msgid "Proprietary Back Doors - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "type /" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Back Doors" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "Some malicious functionalities are mediated by <a " "href=\"/proprietary/proprietary.html#f1\">back doors</a>. Here are examples " "of programs that contain one or several of those, classified according to " "what the back door is known to have the power to do. Back doors that allow " "full control over the programs which contain them are said to be " "“universal.”" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Back-door functionalities" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#spy\">Spying</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#alter-data\">Altering user's data or settings</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#install-delete\">Installing, deleting or disabling programs</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#universal\">Full control</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#other\">Other/undefined</a>" msgstr "" #. type: Content of: <div><div><h3> msgid "Spying" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google Nest <a " "href=\"https://blog.google/products/google-nest/partnership-adt-smarter-home-security/\"> " "is taking over ADT</a>. Google sent out a software update to its speaker " "devices using their back door <a " "href=\"https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt\"> " "that listens for things like smoke alarms</a> and then notifies your phone " "that an alarm is happening. This means the devices now listen for more than " "just their wake words. Google says the software update was sent out " "prematurely and on accident and Google was planning on disclosing this new " "feature and offering it to customers who pay for it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras contain a glaring back " "door—they have login accounts with hard-coded passwords, which can't " "be changed, and <a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\"> " "there is no way to delete these accounts either</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Since these accounts with hard-coded passwords are impossible to delete, " "this problem is not merely an insecurity; it amounts to a back door that can " "be used by the manufacturer (and government) to spy on users." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft has <a " "href=\"https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/\"> " "backdoored its disk encryption</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple can, and regularly does, <a " "href=\"https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/\"> " "remotely extract some data from iPhones for the state</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This may have improved with <a " "href=\"https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/\"> " "iOS 8 security improvements</a>; but <a " "href=\"https://theintercept.com/2014/09/22/apple-data/\"> not as much as " "Apple claims</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Altering user's data or settings" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW is now luring British customers into <a " "href=\"https://edition.cnn.com/2022/07/14/business/bmw-subscription/index.html\"> " "paying for the built-in heated-seat feature of their new cars on a " "subscription basis</a>. People also have the option to buy the feature when " "they are paying for the car, but those who bought a used car have to pay BMW " "extra money to remotely enable the heated seats. This is probably done by " "BMW accessing a back door in the car software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Xiaomi phones <a " "href=\"https://www.theguardian.com/world/2021/sep/22/lithuania-tells-citizens-to-throw-out-chinese-phones-over-censorship-concerns\">have " "a malfeature to bleep out phrases that express political views the Chinese " "government does not like</a>. In phones sold in Europe, Xiaomi leaves this " "deactivated by default, but has a back door to activate the censorship." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is the natural result of having nonfree software in a device that can " "communicate with the company that made it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BlizzCon 2019 imposed a <a " "href=\"https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/\"> " "requirement to run a proprietary phone app</a> to be allowed into the event." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This app is a spyware that can snoop on a lot of sensitive data, including " "user's location and contact list, and has <a " "href=\"https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/\"> " "near-complete control</a> over the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android has a <a " "href=\"https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change\"> " "back door for remotely changing “user” settings</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article suggests it might be a universal back door, but this isn't " "clear." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Dropbox app for Macintosh <a " "href=\"https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/\"> " "takes control of user interface items after luring the user into entering an " "admin password</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pregnancy test controller application not only can <a " "href=\"https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security\"> " "spy on many sorts of data in the phone, and in server accounts, it can alter " "them too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html\"> " "Some D-Link routers</a> have a back door for changing settings in a dlink of " "an eye." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://sekurak.pl/tp-link-httptftp-backdoor/\"> The TP-Link " "router has a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://gothub.projectsegfau.lt/elvanderb/TCP-32764/\">Many models " "of routers have back doors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google has long had <a " "href=\"https://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted\">a " "back door to remotely unlock an Android device</a>, unless its disk is " "encrypted (possible since Android 5.0 Lollipop, but still not quite the " "default)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Caterpillar vehicles come with <a " "href=\"https://web.archive.org/web/20201108113943/https://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it\"> " "a back door to shutoff the engine</a> remotely." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Modern gratis game cr…apps <a " "href=\"https://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/\"> " "collect a wide range of data about their users and their users' friends and " "associates</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even nastier, they do it through ad networks that merge the data collected " "by various cr…apps and sites made by different companies." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "They use this data to manipulate people to buy things, and hunt for " "“whales” who can be led to spend a lot of money. They also use a " "back door to manipulate the game play for specific players." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While the article describes gratis games, games that cost money can use the " "same tactics." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor\"> " "Samsung Galaxy devices running proprietary Android versions come with a back " "door</a> that provides remote access to the files stored on the device." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Kindle-Swindle has a back door that has been used to <a " "href=\"https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/\"> " "remotely erase books</a>. One of the books erased was <cite>1984</cite>, by " "George Orwell." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon responded to criticism by saying it would delete books only following " "orders from the state. However, that policy didn't last. In 2012 it <a " "href=\"https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html\"> " "wiped a user's Kindle-Swindle and deleted her account</a>, then offered her " "kafkaesque “explanations.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Do other ebook readers have back doors in their nonfree software? We don't " "know, and we have no way to find out. There is no reason to assume that " "they don't." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iPhone has a back door for <a " "href=\"https://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone\"> " "remote wipe</a>. It's not always enabled, but users are led into enabling " "it without understanding." msgstr "" #. type: Content of: <div><div><h3> msgid "Installing, deleting or disabling programs" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/uhd-bluray-denies-your-freedom.html\">UHD Blu-ray " "disks are loaded with malware of the worst kinds</a>, including the AACS " "DRM. Playing them on a PC requires the Intel Management Engine, which has " "back doors and cannot be disabled. Every Blu-ray drive also has a back door " "in its firmware, which allows the AACS-enforcing organization to " "“revoke” the ability to play any AACS-restricted disk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft is <a " "href=\"https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser\"> " "remotely disabling Internet Explorer, forcibly redirecting users to " "Microsoft Edge</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Imposing such change is malicious, and the fact that the redirection is from " "one unjust program (IE) to another unjust program (Edge) does not excuse " "it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft <a " "href=\"https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/\"> " "released an “update” that installs a surveillance program</a> on " "users' computers to gather data on some installed programs for Microsoft's " "benefit. The update is rolling out automatically, and the program runs " "“one time silently.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi provides a tool to <a " "href=\"https://www.guidetoroot.com/unlock-bootloader-on-any-xiaomi-phones/\"> " "unlock the bootloader of Xiaomi smartphones and tablets</a>, but this " "requires creating an account on the company's servers, i.e. providing your " "phone number. This is the price you have to pay for “legally” " "running a free software operating system on Xiaomi devices. But the " "manufacturer retains control of the unlocked device through a backdoor in " "the bootloader—the same backdoor that was remotely used to unlock it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tesla <a " "href=\"https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html\"> " "sells an add-on software feature that drivers are not allowed to use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This practice depends on a back door, which is unjust in itself. Asking " "users to buy something years in advance to avoid having to pay an even " "higher price later is manipulative." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe <a " "href=\"https://web.archive.org/web/20211014123717/https://pluralistic.net/2021/10/13/theres-an-app-for-that/#gnash\">has " "licensed its Flash Player to China's Zhong Cheng Network</a> who is offering " "the program bundled with spyware and a back door that can remotely " "deactivate it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe is responsible for this since they gave Zhong Cheng Network permission " "to do this. This injustice involves “misuse” of the DMCA, but " "“proper,” intended use of the DMCA is a much bigger injustice. " "There is <a href=\"/philosophy/right-to-read.html\">a series of errors " "related to DMCA</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Recent Samsung TVs have a back door with which Samsung can <a " "href=\"https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide\"> " "brick them remotely</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/\">Google " "automatically installed an app on many proprietary Android phones</a>. The " "app might or might not do malicious things but the power Google has over " "proprietary Android phones is dangerous." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe Flash Player <a " "href=\"https://www.adobe.com/products/flashplayer/end-of-life.html\"> has a " "universal back door</a> which lets Adobe control the software and, for " "example, disable it whenever it wants. Adobe will block Flash content from " "running in Flash Player beginning January 12, 2021, which indicates that " "they have access to every Flash Player through a back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The back door won't be dangerous in the future, as it'll disable a " "proprietary program and make users delete the software, but it was an " "injustice for many years. Users should have deleted Flash Player even before " "its end of life." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW is trying to <a " "href=\"https://www.theverge.com/2020/7/2/21311332/bmw-in-car-purchase-heated-seats-software-over-the-air-updates\">lock " "certain features of its cars, and force people to pay to use part of the car " "they already bought</a>. This is done through forced update of the car " "software via a radio-operated back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A very popular app found in the Google Play store contained a module that " "was designed to <a " "href=\"https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/\">secretly " "install malware on the user's computer</a>. The app developers regularly " "used it to make the computer download and execute any code they wanted." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is a concrete example of what users are exposed to when they run " "nonfree apps. They can never be completely sure that a nonfree app is safe." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple appears to say that <a " "href=\"https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/\"> " "there is a back door in MacOS</a> for automatically updating some (all?) " "apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The specific change described in the article was not malicious—it " "protected users from surveillance by third parties—but that is a " "separate question." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Corel Paintshop Pro has a <a " "href=\"https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/\"> " "back door that can make it cease to function</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article is full of confusions, errors and biases that we have an " "obligation to expose, given that we are making a link to them." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "Getting a patent does not “enable” a company to do any " "particular thing in its products. What it does enable the company to do is " "sue other companies if they do some particular thing in their products." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "A company's policies about when to attack users through a back door are " "beside the point. Inserting the back door is wrong in the first place, and " "using the back door is always wrong too. No software developer should have " "that power over users." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "“<a href=\"/philosophy/words-to-avoid.html#Piracy\">Piracy</a>” " "means attacking ships. Using that word to refer to sharing copies is a " "smear; please don't smear sharing." msgstr "" #. type: Content of: <div><div><ul><li><ul><li><p> msgid "" "The idea of “protecting our IP” is total confusion. The term " "“IP” itself is a <a href=\"/philosophy/not-ipr.html\">bogus " "generalization about things that have nothing in common</a>." msgstr "" #. type: Content of: <div><div><ul><li><ul><li><p> msgid "" "In addition, to speak of “protecting” that bogus generalization " "is a separate absurdity. It's like calling the cops because neighbors' kids " "are playing on your front yard, and saying that you're “protecting the " "boundary line”. The kids can't do harm to the boundary line, not even " "with a jackhammer, because it is an abstraction and can't be affected by " "physical action." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some “Smart” TVs automatically <a " "href=\"https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928\"> " "load downgrades that install a surveillance app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We link to the article for the facts it presents. It is too bad that the " "article finishes by advocating the moral weakness of surrendering to " "Netflix. The Netflix app <a " "href=\"/proprietary/malware-google.html#netflix-app-geolocation-drm\">is " "malware too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu's proprietary Android library, Moplus, has a back door that <a " "href=\"https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made\"> " "can “upload files” as well as forcibly install apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It is used by 14,000 Android applications." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition to its <a href=\"#windows-update\">universal back door</a>, " "Windows 8 has a back door for <a " "href=\"https://www.computerworld.com/article/2732767/microsoft--we-can-remotely-delete-windows-8-apps.html\"> " "remotely deleting apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "You might well decide to let a security service that you trust remotely " "<em>deactivate</em> programs that it considers malicious. But there is no " "excuse for <em>deleting</em> the programs, and you should have the right to " "decide whom (if anyone) to trust in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Android, <a " "href=\"https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html\"> " "Google has a back door to remotely delete apps</a>. (It was in a program " "called GTalkService, which seems since then to have been merged into Google " "Play.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google can also <a " "href=\"https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/\"> " "forcibly and remotely install apps</a> through GTalkService. This is not " "equivalent to a universal back door, but permits various dirty tricks." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Although Google's <em>exercise</em> of this power has not been malicious so " "far, the point is that nobody should have such power, which could also be " "used maliciously. You might well decide to let a security service remotely " "<em>deactivate</em> programs that it considers malicious. But there is no " "excuse for allowing it to <em>delete</em> the programs, and you should have " "the right to decide who (if anyone) to trust in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iPhone has a back door <a " "href=\"https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html\"> " "that allows Apple to remotely delete apps</a> which Apple considers " "“inappropriate”. Jobs said it's OK for Apple to have this power " "because of course we can trust Apple." msgstr "" #. type: Content of: <div><div><h3> msgid "Full control" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Eclypsium <a " "href=\"https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/\"> " "discovered an insecure universal back door</a> on many computers using " "Gigabyte mainboards. Gigabyte designed their nonfree firmware so they could " "add a program to Windows to download additional software from the Internet, " "and run it behind the user's back." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "To add injury to injury, the back-door program was insecure, and opened ways " "for crackers to run their own programs on the affected systems, also behind " "the user's back. Gigabyte's “<a " "href=\"https://www.gigabyte.com/Press/News/2091\">solution</a>” was to " "ensure the back door would only run programs from Gigabyte." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In this case, the back door required the connivance of Windows accepting the " "program, and running it behind the user's back. Free operating systems " "rightly ignore such “Greek gifts,” so users of GNU (including " "GNU/Linux) are safe from this particular back door, even on affected " "hardware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nonfree software does not make your computer secure—it does the " "opposite: it prevents you from trying to secure it. When nonfree programs " "are required for booting and impossible to replace, they are, in effect, a " "low-level rootkit. All the things that the industry has done to make its " "power over you secure against you also protect firmware-level rootkits " "against you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security " "through tyranny, we should demand laws that require them to allow users to " "install their choice of startup software and make available the information " "needed to develop such. Think of this as right-to-repair at the " "initialization stage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note: Eclypsium at least mentions the problem of “unwanted " "behavior within official firmware,” but does not seem to recognize " "that the only real solution is for firmware to be free, so users can fix " "these problems without having to rely on the vendor.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP delivers printers with a universal back door, and recently used it to <a " "href=\"https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge\"> " "sabotage them by remotely installing malware</a>. The malware makes the " "printer refuse to function with non-HP ink cartrides, and even with old HP " "cartridges which HP now declares to have “expired.” HP calls the " "back door “dynamic security,” and has the gall to claim that " "this “security” protects users from malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own an HP printer that can still use non-HP cartridges, we urge you " "to disconnect it from the internet. This will ensure that HP doesn't " "sabotage it by “updating” its software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note how the author of the Guardian article credulously repeats HP's " "assertion that the “dynamic security” feature protects users " "against malware, not recognizing that the article demonstrates it does the " "opposite.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "NordicTrack, a company that sells exercise machines with ability to show " "videos <a " "href=\"https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/\">limits " "what people can watch, and recently disabled a feature</a> that was " "originally functional. This happened through automatic update and probably " "involved a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Peloton company which produces treadmills recently <a " "href=\"https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/\">locked " "people out of basic features of people's treadmills by a software " "update</a>. The company now asks people for a membership/subscription for " "what people already paid for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The software used in the treadmill is proprietary and probably includes back " "doors to force software updates. It teaches the lesson that if a product " "talks to external networks, you must expect it to take in new malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Please note that the company behind this product said they are working to " "reverse the changes so people will no longer need subscription to use the " "locked feature." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apparently public anger made the company back down. If we want that to be " "our safety, we need to build up the anger against malicious features (and " "the proprietary software that is their entry path) to the point that even " "the most powerful companies don't dare." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft is <a " "href=\"https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows\">forcibly " "removing the Flash player from computers running Windows 10</a>, using <a " "href=\"/proprietary/proprietary-back-doors.html#windows-update\">a universal " "backdoor in Windows</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The fact that Flash has been <a " "href=\"/proprietary/proprietary-back-doors.html#M202012020\">disabled by " "Adobe</a> is no excuse for this abuse of power. The nature of proprietary " "software, such as Microsoft Windows, gives the developers power to impose " "their decisions on users. Free software on the other hand empowers users to " "make their own decisions." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Wavelink and JetStream wifi routers have universal back doors that " "enable unauthenticated users to remotely control not only the routers, but " "also any devices connected to the network. There is evidence that <a " "href=\"https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/\"> " "this vulnerability is actively exploited</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you consider buying a router, we encourage you to get one that <a " "href=\"https://ryf.fsf.org/categories/routers\">runs on free " "software</a>. Any attempts at introducing malicious functionalities in it " "(e.g., through a firmware update) will be detected by the community, and " "soon corrected." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If unfortunately you own a router that runs on proprietary software, don't " "panic! You may be able to replace its firmware with a free operating system " "such as <a href=\"https://librecmc.org\">libreCMC</a>. If you don't know " "how, you can get help from a nearby GNU/Linux user group." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A new app published by Google <a " "href=\"https://www.xda-developers.com/google-device-lock-controller-banks-payments/\">lets " "banks and creditors deactivate people's Android devices</a> if they fail to " "make payments. If someone's device gets deactivated, it will be limited to " "basic functionality, such as emergency calling and access to settings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW will remotely <a " "href=\"https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/\"> " "enable and disable functionality in cars</a> through a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a href=\"https://play.google.com/about/play-terms/\"> Google Play Terms " "of Service</a> insist that the user of Android accept the presence of " "universal back doors in apps released by Google." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This does not tell us whether any of Google's apps currently contains a " "universal back door, but that is a secondary question. In moral terms, " "demanding that people accept in advance certain bad treatment is equivalent " "to actually doing it. Whatever condemnation the latter deserves, the former " "deserves the same." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android phones subsidized by the US government come with <a " "href=\"https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/\"> " "preinstalled adware and a back door for forcing installation of apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The adware is in a modified version of an essential system configuration " "app. The back door is a surreptitious addition to a program whose stated " "purpose is to be a <a " "href=\"https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/\"> " "universal back door for firmware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, a program whose raison d'être is malicious has a secret " "secondary malicious purpose. All this is in addition to the malware of " "Android itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Chinese Communist Party's <a " "href=\"/proprietary/proprietary-surveillance.html#M201910130\"> “Study " "the Great Nation” app</a> was found to contain <a " "href=\"https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962\"> " "a back-door allowing developers to run any code they wish</a> in the users' " "phone, as “superusers.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note: The <a " "href=\"http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html\"> " "Washington Post version of the article</a> (partly obfuscated, but readable " "after copy-pasting in a text editor) includes a clarification saying that " "the tests were only performed on the Android version of the app, and that, " "according to Apple, “this kind of ‘superuser’ surveillance " "could not be conducted on Apple's operating system.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ChromeBooks are programmed for obsolescence: ChromeOS has a universal back " "door that is used for updates and <a " "href=\"https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/\"> " "ceases to operate at a predefined date</a>. From then on, there appears to " "be no support whatsoever for the computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, when you stop getting screwed by the back door, you start " "getting screwed by the obsolescence." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FordPass Connect feature of some Ford vehicles has <a " "href=\"https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html\"> " "near-complete access to the internal car network</a>. It is constantly " "connected to the cellular phone network and sends Ford a lot of data, " "including car location. This feature operates even when the ignition key is " "removed, and users report that they can't disable it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own one of these cars, have you succeeded in breaking the " "connectivity by disconnecting the cellular modem, or wrapping the antenna in " "aluminum foil?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "New GM cars <a " "href=\"https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html\"> " "offer the feature of a universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every nonfree program offers the user zero security against its " "developer. With this malfeature, GM has explicitly made things even worse." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Furby Connect has a <a " "href=\"https://web.archive.org/web/20220604212722/https://www.contextis.com/en/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect\"> " "universal back door</a>. If the product as shipped doesn't act as a " "listening device, remote changes to the code could surely convert it into " "one." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sony has brought back its robotic pet Aibo, this time <a " "href=\"https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet\"> " "with a universal back door, and tethered to a server that requires a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tesla used software to limit the part of the battery that was available to " "customers in some cars, and <a " "href=\"https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/\"> " "a universal back door in the software</a> to temporarily increase this " "limit." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While remotely allowing car “owners” to use the whole battery " "capacity did not do them any harm, the same back door would permit Tesla " "(perhaps under the command of some government) to remotely order the car to " "use none of its battery. Or perhaps to drive its passenger to a torture " "prison." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” TVs <a " "href=\"https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen\"> " "have a universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones come with <a " "href=\"https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/\"> " "a universal back door in the application processor, for Xiaomi's use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is separate from <a href=\"#universal-back-door-phone-modem\">the " "universal back door in the modem processor that the local phone company can " "use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft Windows has a universal back door through which <a " "href=\"https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes\"> " "any change whatsoever can be imposed on the users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This was <a " "href=\"https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want\"> " "reported in 2007</a> for XP and Vista, and it seems that Microsoft used the " "same method to push the <a " "href=\"/proprietary/malware-microsoft.html#windows10-forcing\"> Windows 10 " "downgrade</a> to computers running Windows 7 and 8." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Windows 10, the universal back door is no longer hidden; all " "“upgrades” will be <a " "href=\"https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/\"> " "forcibly and immediately imposed</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Echo appears to have a universal back door, since <a " "href=\"https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates\"> it " "installs “updates” automatically</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We have found nothing explicitly documenting the lack of any way to disable " "remote changes to the software, so we are not completely sure there isn't " "one, but this seems pretty clear." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor\"> " "A Chinese version of Android has a universal back door</a>. Nearly all " "models of mobile phones have a <a href=\"#universal-back-door-phone-modem\"> " "universal back door in the modem chip</a>. So why did Coolpad bother to " "introduce another? Because this one is controlled by Coolpad." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/\"> " "Some applications come with MyFreeProxy, which is a universal back door</a> " "that can download programs and run them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition to its <a href=\"#swindle-eraser\">book eraser</a>, the " "Kindle-Swindle has a <a " "href=\"https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090\"> " "universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Almost every phone's communication processor has a universal back door which " "is <a " "href=\"https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html\"> " "often used to make a phone transmit all conversations it hears</a>. See <a " "href=\"/proprietary/malware-mobiles.html#universal-back-door-phone-modem\">Malware " "in Mobile Devices</a> for more info." msgstr "" #. type: Content of: <div><div><h3> msgid "Other or undefined" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Kia cars were built with a back door that enabled the company's server to " "locate them and take control of them. The car owner had access to these " "controls through the Kia server. That the car owner had such control is not " "objectionable. However, that Kia itself had such control is Orwellian, and " "ought to be illegal. The icing on the Orwellian cake is that the server had " "a security fault which <a href=\"https://samcurry.net/hacking-kia\">allowed " "absolutely anyone to activate those controls</a> for any Kia car." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many people will be outraged at that security bug, but this was presumably " "an accident. The fact that Kia had such control over cars after selling them " "to customers is what outrages us, and that must have been intentional on " "Kia's part." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/\"> " "A back door in Apple devices</a>, present and abused from at least 2019 " "until 2023, allowed crackers to have full control over them by sending " "iMessage texts that installed malware without any action on the user's " "part. Infections, among other things, gave the intruders access to owners' " "microphone recordings, photos, location and other personal data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A Capcom's Street Fighter V update <a " "href=\"https://www.theregister.com/2016/09/23/capcom_street_fighter_v/\"> " "installed a driver that could be used as a back door by any application " "installed on a Windows computer</a>, but was <a " "href=\"https://www.rockpapershotgun.com/street-fighter-v-removes-new-anti-crack\"> " "immediately rolled back</a> in response to public outcry." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Dell computers, shipped with Windows, had a bogus root certificate that <a " "href=\"https://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/\"> " "allowed anyone (not just Dell) to remotely authorize any software to run</a> " "on the computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ARRIS cable modem has a <a " "href=\"https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1\"> " "back door in the back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Here is a big problem whose details are still secret: <a " "href=\"https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor\"> The " "FBI asks lots of companies to put back doors in proprietary programs</a>. We " "don't know of specific cases where this was done, but every proprietary " "program for encryption is a possibility." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The German government <a " "href=\"https://www.theregister.com/2013/08/23/nsa_germany_windows_8/\">veers " "away from Windows 8 computers with TPM 2.0</a> (<a " "href=\"https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa\">original " "article in German</a>), due to potential back door capabilities of the TPM " "2.0 chip." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Here is a suspicion that we can't prove, but is worth thinking about: <a " "href=\"https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI\"> " "Writable microcode for Intel and AMD microprocessors</a> may be a vehicle " "for the NSA to invade computers, with the help of Microsoft, say respected " "security experts." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP “storage appliances” that use the proprietary “Left " "Hand” operating system have back doors that give HP <a " "href=\"https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/\"> " "remote login access</a> to them. HP claims that this does not give HP " "access to the customer's data, but if the back door allows installation of " "software changes, a change could be installed that would give access to the " "customer's data." msgstr "" #. type: Content of: <div><div><p> msgid "" "The EFF has other examples of the <a " "href=\"https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones\"> " "use of back doors</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2014-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""

# LANGUAGE translation of https://www.gnu.org/proprietary/proprietary-back-doors.html # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the original article. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: proprietary-back-doors.html\n" "POT-Creation-Date: 2025-03-27 09:58+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: msgid "Proprietary Back Doors - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "type /" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Back Doors" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "Some malicious functionalities are mediated by <a " "href=\"/proprietary/proprietary.html#f1\">back doors</a>. Here are examples " "of programs that contain one or several of those, classified according to " "what the back door is known to have the power to do. Back doors that allow " "full control over the programs which contain them are said to be " "“universal.”" msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><div><h3> msgid "Back-door functionalities" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#spy\">Spying</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#alter-data\">Altering user's data or settings</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#install-delete\">Installing, deleting or disabling programs</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#universal\">Full control</a>" msgstr "" #. type: Content of: <div><div><div><ul><li> msgid "<a href=\"#other\">Other/undefined</a>" msgstr "" #. type: Content of: <div><div><h3> msgid "Spying" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google Nest <a " "href=\"https://blog.google/products/google-nest/partnership-adt-smarter-home-security/\"> " "is taking over ADT</a>. Google sent out a software update to its speaker " "devices using their back door <a " "href=\"https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt\"> " "that listens for things like smoke alarms</a> and then notifies your phone " "that an alarm is happening. This means the devices now listen for more than " "just their wake words. Google says the software update was sent out " "prematurely and on accident and Google was planning on disclosing this new " "feature and offering it to customers who pay for it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras contain a glaring back " "door—they have login accounts with hard-coded passwords, which can't " "be changed, and <a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\"> " "there is no way to delete these accounts either</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Since these accounts with hard-coded passwords are impossible to delete, " "this problem is not merely an insecurity; it amounts to a back door that can " "be used by the manufacturer (and government) to spy on users." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft has <a " "href=\"https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/\"> " "backdoored its disk encryption</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple can, and regularly does, <a " "href=\"https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/\"> " "remotely extract some data from iPhones for the state</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This may have improved with <a " "href=\"https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/\"> " "iOS 8 security improvements</a>; but <a " "href=\"https://theintercept.com/2014/09/22/apple-data/\"> not as much as " "Apple claims</a>." msgstr "" #. type: Content of: <div><div><h3> msgid "Altering user's data or settings" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW is now luring British customers into <a " "href=\"https://edition.cnn.com/2022/07/14/business/bmw-subscription/index.html\"> " "paying for the built-in heated-seat feature of their new cars on a " "subscription basis</a>. People also have the option to buy the feature when " "they are paying for the car, but those who bought a used car have to pay BMW " "extra money to remotely enable the heated seats. This is probably done by " "BMW accessing a back door in the car software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Xiaomi phones <a " "href=\"https://www.theguardian.com/world/2021/sep/22/lithuania-tells-citizens-to-throw-out-chinese-phones-over-censorship-concerns\">have " "a malfeature to bleep out phrases that express political views the Chinese " "government does not like</a>. In phones sold in Europe, Xiaomi leaves this " "deactivated by default, but has a back door to activate the censorship." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is the natural result of having nonfree software in a device that can " "communicate with the company that made it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BlizzCon 2019 imposed a <a " "href=\"https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/\"> " "requirement to run a proprietary phone app</a> to be allowed into the event." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This app is a spyware that can snoop on a lot of sensitive data, including " "user's location and contact list, and has <a " "href=\"https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/\"> " "near-complete control</a> over the phone." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android has a <a " "href=\"https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change\"> " "back door for remotely changing “user” settings</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article suggests it might be a universal back door, but this isn't " "clear." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Dropbox app for Macintosh <a " "href=\"https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/\"> " "takes control of user interface items after luring the user into entering an " "admin password</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pregnancy test controller application not only can <a " "href=\"https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security\"> " "spy on many sorts of data in the phone, and in server accounts, it can alter " "them too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html\"> " "Some D-Link routers</a> have a back door for changing settings in a dlink of " "an eye." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://sekurak.pl/tp-link-httptftp-backdoor/\"> The TP-Link " "router has a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://gothub.projectsegfau.lt/elvanderb/TCP-32764/\">Many models " "of routers have back doors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google has long had <a " "href=\"https://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted\">a " "back door to remotely unlock an Android device</a>, unless its disk is " "encrypted (possible since Android 5.0 Lollipop, but still not quite the " "default)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Caterpillar vehicles come with <a " "href=\"https://web.archive.org/web/20201108113943/https://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it\"> " "a back door to shutoff the engine</a> remotely." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Modern gratis game cr…apps <a " "href=\"https://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/\"> " "collect a wide range of data about their users and their users' friends and " "associates</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even nastier, they do it through ad networks that merge the data collected " "by various cr…apps and sites made by different companies." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "They use this data to manipulate people to buy things, and hunt for " "“whales” who can be led to spend a lot of money. They also use a " "back door to manipulate the game play for specific players." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While the article describes gratis games, games that cost money can use the " "same tactics." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor\"> " "Samsung Galaxy devices running proprietary Android versions come with a back " "door</a> that provides remote access to the files stored on the device." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Kindle-Swindle has a back door that has been used to <a " "href=\"https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/\"> " "remotely erase books</a>. One of the books erased was <cite>1984</cite>, by " "George Orwell." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon responded to criticism by saying it would delete books only following " "orders from the state. However, that policy didn't last. In 2012 it <a " "href=\"https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html\"> " "wiped a user's Kindle-Swindle and deleted her account</a>, then offered her " "kafkaesque “explanations.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Do other ebook readers have back doors in their nonfree software? We don't " "know, and we have no way to find out. There is no reason to assume that " "they don't." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iPhone has a back door for <a " "href=\"https://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone\"> " "remote wipe</a>. It's not always enabled, but users are led into enabling " "it without understanding." msgstr "" #. type: Content of: <div><div><h3> msgid "Installing, deleting or disabling programs" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/proprietary/uhd-bluray-denies-your-freedom.html\">UHD Blu-ray " "disks are loaded with malware of the worst kinds</a>, including the AACS " "DRM. Playing them on a PC requires the Intel Management Engine, which has " "back doors and cannot be disabled. Every Blu-ray drive also has a back door " "in its firmware, which allows the AACS-enforcing organization to " "“revoke” the ability to play any AACS-restricted disk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft is <a " "href=\"https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser\"> " "remotely disabling Internet Explorer, forcibly redirecting users to " "Microsoft Edge</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Imposing such change is malicious, and the fact that the redirection is from " "one unjust program (IE) to another unjust program (Edge) does not excuse " "it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft <a " "href=\"https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/\"> " "released an “update” that installs a surveillance program</a> on " "users' computers to gather data on some installed programs for Microsoft's " "benefit. The update is rolling out automatically, and the program runs " "“one time silently.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi provides a tool to <a " "href=\"https://www.guidetoroot.com/unlock-bootloader-on-any-xiaomi-phones/\"> " "unlock the bootloader of Xiaomi smartphones and tablets</a>, but this " "requires creating an account on the company's servers, i.e. providing your " "phone number. This is the price you have to pay for “legally” " "running a free software operating system on Xiaomi devices. But the " "manufacturer retains control of the unlocked device through a backdoor in " "the bootloader—the same backdoor that was remotely used to unlock it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tesla <a " "href=\"https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html\"> " "sells an add-on software feature that drivers are not allowed to use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This practice depends on a back door, which is unjust in itself. Asking " "users to buy something years in advance to avoid having to pay an even " "higher price later is manipulative." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe <a " "href=\"https://web.archive.org/web/20211014123717/https://pluralistic.net/2021/10/13/theres-an-app-for-that/#gnash\">has " "licensed its Flash Player to China's Zhong Cheng Network</a> who is offering " "the program bundled with spyware and a back door that can remotely " "deactivate it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe is responsible for this since they gave Zhong Cheng Network permission " "to do this. This injustice involves “misuse” of the DMCA, but " "“proper,” intended use of the DMCA is a much bigger injustice. " "There is <a href=\"/philosophy/right-to-read.html\">a series of errors " "related to DMCA</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Recent Samsung TVs have a back door with which Samsung can <a " "href=\"https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide\"> " "brick them remotely</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/\">Google " "automatically installed an app on many proprietary Android phones</a>. The " "app might or might not do malicious things but the power Google has over " "proprietary Android phones is dangerous." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Adobe Flash Player <a " "href=\"https://www.adobe.com/products/flashplayer/end-of-life.html\"> has a " "universal back door</a> which lets Adobe control the software and, for " "example, disable it whenever it wants. Adobe will block Flash content from " "running in Flash Player beginning January 12, 2021, which indicates that " "they have access to every Flash Player through a back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The back door won't be dangerous in the future, as it'll disable a " "proprietary program and make users delete the software, but it was an " "injustice for many years. Users should have deleted Flash Player even before " "its end of life." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW is trying to <a " "href=\"https://www.theverge.com/2020/7/2/21311332/bmw-in-car-purchase-heated-seats-software-over-the-air-updates\">lock " "certain features of its cars, and force people to pay to use part of the car " "they already bought</a>. This is done through forced update of the car " "software via a radio-operated back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A very popular app found in the Google Play store contained a module that " "was designed to <a " "href=\"https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/\">secretly " "install malware on the user's computer</a>. The app developers regularly " "used it to make the computer download and execute any code they wanted." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is a concrete example of what users are exposed to when they run " "nonfree apps. They can never be completely sure that a nonfree app is safe." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple appears to say that <a " "href=\"https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/\"> " "there is a back door in MacOS</a> for automatically updating some (all?) " "apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The specific change described in the article was not malicious—it " "protected users from surveillance by third parties—but that is a " "separate question." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Corel Paintshop Pro has a <a " "href=\"https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/\"> " "back door that can make it cease to function</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The article is full of confusions, errors and biases that we have an " "obligation to expose, given that we are making a link to them." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "Getting a patent does not “enable” a company to do any " "particular thing in its products. What it does enable the company to do is " "sue other companies if they do some particular thing in their products." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "A company's policies about when to attack users through a back door are " "beside the point. Inserting the back door is wrong in the first place, and " "using the back door is always wrong too. No software developer should have " "that power over users." msgstr "" #. type: Content of: <div><div><ul><li><ul><li> msgid "" "“<a href=\"/philosophy/words-to-avoid.html#Piracy\">Piracy</a>” " "means attacking ships. Using that word to refer to sharing copies is a " "smear; please don't smear sharing." msgstr "" #. type: Content of: <div><div><ul><li><ul><li><p> msgid "" "The idea of “protecting our IP” is total confusion. The term " "“IP” itself is a <a href=\"/philosophy/not-ipr.html\">bogus " "generalization about things that have nothing in common</a>." msgstr "" #. type: Content of: <div><div><ul><li><ul><li><p> msgid "" "In addition, to speak of “protecting” that bogus generalization " "is a separate absurdity. It's like calling the cops because neighbors' kids " "are playing on your front yard, and saying that you're “protecting the " "boundary line”. The kids can't do harm to the boundary line, not even " "with a jackhammer, because it is an abstraction and can't be affected by " "physical action." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some “Smart” TVs automatically <a " "href=\"https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928\"> " "load downgrades that install a surveillance app</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We link to the article for the facts it presents. It is too bad that the " "article finishes by advocating the moral weakness of surrendering to " "Netflix. The Netflix app <a " "href=\"/proprietary/malware-google.html#netflix-app-geolocation-drm\">is " "malware too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu's proprietary Android library, Moplus, has a back door that <a " "href=\"https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made\"> " "can “upload files” as well as forcibly install apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "It is used by 14,000 Android applications." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition to its <a href=\"#windows-update\">universal back door</a>, " "Windows 8 has a back door for <a " "href=\"https://www.computerworld.com/article/2732767/microsoft--we-can-remotely-delete-windows-8-apps.html\"> " "remotely deleting apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "You might well decide to let a security service that you trust remotely " "<em>deactivate</em> programs that it considers malicious. But there is no " "excuse for <em>deleting</em> the programs, and you should have the right to " "decide whom (if anyone) to trust in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Android, <a " "href=\"https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html\"> " "Google has a back door to remotely delete apps</a>. (It was in a program " "called GTalkService, which seems since then to have been merged into Google " "Play.)" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Google can also <a " "href=\"https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/\"> " "forcibly and remotely install apps</a> through GTalkService. This is not " "equivalent to a universal back door, but permits various dirty tricks." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Although Google's <em>exercise</em> of this power has not been malicious so " "far, the point is that nobody should have such power, which could also be " "used maliciously. You might well decide to let a security service remotely " "<em>deactivate</em> programs that it considers malicious. But there is no " "excuse for allowing it to <em>delete</em> the programs, and you should have " "the right to decide who (if anyone) to trust in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The iPhone has a back door <a " "href=\"https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html\"> " "that allows Apple to remotely delete apps</a> which Apple considers " "“inappropriate”. Jobs said it's OK for Apple to have this power " "because of course we can trust Apple." msgstr "" #. type: Content of: <div><div><h3> msgid "Full control" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Eclypsium <a " "href=\"https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/\"> " "discovered an insecure universal back door</a> on many computers using " "Gigabyte mainboards. Gigabyte designed their nonfree firmware so they could " "add a program to Windows to download additional software from the Internet, " "and run it behind the user's back." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "To add injury to injury, the back-door program was insecure, and opened ways " "for crackers to run their own programs on the affected systems, also behind " "the user's back. Gigabyte's “<a " "href=\"https://www.gigabyte.com/Press/News/2091\">solution</a>” was to " "ensure the back door would only run programs from Gigabyte." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In this case, the back door required the connivance of Windows accepting the " "program, and running it behind the user's back. Free operating systems " "rightly ignore such “Greek gifts,” so users of GNU (including " "GNU/Linux) are safe from this particular back door, even on affected " "hardware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Nonfree software does not make your computer secure—it does the " "opposite: it prevents you from trying to secure it. When nonfree programs " "are required for booting and impossible to replace, they are, in effect, a " "low-level rootkit. All the things that the industry has done to make its " "power over you secure against you also protect firmware-level rootkits " "against you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security " "through tyranny, we should demand laws that require them to allow users to " "install their choice of startup software and make available the information " "needed to develop such. Think of this as right-to-repair at the " "initialization stage." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note: Eclypsium at least mentions the problem of “unwanted " "behavior within official firmware,” but does not seem to recognize " "that the only real solution is for firmware to be free, so users can fix " "these problems without having to rely on the vendor.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP delivers printers with a universal back door, and recently used it to <a " "href=\"https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge\"> " "sabotage them by remotely installing malware</a>. The malware makes the " "printer refuse to function with non-HP ink cartrides, and even with old HP " "cartridges which HP now declares to have “expired.” HP calls the " "back door “dynamic security,” and has the gall to claim that " "this “security” protects users from malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own an HP printer that can still use non-HP cartridges, we urge you " "to disconnect it from the internet. This will ensure that HP doesn't " "sabotage it by “updating” its software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Note how the author of the Guardian article credulously repeats HP's " "assertion that the “dynamic security” feature protects users " "against malware, not recognizing that the article demonstrates it does the " "opposite.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "NordicTrack, a company that sells exercise machines with ability to show " "videos <a " "href=\"https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/\">limits " "what people can watch, and recently disabled a feature</a> that was " "originally functional. This happened through automatic update and probably " "involved a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Peloton company which produces treadmills recently <a " "href=\"https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/\">locked " "people out of basic features of people's treadmills by a software " "update</a>. The company now asks people for a membership/subscription for " "what people already paid for." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The software used in the treadmill is proprietary and probably includes back " "doors to force software updates. It teaches the lesson that if a product " "talks to external networks, you must expect it to take in new malware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Please note that the company behind this product said they are working to " "reverse the changes so people will no longer need subscription to use the " "locked feature." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apparently public anger made the company back down. If we want that to be " "our safety, we need to build up the anger against malicious features (and " "the proprietary software that is their entry path) to the point that even " "the most powerful companies don't dare." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft is <a " "href=\"https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows\">forcibly " "removing the Flash player from computers running Windows 10</a>, using <a " "href=\"/proprietary/proprietary-back-doors.html#windows-update\">a universal " "backdoor in Windows</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The fact that Flash has been <a " "href=\"/proprietary/proprietary-back-doors.html#M202012020\">disabled by " "Adobe</a> is no excuse for this abuse of power. The nature of proprietary " "software, such as Microsoft Windows, gives the developers power to impose " "their decisions on users. Free software on the other hand empowers users to " "make their own decisions." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Wavelink and JetStream wifi routers have universal back doors that " "enable unauthenticated users to remotely control not only the routers, but " "also any devices connected to the network. There is evidence that <a " "href=\"https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/\"> " "this vulnerability is actively exploited</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you consider buying a router, we encourage you to get one that <a " "href=\"https://ryf.fsf.org/categories/routers\">runs on free " "software</a>. Any attempts at introducing malicious functionalities in it " "(e.g., through a firmware update) will be detected by the community, and " "soon corrected." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If unfortunately you own a router that runs on proprietary software, don't " "panic! You may be able to replace its firmware with a free operating system " "such as <a href=\"https://librecmc.org\">libreCMC</a>. If you don't know " "how, you can get help from a nearby GNU/Linux user group." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A new app published by Google <a " "href=\"https://www.xda-developers.com/google-device-lock-controller-banks-payments/\">lets " "banks and creditors deactivate people's Android devices</a> if they fail to " "make payments. If someone's device gets deactivated, it will be limited to " "basic functionality, such as emergency calling and access to settings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "BMW will remotely <a " "href=\"https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/\"> " "enable and disable functionality in cars</a> through a universal back door." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a href=\"https://play.google.com/about/play-terms/\"> Google Play Terms " "of Service</a> insist that the user of Android accept the presence of " "universal back doors in apps released by Google." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This does not tell us whether any of Google's apps currently contains a " "universal back door, but that is a secondary question. In moral terms, " "demanding that people accept in advance certain bad treatment is equivalent " "to actually doing it. Whatever condemnation the latter deserves, the former " "deserves the same." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Android phones subsidized by the US government come with <a " "href=\"https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/\"> " "preinstalled adware and a back door for forcing installation of apps</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The adware is in a modified version of an essential system configuration " "app. The back door is a surreptitious addition to a program whose stated " "purpose is to be a <a " "href=\"https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/\"> " "universal back door for firmware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, a program whose raison d'être is malicious has a secret " "secondary malicious purpose. All this is in addition to the malware of " "Android itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Chinese Communist Party's <a " "href=\"/proprietary/proprietary-surveillance.html#M201910130\"> “Study " "the Great Nation” app</a> was found to contain <a " "href=\"https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962\"> " "a back-door allowing developers to run any code they wish</a> in the users' " "phone, as “superusers.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Note: The <a " "href=\"http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html\"> " "Washington Post version of the article</a> (partly obfuscated, but readable " "after copy-pasting in a text editor) includes a clarification saying that " "the tests were only performed on the Android version of the app, and that, " "according to Apple, “this kind of ‘superuser’ surveillance " "could not be conducted on Apple's operating system.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ChromeBooks are programmed for obsolescence: ChromeOS has a universal back " "door that is used for updates and <a " "href=\"https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/\"> " "ceases to operate at a predefined date</a>. From then on, there appears to " "be no support whatsoever for the computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In other words, when you stop getting screwed by the back door, you start " "getting screwed by the obsolescence." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FordPass Connect feature of some Ford vehicles has <a " "href=\"https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html\"> " "near-complete access to the internal car network</a>. It is constantly " "connected to the cellular phone network and sends Ford a lot of data, " "including car location. This feature operates even when the ignition key is " "removed, and users report that they can't disable it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own one of these cars, have you succeeded in breaking the " "connectivity by disconnecting the cellular modem, or wrapping the antenna in " "aluminum foil?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "New GM cars <a " "href=\"https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html\"> " "offer the feature of a universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Every nonfree program offers the user zero security against its " "developer. With this malfeature, GM has explicitly made things even worse." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Furby Connect has a <a " "href=\"https://web.archive.org/web/20220604212722/https://www.contextis.com/en/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect\"> " "universal back door</a>. If the product as shipped doesn't act as a " "listening device, remote changes to the code could surely convert it into " "one." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Sony has brought back its robotic pet Aibo, this time <a " "href=\"https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet\"> " "with a universal back door, and tethered to a server that requires a " "subscription</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Tesla used software to limit the part of the battery that was available to " "customers in some cars, and <a " "href=\"https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/\"> " "a universal back door in the software</a> to temporarily increase this " "limit." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "While remotely allowing car “owners” to use the whole battery " "capacity did not do them any harm, the same back door would permit Tesla " "(perhaps under the command of some government) to remotely order the car to " "use none of its battery. Or perhaps to drive its passenger to a torture " "prison." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Vizio “smart” TVs <a " "href=\"https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen\"> " "have a universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Xiaomi phones come with <a " "href=\"https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/\"> " "a universal back door in the application processor, for Xiaomi's use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is separate from <a href=\"#universal-back-door-phone-modem\">the " "universal back door in the modem processor that the local phone company can " "use</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Microsoft Windows has a universal back door through which <a " "href=\"https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes\"> " "any change whatsoever can be imposed on the users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This was <a " "href=\"https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want\"> " "reported in 2007</a> for XP and Vista, and it seems that Microsoft used the " "same method to push the <a " "href=\"/proprietary/malware-microsoft.html#windows10-forcing\"> Windows 10 " "downgrade</a> to computers running Windows 7 and 8." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In Windows 10, the universal back door is no longer hidden; all " "“upgrades” will be <a " "href=\"https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/\"> " "forcibly and immediately imposed</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Amazon Echo appears to have a universal back door, since <a " "href=\"https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates\"> it " "installs “updates” automatically</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We have found nothing explicitly documenting the lack of any way to disable " "remote changes to the software, so we are not completely sure there isn't " "one, but this seems pretty clear." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor\"> " "A Chinese version of Android has a universal back door</a>. Nearly all " "models of mobile phones have a <a href=\"#universal-back-door-phone-modem\"> " "universal back door in the modem chip</a>. So why did Coolpad bother to " "introduce another? Because this one is controlled by Coolpad." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/\"> " "Some applications come with MyFreeProxy, which is a universal back door</a> " "that can download programs and run them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "In addition to its <a href=\"#swindle-eraser\">book eraser</a>, the " "Kindle-Swindle has a <a " "href=\"https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090\"> " "universal back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Almost every phone's communication processor has a universal back door which " "is <a " "href=\"https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html\"> " "often used to make a phone transmit all conversations it hears</a>. See <a " "href=\"/proprietary/malware-mobiles.html#universal-back-door-phone-modem\">Malware " "in Mobile Devices</a> for more info." msgstr "" #. type: Content of: <div><div><h3> msgid "Other or undefined" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Kia cars were built with a back door that enabled the company's server to " "locate them and take control of them. The car owner had access to these " "controls through the Kia server. That the car owner had such control is not " "objectionable. However, that Kia itself had such control is Orwellian, and " "ought to be illegal. The icing on the Orwellian cake is that the server had " "a security fault which <a href=\"https://samcurry.net/hacking-kia\">allowed " "absolutely anyone to activate those controls</a> for any Kia car." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many people will be outraged at that security bug, but this was presumably " "an accident. The fact that Kia had such control over cars after selling them " "to customers is what outrages us, and that must have been intentional on " "Kia's part." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/\"> " "A back door in Apple devices</a>, present and abused from at least 2019 " "until 2023, allowed crackers to have full control over them by sending " "iMessage texts that installed malware without any action on the user's " "part. Infections, among other things, gave the intruders access to owners' " "microphone recordings, photos, location and other personal data." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A Capcom's Street Fighter V update <a " "href=\"https://www.theregister.com/2016/09/23/capcom_street_fighter_v/\"> " "installed a driver that could be used as a back door by any application " "installed on a Windows computer</a>, but was <a " "href=\"https://www.rockpapershotgun.com/street-fighter-v-removes-new-anti-crack\"> " "immediately rolled back</a> in response to public outcry." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Dell computers, shipped with Windows, had a bogus root certificate that <a " "href=\"https://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/\"> " "allowed anyone (not just Dell) to remotely authorize any software to run</a> " "on the computer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "ARRIS cable modem has a <a " "href=\"https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1\"> " "back door in the back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Here is a big problem whose details are still secret: <a " "href=\"https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor\"> The " "FBI asks lots of companies to put back doors in proprietary programs</a>. We " "don't know of specific cases where this was done, but every proprietary " "program for encryption is a possibility." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The German government <a " "href=\"https://www.theregister.com/2013/08/23/nsa_germany_windows_8/\">veers " "away from Windows 8 computers with TPM 2.0</a> (<a " "href=\"https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa\">original " "article in German</a>), due to potential back door capabilities of the TPM " "2.0 chip." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Here is a suspicion that we can't prove, but is worth thinking about: <a " "href=\"https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI\"> " "Writable microcode for Intel and AMD microprocessors</a> may be a vehicle " "for the NSA to invade computers, with the help of Microsoft, say respected " "security experts." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "HP “storage appliances” that use the proprietary “Left " "Hand” operating system have back doors that give HP <a " "href=\"https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/\"> " "remote login access</a> to them. HP claims that this does not give HP " "access to the customer's data, but if the back door allows installation of " "software changes, a change could be installed that would give access to the " "customer's data." msgstr "" #. type: Content of: <div><div><p> msgid "" "The EFF has other examples of the <a " "href=\"https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones\"> " "use of back doors</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2014-2025 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""