "third-party printing materials. It is the Keurig of printers. Now it is " "being discontinued, which means that eventually authorized materials won't " "be available and the printers may become unusable." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "With a <a " "href=\"https://www.fsf.org/resources/hw/endorsement/aleph-objects\"> printer " "that gets the Respects Your Freedom</a>, this problem would not even be a " "remote possibility." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "How pitiful that the author of that article says that there was " "“nothing wrong” with designing the device to restrict users in " "the first place. This is like putting a “cheat me and mistreat " "me” sign on your chest. We should know better: we should condemn all " "companies that take advantage of people like him. Indeed, it is the " "acceptance of their unjust practice that teaches people to be doormats." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Philips “smart” lightbulbs had initially been designed to " "interact with other companies' smart light bulbs, but <a " "href=\"https://www.techdirt.com/2015/12/14/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update/\"> " "later the company updated the firmware to disallow interoperability</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If a product is “smart”, and you didn't build it, it is cleverly " "serving its manufacturer <em>against you</em>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html\"> " "Some D-Link routers</a> have a back door for changing settings in a dlink of " "an eye." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://sekurak.pl/tp-link-httptftp-backdoor/\"> The TP-Link " "router has a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://gothub.projectsegfau.lt/elvanderb/TCP-32764/\">Many models " "of routers have back doors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Nest Cam “smart” camera is <a " "href=\"https://www.bbc.com/news/technology-34922712\">always watching</a>, " "even when the “owner” switches it “off.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” device means the manufacturer is using it to outsmart " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ARRIS cable modem has a <a " "href=\"https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1\"> " "back door in the back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some web and TV advertisements play inaudible sounds to be picked up by " "proprietary malware running on other devices in range so as to determine " "that they are nearby. Once your Internet devices are paired with your TV, " "advertisers can correlate ads with Web activity, and other <a " "href=\"https://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/\"> " "cross-device tracking</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio goes a step further than other TV manufacturers in spying on their " "users: their <a " "href=\"https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you\"> " "“smart” TVs analyze your viewing habits in detail and link them " "your IP address</a> so that advertisers can track you across devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to turn this off, but having it enabled by default is an " "injustice already." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tivo's alliance with Viacom adds 2.3 million households to the 600 millions " "social media profiles the company already monitors. Tivo customers are " "unaware they're being watched by advertisers. By combining TV viewing " "information with online social media participation, Tivo can now <a " "href=\"https://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102/\"> " "correlate TV advertisement with online purchases</a>, exposing all users to " "new combined surveillance by default." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” TVs recognize and <a " "href=\"https://www.engadget.com/2015-07-24-vizio-ipo-inscape-acr.html\">track " "what people are watching</a>, even if it isn't a TV channel." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Verizon cable TV <a " "href=\"https://arstechnica.com/information-technology/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/\"> " "snoops on what programs people watch, and even what they wanted to " "record</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio <a " "href=\"https://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html\"> " "used a firmware “upgrade” to make its TVs snoop on what users " "watch</a>. The TVs did not do that when first sold." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Barbie <a " "href=\"https://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673\">is " "going to spy on children and adults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Samsung “Smart” TV <a " "href=\"https://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm\"> " "transmits users' voice on the internet to another company, Nuance</a>. " "Nuance can save it and would then have to give it to the US or some other " "government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Speech recognition is not to be trusted unless it is done by free software " "in your own computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In its privacy policy, Samsung explicitly confirms that <a " "href=\"https://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs\">voice " "data containing sensitive information will be transmitted to third " "parties</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon “Smart” TV is <a " "href=\"https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance\"> " "snooping all the time</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "More or less all “smart” TVs <a " "href=\"https://myce.wiki/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/\">spy " "on their users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "The report was as of 2014, but we don't expect this has got better." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This shows that laws requiring products to get users' formal consent before " "collecting personal data are totally inadequate. And what happens if a user " "declines consent? Probably the TV will say, “Without your consent to " "tracking, the TV will not work.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Proper laws would say that TVs are not allowed to report what the user " "watches—no exceptions!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nest thermometers send <a " "href=\"https://bgr.com/general/google-nest-jailbreak-hack/\">a lot of data " "about the user</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "LG <a " "href=\"https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/\"> " "disabled network features</a> on <em>previously purchased</em> " "“smart” TVs, unless the purchasers agreed to let LG begin to " "snoop on them and distribute their personal data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Spyware in LG “smart” TVs <a " "href=\"http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html\"> " "reports what the user watches, and the switch to turn this off has no " "effect</a>. (The fact that the transmission reports a 404 error really " "means nothing; the server could save that data anyway.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even worse, it <a " "href=\"https://rrrrambles.wordpress.com/2013/11/21/lg-tv-logging-filenames-from-network-folders/\"> " "snoops on other devices on the user's local network</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "LG later said it had installed a patch to stop this, but any product could " "spy this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Meanwhile, LG TVs <a " "href=\"https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/\"> " "do lots of spying anyway</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Lots of <a " "href=\"https://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Spyware in LG “smart” TVs <a " "href=\"https://doctorbeet.blogspot.com/2013/11/lg-smart-tvs-logging-usb-filenames-and.html\"> " "reports what the user watches, and the switch to turn this off has no " "effect</a>. (The fact that the transmission reports a 404 error really " "means nothing; the server could save that data anyway.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up\"> " "DVDs and Blu-ray disks have DRM</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That page uses spin terms that favor DRM, including <a " "href=\"/philosophy/words-to-avoid.html#DigitalRightsManagement\"> digital " "“rights” management</a> and <a " "href=\"/philosophy/words-to-avoid.html#Protection\">“protect”</a>, " "and it claims that “artists” (rather than companies) are " "primarily responsible for putting digital restrictions management into these " "disks. Nonetheless, it is a reference for the facts." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every Blu-ray disk (with few, rare exceptions) has DRM—so don't use " "Blu-ray disks!" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"https://www.bbc.com/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP “storage appliances” that use the proprietary “Left " "Hand” operating system have back doors that give HP <a " "href=\"https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/\"> " "remote login access</a> to them. HP claims that this does not give HP " "access to the customer's data, but if the back door allows installation of " "software changes, a change could be installed that would give access to the " "customer's data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Cisco TNP IP phones are <a " "href=\"https://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html\"> " "spying devices</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung “Smart” TVs have <a " "href=\"https://wiki.samygo.tv/index.php?title=SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F\"> " "turned Linux into the base for a tyrant system</a> so as to impose DRM. " "What enables Samsung to do this is that Linux is released under GNU GPL " "version 2, <a href=\"/licenses/rms-why-gplv3.html\">not version 3</a>, " "together with a weak interpretation of GPL version 2." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some LG TVs <a " "href=\"https://web.archive.org/web/20190917164647/http://openlgtv.org.ru/wiki/index.php/Achievements\"> " "are tyrants</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2016-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""