# LANGUAGE translation of https://www.gnu.org/proprietary/proprietary-insecurity.html
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the original article.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: proprietary-insecurity.html\n"
"POT-Creation-Date: 2025-03-30 09:27+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: Content of: <title>
msgid "Proprietary Insecurity - GNU Project - Free Software Foundation"
msgstr ""

#. type: Content of: <div><a>
msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">"
msgstr ""

#. type: Attribute 'title' of: <div><a><img>
msgid "Section contents"
msgstr ""

#. type: Attribute 'alt' of: <div><a><img>
msgid "&nbsp;[Section contents]&nbsp;"
msgstr ""

#. type: Content of: <div>
msgid "</a>"
msgstr ""

#. type: Content of: <div><p><a>
msgid "<a href=\"/\">"
msgstr ""

#. type: Attribute 'title' of: <div><p><a><img>
msgid "GNU Home"
msgstr ""

#. type: Content of: <div><p>
msgid ""
"</a>&nbsp;/ <a href=\"/proprietary/proprietary.html\">Malware</a>&nbsp;/ By "
"type&nbsp;/"
msgstr ""

#. type: Content of: <div><h2>
msgid "Proprietary Insecurity"
msgstr ""

#. type: Content of: <div><div><p>
msgid ""
"Nonfree (proprietary) software is very often malware (designed to mistreat "
"the user). Nonfree software is controlled by its developers, which puts them "
"in a position of power over the users; <a "
"href=\"/philosophy/free-software-even-more-important.html\">that is the "
"basic injustice</a>. The developers and manufacturers often exercise that "
"power to the detriment of the users they ought to serve."
msgstr ""

#. type: Content of: <div><div><p>
msgid "This typically takes the form of malicious functionalities."
msgstr ""

#. type: Content of: <div><div><p>
msgid ""
"This page lists clearly established cases of insecurity in proprietary "
"software that has grave consequences or is otherwise noteworthy. Even though "
"most of these security flaws are unintentional, thus are not malicious "
"functionalities in a strict sense, we report them to show that proprietary "
"software is not as secure as mainstream media may say."
msgstr ""

#. type: Content of: <div><div><p>
msgid ""
"This doesn't imply that free software is immune to bugs or insecurities.  "
"The difference between free and proprietary software in this respect is the "
"handling of the bugs: free software users are able to study the program "
"and/or fix the bugs they find, often in communities as they are able to "
"share the program, while proprietary program users are forced to rely on the "
"program's developer for fixes."
msgstr ""

#. type: Content of: <div><div><p>
msgid ""
"If the developer does not care to fix the problem &mdash; often the case for "
"embedded software and old releases &mdash; the users are sunk. But if the "
"developer does send a corrected version, it may contain new malicious "
"functionalities as well as bug fixes."
msgstr ""

#. type: Content of: <div><div><div><p>
msgid ""
"If you know of an example that ought to be in this page but isn't here, "
"please write to <a "
"href=\"mailto:webmasters@gnu.org\">&lt;webmasters@gnu.org&gt;</a> to inform "
"us. Please include the URL of a trustworthy reference or two to serve as "
"specific substantiation."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Apple <a "
"href=\"https://www.bleepingcomputer.com/news/security/apple-pulls-icloud-end-to-end-encryption-feature-in-the-uk/\"> "
"stopped offering iCloud end-to-end encryption in the UK</a> after the UK "
"government demanded <a "
"href=\"https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/\"> "
"worldwide access to encrypted user data</a>. This is one more proof that "
"storing your own data &ldquo;in the cloud&rdquo; puts it at risk."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Windows Recall is a feature of Microsoft's Copilot tool that comes "
"preinstalled on AI-specialized computers. <a "
"href=\"https://www.techtarget.com/searchenterpriseai/feature/Privacy-and-security-risks-surrounding-Microsoft-Recall\"> "
"Recall records everything users do on their computer</a> and allows them to "
"search the recordings, but it has numerous security flaws and poses a risk "
"to privacy. As Recall cannot be completely uninstalled, disabling it doesn't "
"eliminate the risk because it can be reactivated by malware or "
"misconfiguration."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Microsoft says that <a "
"href=\"https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15\"> "
"Recall will not take screenshots of digitally restricted "
"media</a>. Meanwhile, it stores sensitive user information such as passwords "
"and bank account numbers, showing that whereas Microsoft worries somewhat "
"about corporate interests, it couldn't care less about user privacy."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The Pixel 9 &ldquo;smart&rdquo;phone <a "
"href=\"https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/\"> "
"frequently updates Google servers with its location and current "
"configuration</a> along with personally identifiable data, raising concerns "
"about user privacy. Moreover, it communicates with services that are not in "
"use, and periodically attempts to download experimental, possibly insecure "
"software. The system does not inform the user that it is doing all this."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"There is hope, however: it is possible to <a "
"href=\"https://doc.e.foundation/devices\"> replace the original Android "
"operating system with a deGoogled version</a> in Pixel phones up to 8a, and "
"in phones from many other brands. No doubt that the Pixel 9 will be "
"supported soon."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Kia cars were built with a back door that enabled the company's server to "
"locate them and take control of them. The car owner had access to these "
"controls through the Kia server. That the car owner had such control is not "
"objectionable. However, that Kia itself had such control is Orwellian, and "
"ought to be illegal. The icing on the Orwellian cake is that the server had "
"a security fault which <a href=\"https://samcurry.net/hacking-kia\">allowed "
"absolutely anyone to activate those controls</a> for any Kia car."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many people will be outraged at that security bug, but this was presumably "
"an accident. The fact that Kia had such control over cars after selling them "
"to customers is what outrages us, and that must have been intentional on "
"Kia's part."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/\"> "
"A critical vulnerability in Windows systems that support IPv6</a> was "
"discovered in 2024, <a "
"href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063\"> "
"16 years after the first affected system</a> was released. Unless the "
"relevant patch is applied, an attacker can remotely execute arbitrary code "
"on these systems. Microsoft considers exploits &ldquo;likely.&rdquo;"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The same sort of vulnerability in a free/libre operating system would "
"probably be discovered sooner, since many more people would be able to look "
"at the source code."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a href=\"/proprietary/uhd-bluray-denies-your-freedom.html\">UHD Blu-ray "
"disks are loaded with malware of the worst kinds</a>. Among other things, "
"playing them on a PC requires Intel SGX (Software Guard Extensions), which "
"not only has numerous security vulnerabilities, but also was deprecated and "
"removed from mainstream Intel CPUs in 2022."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/\"> "
"A back door in Apple devices</a>, present and abused from at least 2019 "
"until 2023, allowed crackers to have full control over them by sending "
"iMessage texts that installed malware without any action on the user's "
"part.  Infections, among other things, gave the intruders access to owners' "
"microphone recordings, photos, location and other personal data."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/\">x86 "
"and ARM based computers shipped with UEFI are potentially vulnerable to a "
"design omission called LogoFAIL</a>. A cracker can replace the BIOS logo "
"with a fake one that contains malicious code. Users can't fix this omission "
"because it is in the nonfree UEFI firmware that users can't replace."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Eclypsium <a "
"href=\"https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/\"> "
"discovered an insecure universal back door</a> on many computers using "
"Gigabyte mainboards. Gigabyte designed their nonfree firmware so they could "
"add a program to Windows to download additional software from the Internet, "
"and run it behind the user's back."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"To add injury to injury, the back-door program was insecure, and opened ways "
"for crackers to run their own programs on the affected systems, also behind "
"the user's back. Gigabyte's &ldquo;<a "
"href=\"https://www.gigabyte.com/Press/News/2091\">solution</a>&rdquo; was to "
"ensure the back door would only run programs from Gigabyte."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"In this case, the back door required the connivance of Windows accepting the "
"program, and running it behind the user's back. Free operating systems "
"rightly ignore such &ldquo;Greek gifts,&rdquo; so users of GNU (including "
"GNU/Linux) are safe from this particular back door, even on affected "
"hardware."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Nonfree software does not make your computer secure&mdash;it does the "
"opposite: it prevents you from trying to secure it. When nonfree programs "
"are required for booting and impossible to replace, they are, in effect, a "
"low-level rootkit. All the things that the industry has done to make its "
"power over you secure against you also protect firmware-level rootkits "
"against you."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security "
"through tyranny, we should demand laws that require them to allow users to "
"install their choice of startup software and make available the information "
"needed to develop such. Think of this as right-to-repair at the "
"initialization stage."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>Note: Eclypsium at least mentions the problem of &ldquo;unwanted "
"behavior within official firmware,&rdquo; but does not seem to recognize "
"that the only real solution is for firmware to be free, so users can fix "
"these problems without having to rely on the vendor.</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Hackers discovered <a "
"href=\"https://samcurry.net/web-hackers-vs-the-auto-industry/\"> dozens of "
"flaws in the security (in the usual narrow sense) of many brands of "
"automobiles</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Security in the usual narrow sense means security against unknown third "
"parties. We are more concerned with security in the broader "
"sense&mdash;against the manufacturer as well as against unknown third "
"parties. It is clear that each of these vulnerabilities can be exploited by "
"the manufacturer too, and by any government that can threaten the "
"manufacturer enough to compel the manufacturer's cooperation."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/\"> "
"The Microsoft Office encryption is weak</a>, and susceptible to attack."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Encryption is a tricky field, and easy to mess up. It is wise to insist on "
"encryption software that is (1) free software and (2)  studied by experts."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A security researcher found that the iOS in-app browser of TikTok <a "
"href=\"https://www.theguardian.com/technology/2022/aug/24/tiktok-can-track-users-every-tap-as-they-visit-other-sites-through-ios-app-new-research-shows\"> "
"injects keylogger-like JavaScript code into outside web pages</a>. This code "
"has the ability to track all users' activities, and to retrieve any personal "
"data that is entered on the pages. We have no way of verifying TikTok's "
"claim that the keylogger-like code only serves purely technical "
"functions. Some of the accessed data could well be saved to the company's "
"servers, and even sent to third parties. This would open the door to "
"extensive surveillance, including by the Chinese government (to which TikTok "
"has indirect ties). There is also a risk that the data would be stolen by "
"crackers, and used to launch malware attacks."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The iOS in-app browsers of Instagram and Facebook behave essentially the "
"same way as TikTok's. The main difference is that Instagram and Facebook "
"allow users to access third-party sites with their default browser, whereas "
"<a "
"href=\"https://web.archive.org/web/20221201065621/https://www.reddit.com/r/Tiktokhelp/comments/jlep5d/how_do_i_make_urls_open_in_my_browser_instead_of/\"> "
"TikTok makes it nearly impossible</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The researcher didn't study the Android versions of in-app browsers, but we "
"have no reason to assume they are safer than the iOS versions."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>Please note that the article wrongly refers to crackers as "
"&ldquo;hackers.&rdquo;</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A bug in Tesla cars software <a "
"href=\"https://www.tweaktown.com/news/86780/new-app-allows-hackers-to-steal-teslas-by-making-their-own-keys/index.html\"> "
"lets crackers install new car keys</a>, unlock cars, start engines, and even "
"prevent real owners from accessing their cars."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A cracker even reported that he was able to <a "
"href=\"https://fortune.com/2022/01/12/teen-hacker-david-colombo-took-control-25-tesla-ev/\"> "
"disable security systems and take control of 25 cars</a>."
msgstr ""

#. type: Content of: <div><div><ul><li>
msgid ""
"<small>Please note that these articles wrongly use the word &ldquo;<a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">hacker</a>&rdquo; instead of "
"cracker.</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A security failure in Microsoft's Windows is <a "
"href=\"https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/\">infecting "
"people's computers with RedLine stealer malware</a> using a fake Windows 11 "
"upgrade installer."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A critical bug in Apple's iOS makes it possible for attackers to alter a "
"shutdown event, <a "
"href=\"https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/\">tricking "
"the user into thinking that the phone has been powered off</a>. But in fact, "
"it's still running, and the user can't feel any difference between a real "
"shutdown and the fake shutdown."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Hundreds of Tesla drivers <a "
"href=\"https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises\">were "
"locked out of their cars as a result of Tesla's app suffering from an "
"outage</a>, which happened because the app is tethered to the company's "
"servers."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Some researchers at Google <a "
"href=\"https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users\">found "
"a zero-day vulnerability on MacOS, which crackers used to target people "
"visiting the websites</a> of a media outlet and a pro-democracy labor and "
"political group in Hong Kong."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>Please note that the article wrongly refers to crackers as &ldquo;<a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>&rdquo;.</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Various models of security cameras, DVRs, and baby monitors that run "
"proprietary software <a "
"href=\"https://www.wired.com/story/kalay-iot-bug-video-feeds/\">are affected "
"by a security vulnerability that could give attackers access to live "
"feeds</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones\"> "
"The pegasus spyware used vulnerabilities on proprietary smartphone operating "
"systems</a> to impose surveillance on people. It can record people's calls, "
"copy their messages, and secretly film them, using a security "
"vulnerability. There's also <a "
"href=\"https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf\"> "
"a technical analysis of this spyware</a> available in PDF format."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A free operating system would've let people to fix the bugs for themselves "
"but now infected people will be compelled to wait for corporations to fix "
"the problems."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A newly found Microsoft Windows vulnerability <a "
"href=\"https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/\"> "
"can allow crackers to remotely gain access to the operating system</a> and "
"install programs, view and delete data, or even create new user accounts "
"with full user rights."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The security research firm accidentally leaked instructions on how the flaw "
"could be exploited but Windows users should still wait for Microsoft to fix "
"the flaw, if they fix it."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/\">TikTok "
"apps collect biometric identifiers and biometric information from users' "
"smartphones</a>. The company behind it does whatever it wants and collects "
"whatever data it can."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/\">Apple "
"is moving its Chinese customers' iCloud data to a datacenter controlled by "
"the Chinese government</a>. Apple is already storing the encryption keys on "
"these servers, obeying Chinese authority, making all Chinese user data "
"available to the government."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A motorcycle company named Klim is selling airbag vests with different "
"payment methods, one of them is through a <a "
"href=\"https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment\">proprietary "
"subscription-based option that will block the vest from inflating if the "
"payments don't go through</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"They say there is a 30-days grace period if you miss a payment but the grace "
"period is no excuse to the insecurity."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The United States' government is reportedly considering <a "
"href=\"https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/\">teaming "
"up with private companies to monitor American citizens' private online "
"activity and digital communications</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"What creates the opportunity to try this is the fact that these companies "
"are already snooping on users' private activities. That in turn is due to "
"people's use of nonfree software which snoops, and online dis-services which "
"snoop."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A zero-day vulnerability in Zoom which <a "
"href=\"https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/\">can "
"be used to launch remote code execution (RCE) attacks</a> has been disclosed "
"by researchers. The researchers demonstrated a three-bug attack chain that "
"caused an RCE on a target machine, all this without any form of user "
"interaction."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams\">Over "
"150 thousand security cameras that used Verkada company's proprietary "
"software are cracked</a> by a major security breach. Crackers have had "
"access to security archives of various gyms, hospitals, jails, schools, and "
"police stations that have used Verkada's cameras."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a href=\"/philosophy/surveillance-vs-democracy.html\">It is injustice to "
"the public</a> for gyms, stores, hospitals, jails, and schools to hand "
"&ldquo;security&rdquo; footage to a company from which the government can "
"collect it at any time, without even telling them."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"At least 30 thousand organizations in the United States are newly &ldquo;<a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">cracked</a>&rdquo; via <a "
"href=\"https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/\">holes "
"in Microsoft's proprietary email software, named Microsoft 365</a>. It is "
"unclear whether there are other holes and vulnerabilities in the program or "
"not but history and experience tells us it wouldn't be the last disaster "
"with proprietary programs."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Researchers at the security firm SentinelOne discovered a <a "
"href=\"https://www.wired.com/story/windows-defender-vulnerability-twelve-years/\">security "
"flaw in proprietary program Microsoft Windows Defender that lurked "
"undetected for 12 years</a>. If the program was free (as in freedom), more "
"people would have had a chance to notice the problem, therefore, it could've "
"been fixed a lot sooner."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A cracker <a "
"href=\"https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom\">took "
"control of people's internet-connected chastity cages and demanded "
"ransom</a>. The chastity cages are being controlled by a proprietary app "
"(mobile program)."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(Please note that the article wrongly refers to crackers as \"<a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>\".)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Commercial crackware can <a "
"href=\"https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say\"> "
"get passwords out of an iMonster</a>, use the microphone and camera, and "
"other things."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/\"> "
"A Zoom executive carried out snooping and censorship for the Chinese "
"government</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"This abuse of Zoom's power shows how dangerous that power is. The root "
"problem is not the surveillance and censorship, but rather the power that "
"Zoom has. It gets that power partly from the use of its server, but also "
"partly from the nonfree client program."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"United States officials are facing one of biggest crackings against them in "
"years, when <a "
"href=\"https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department\">malicious "
"code was sneaked into SolarWinds' proprietary software named "
"Orion</a>. Crackers got access to networks when users downloaded a tainted "
"software update. Crackers were able to monitor internal emails at some of "
"the top agencies in the US."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Baidu apps were <a "
"href=\"https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/\"> "
"caught collecting sensitive personal data</a> that can be used for lifetime "
"tracking of users, and putting them in danger. More than 1.4 billion people "
"worldwide are affected by these proprietary apps, and users' privacy is "
"jeopardized by this surveillance tool. Data collected by Baidu may be handed "
"over to the Chinese government, possibly putting Chinese people in danger."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Some Wavelink and JetStream wifi routers have universal back doors that "
"enable unauthenticated users to remotely control not only the routers, but "
"also any devices connected to the network. There is evidence that <a "
"href=\"https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/\"> "
"this vulnerability is actively exploited</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"If you consider buying a router, we encourage you to get one that <a "
"href=\"https://ryf.fsf.org/categories/routers\">runs on free "
"software</a>. Any attempts at introducing malicious functionalities in it "
"(e.g., through a firmware update) will be detected by the community, and "
"soon corrected."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"If unfortunately you own a router that runs on proprietary software, don't "
"panic! You may be able to replace its firmware with a free operating system "
"such as <a href=\"https://librecmc.org\">libreCMC</a>. If you don't know "
"how, you can get help from a nearby GNU/Linux user group."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Apple has <a "
"href=\"https://sneak.berlin/20201112/your-computer-isnt-yours/\">implemented "
"a malware in its computers that imposes surveillance</a> on users and "
"reports users' computing to Apple."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The reports are even unencrypted and they've been leaking this data for two "
"years already. This malware is reporting to Apple what user opens what "
"program at what time. It also gives Apple power to sabotage users' "
"computing."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Samsung is forcing its smartphone users in Hong Kong (and Macau) <a "
"href=\"https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/\">to "
"use a public DNS in Mainland China</a>, using software update released in "
"September 2020, which causes many unease and privacy concerns."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"TikTok <a "
"href=\"https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html\"> "
"exploited an Android vulnerability</a> to obtain user MAC addresses."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a href=\"https://www.wired.com/story/ripple20-iot-vulnerabilities/\"> A "
"disasterous security bug</a> touches millions of products in the Internet of "
"Stings."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid "As a result, anyone can sting the user, not only the manufacturer."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The proprietary program Microsoft Teams' insecurity <a "
"href=\"https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif/\">could "
"have let a malicious GIF steal user data from Microsoft Teams accounts</a>, "
"possibly across an entire company, and taken control of &ldquo;an "
"organization's entire roster of Teams accounts.&rdquo;"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Riot Games' new anti-cheat is malware; <a "
"href=\"https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver\">runs "
"on system boot at kernel level</a> on Windows. It is insecure software that "
"increases the attack surface of the operating system."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Internet-tethered Amazon Ring had a security vulnerability that enabled "
"attackers to <a "
"href=\"https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password\"> "
"access the user's wifi password</a>, and snoop on the household through "
"connected surveillance devices."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Knowledge of the wifi password would not be sufficient to carry out any "
"significant surveillance if the devices implemented proper security, "
"including encryption. But many devices with proprietary software lack "
"this. Of course, they are also used by their manufacturers for snooping."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A series of vulnerabilities <a "
"href=\"https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/\">found "
"in iOS allowed attackers to gain access to sensitive information including "
"private messages, passwords, photos and contacts stored on the user's "
"iMonster</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The deep insecurity of iMonsters is even more pertinent given that Apple's "
"proprietary software makes users totally dependent on Apple for even a "
"modicum of security.  It also means that the devices do not even try to "
"offer security against Apple itself."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Out of 21 gratis Android antivirus apps that were tested by security "
"researchers, eight <a "
"href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> "
"failed to detect a test virus</a>. All of them asked for dangerous "
"permissions or contained advertising trackers, with seven being more risky "
"than the average of the 100 most popular Android apps."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(Note that the article refers to these proprietary apps as "
"&ldquo;free&rdquo;. It should have said &ldquo;gratis&rdquo; "
"instead.)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many Android apps can track users' movements even when the user says <a "
"href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> "
"not to allow them access to locations</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"This involves an apparently unintentional weakness in Android, exploited "
"intentionally by malicious apps."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Users caught in the jail of an iMonster are <a "
"href=\"https://boingboing.net/2019/05/15/brittle-security.html\"> sitting "
"ducks for other attackers</a>, and the app censorship prevents security "
"companies from figuring out how those attacks work."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Apple's censorship of apps is fundamentally unjust, and would be inexcusable "
"even if it didn't lead to security threats as well."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The Medtronics Conexus Telemetry Protocol has <a "
"href=\"https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> "
"two vulnerabilities that affect several models of implantable "
"defibrillators</a> and the devices they connect to."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"This protocol has been around since 2006, and similar vulnerabilities were "
"discovered in an earlier Medtronics communication protocol in "
"2008. Apparently, nothing was done by the company to correct them. This "
"means you can't rely on proprietary software developers to fix bugs in their "
"products."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The Ring doorbell camera is designed so that the manufacturer (now Amazon) "
"can watch all the time. Now it turns out that <a "
"href=\"https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> "
"anyone else can also watch, and fake videos too</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The third party vulnerability is presumably unintentional and Amazon will "
"probably fix it. However, we do not expect Amazon to change the design that "
"<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows "
"Amazon to watch</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Researchers have discovered how to <a "
"href=\"https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> "
"hide voice commands in other audio</a>, so that people cannot hear them, but "
"Alexa and Siri can."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Since the beginning of 2017, <a "
"href=\"https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled\">Android "
"phones have been collecting the addresses of nearby cellular towers</a>, "
"even when location services are disabled, and sending that data back to "
"Google."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Crackers found a way to break the security of an Amazon device, and <a "
"href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\"> turn it "
"into a listening device</a> for them."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"It was very difficult for them to do this. The job would be much easier for "
"Amazon. And if some government such as China or the US told Amazon to do "
"this, or cease to sell the product in that country, do you think Amazon "
"would have the moral fiber to say no?"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(These crackers are probably hackers too, but please <a "
"href=\"https://stallman.org/articles/on-hacking.html\"> don't use "
"&ldquo;hacking&rdquo; to mean &ldquo;breaking security&rdquo;</a>.)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Siri, Alexa, and all the other voice-control systems can be <a "
"href=\"https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> "
"hijacked by programs that play commands in ultrasound that humans can't "
"hear</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Some Samsung phones randomly <a "
"href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send "
"photos to people in the owner's contact list</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Google's ad platform enabled advertisers to <a "
"href=\"https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/\"> "
"run cryptocurrency miner code on the computers of YouTube users through "
"proprietary JavaScript</a>. Some people noticed this, and the outrage made "
"Google remove the miners, but the number of affected users was probably very "
"high."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"One of the dangers of the &ldquo;internet of stings&rdquo; is that, if you "
"lose your internet service, you also <a "
"href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> "
"lose control of your house and appliances</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"For your safety, don't use any appliance with a connection to the real "
"internet."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Intel's intentional &ldquo;management engine&rdquo; back door has <a "
"href=\"https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/\"> "
"unintended back doors</a> too."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Amazon recently invited consumers to be suckers and <a "
"href=\"https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/\"> "
"allow delivery staff to open their front doors</a>. Wouldn't you know it, "
"the system has a grave security flaw."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Bad security in some cars makes it possible to <a "
"href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937\"> "
"remotely activate the airbags</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A &ldquo;smart&rdquo; intravenous pump designed for hospitals is connected "
"to the internet. Naturally <a "
"href=\"https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/\"> "
"its security has been cracked</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(Note that this article misuses the term <a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">&ldquo;hackers&rdquo;</a> "
"referring to crackers.)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The bad security in many Internet of Stings devices allows <a "
"href=\"https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/\">ISPs "
"to snoop on the people that use them</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid "Don't be a sucker&mdash;reject all the stings."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(It is unfortunate that the article uses the term <a "
"href=\"/philosophy/words-to-avoid.html#Monetize\">&ldquo;monetize&rdquo;</a>.)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many models of Internet-connected cameras <a "
"href=\"/proprietary/proprietary-back-doors.html#InternetCameraBackDoor\"> "
"have backdoors</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"That is a malicious functionality, but in addition it is a gross insecurity "
"since anyone, including malicious crackers, <a "
"href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">can "
"find those accounts and use them to get into users' cameras</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many models of Internet-connected cameras are tremendously insecure.  They "
"have login accounts with hard-coded passwords, which can't be changed, and "
"<a "
"href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">there "
"is no way to delete these accounts either</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Intel's CPU backdoor&mdash;the Intel Management Engine&mdash;had a <a "
"href=\"https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/\">major "
"security vulnerability for 10 years</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The vulnerability allowed a cracker to access the computer's Intel Active "
"Management Technology (AMT) <a "
"href=\"https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/\"> "
"web interface with an empty password and gave administrative access</a> to "
"access the computer's keyboard, mouse, monitor among other privileges."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"It does not help that in newer Intel processors, it is impossible to turn "
"off the Intel Management Engine. Thus, even users who are proactive about "
"their security can do nothing to protect themselves besides using machines "
"that don't come with the backdoor."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The proprietary code that runs pacemakers, insulin pumps, and other medical "
"devices is <a href=\"https://www.bbc.com/news/technology-40042584\"> full of "
"gross security faults</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Conexant HD Audio Driver Package (version 1.0.0.46 and earlier)  "
"pre-installed on 28 models of HP laptops logged the user's keystroke to a "
"file in the filesystem. Any process with access to the filesystem or the "
"MapViewOfFile API could gain access to the log. Furthermore, <a "
"href=\"https://modzero.com/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html\">according "
"to modzero</a> the &ldquo;information-leak via Covert Storage Channel "
"enables malware authors to capture keystrokes without taking the risk of "
"being classified as malicious task by AV heuristics&rdquo;."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Exploits of bugs in Windows, which were developed by the NSA and then leaked "
"by the Shadowbrokers group, are now being used to <a "
"href=\"https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/\">attack "
"a great number of Windows computers with ransomware</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many Android devices <a "
"href=\"https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> "
"can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's "
"nonfree firmware."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"When Miele's Internet of Stings hospital disinfectant dishwasher is <a "
"href=\"https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> "
"connected to the Internet, its security is crap</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"For example, a cracker can gain access to the dishwasher's filesystem, "
"infect it with malware, and force the dishwasher to launch attacks on other "
"devices in the network. Since these dishwashers are used in hospitals, such "
"attacks could potentially put hundreds of lives at risk."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The CIA exploited existing vulnerabilities in &ldquo;smart&rdquo; TVs and "
"phones to design a malware that <a "
"href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> "
"spies through their microphones and cameras while making them appear to be "
"turned off</a>. Since the spyware sniffs signals, it bypasses encryption."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"&ldquo;CloudPets&rdquo; toys with microphones <a "
"href=\"https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults\"> "
"leak childrens' conversations to the manufacturer</a>. Guess what? <a "
"href=\"https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings\"> "
"Crackers found a way to access the data</a> collected by the manufacturer's "
"snooping."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"That the manufacturer and the FBI could listen to these conversations was "
"unacceptable by itself."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"If you buy a used &ldquo;smart&rdquo; car, house, TV, refrigerator, etc., "
"usually <a "
"href=\"https://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the "
"previous owners can still remotely control it</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The mobile apps for communicating <a "
"href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with "
"a smart but foolish car have very bad security</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"This is in addition to the fact that the car contains a cellular modem that "
"tells big brother all the time where it is.  If you own such a car, it would "
"be wise to disconnect the modem so as to turn off the tracking."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A cracker would be able to <a "
"href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn "
"the Oculus Rift sensors into spy cameras</a> after breaking into the "
"computer they are connected to."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<small>(Unfortunately, the article <a "
"href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to "
"crackers as &ldquo;hackers&rdquo;</a>.)</small>"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Samsung phones <a "
"href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have "
"a security hole that allows an SMS message to install ransomware</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"WhatsApp has a feature that <a "
"href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> "
"has been described as a &ldquo;back door&rdquo;</a> because it would enable "
"governments to nullify its encryption."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The developers say that it wasn't intended as a back door, and that may well "
"be true. But that leaves the crucial question of whether it functions as "
"one. Because the program is nonfree, we cannot check by studying it."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The &ldquo;smart&rdquo; toys My Friend Cayla and i-Que can be <a "
"href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely "
"controlled with a mobile phone</a>; physical access is not necessary. This "
"would enable crackers to listen in on a child's conversations, and even "
"speak into the toys themselves."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"This means a burglar could speak into the toys and ask the child to unlock "
"the front door while Mommy's not looking."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"4G LTE phone networks are drastically insecure. They can be <a "
"href=\"https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> "
"taken over by third parties and used for man-in-the-middle attacks</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Due to weak security, <a "
"href=\"https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844\">it "
"is easy to open the doors of 100 million cars built by Volkswagen</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Ransomware <a "
"href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> "
"has been developed for a thermostat that uses proprietary software</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A <a "
"href=\"https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/\">flaw "
"in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft "
"account credentials, if the user is tricked into visiting a malicious link."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">&ldquo;Deleted&rdquo; "
"WhatsApp messages are not entirely deleted</a>. They can be recovered in "
"various ways."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A half-blind security critique of a tracking app: it found that <a "
"href=\"https://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats-a1100919965/\"> "
"blatant flaws allowed anyone to snoop on a user's personal data</a>.  The "
"critique fails entirely to express concern that the app sends the personal "
"data to a server, where the <em>developer</em> gets it all.  This "
"&ldquo;service&rdquo; is for suckers!"
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The server surely has a &ldquo;privacy policy,&rdquo; and surely it is "
"worthless since nearly all of them are."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A vulnerability in Apple's Image I/O API allowed an attacker to <a "
"href=\"https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple\">execute "
"malicious code from any application which uses this API to render a certain "
"kind of image file</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A bug in a proprietary ASN.1 library, used in cell phone towers as well as "
"cell phones and routers, <a "
"href=\"https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/\">allows "
"taking control of those systems</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Antivirus programs have so many errors that <a "
"href=\"https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374\">they "
"may make security worse</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid "GNU/Linux does not need antivirus software."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Samsung's &ldquo;Smart Home&rdquo; has a big security hole; <a "
"href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> "
"unauthorized people can remotely control it</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Samsung claims that this is an &ldquo;open&rdquo; platform so the problem is "
"partly the fault of app developers. That is clearly true if the apps are "
"proprietary software."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Anything whose name is &ldquo;Smart&rdquo; is most likely going to screw "
"you."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A bug in the iThings Messages app <a "
"href=\"https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/\">allowed "
"a malicious web site to extract all the user's messaging history</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Malware was found on <a "
"href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> "
"security cameras available through Amazon</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A camera that records locally on physical media, and has no network "
"connection, does not threaten people with surveillance&mdash;neither by "
"watching people through the camera, nor through malware in the camera."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Over 70 brands of network-connected surveillance cameras have <a "
"href=\"https://web.archive.org/web/20250117130741/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> "
"security bugs that allow anyone to watch through them</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Many proprietary payment apps <a "
"href=\"https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit "
"personal data in an insecure way</a>. However, the worse aspect of these "
"apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment "
"is not anonymous</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The Nissan Leaf has a built-in cell phone modem which allows effectively "
"anyone to <a "
"href=\"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/\"> "
"access its computers remotely and make changes in various settings</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"That's easy to do because the system has no authentication when accessed "
"through the modem.  However, even if it asked for authentication, you "
"couldn't be confident that Nissan has no access.  The software in the car is "
"proprietary, <a "
"href=\"/philosophy/free-software-even-more-important.html\">which means it "
"demands blind faith from its users</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Even if no one connects to the car remotely, the cell phone modem enables "
"the phone company to track the car's movements all the time; it is possible "
"to physically remove the cell phone modem, though."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"A pacemaker running proprietary code <a "
"href=\"https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/\">was "
"misconfigured and could have killed the implanted person</a>. In order to "
"find out what was wrong and get it fixed, the person needed to break into "
"the remote device that sets parameters in the pacemaker (possibly infringing "
"upon manufacturer's rights under the DMCA). If this system had run free "
"software, it could have been fixed much sooner."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"FitBit fitness trackers have a <a "
"href=\"https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> "
"Bluetooth vulnerability</a> that allows attackers to send malware to the "
"devices, which can subsequently spread to computers and other FitBit "
"trackers that interact with them."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"&ldquo;Self-encrypting&rdquo; disk drives do the encryption with proprietary "
"firmware so you can't trust it.  Western Digital's &ldquo;My Passport&rdquo; "
"drives <a "
"href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> "
"have a back door</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Security researchers discovered a <a "
"href=\"https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text\"> "
"vulnerability in diagnostic dongles used for vehicle tracking and "
"insurance</a> that let them take remote control of a car or lorry using an "
"SMS."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Crackers were able to <a "
"href=\"https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/\"> "
"take remote control of the Jeep</a> &ldquo;connected car&rdquo;. They could "
"track the car, start or stop the engine, and activate or deactivate the "
"brakes, and more."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid "We expect that Chrysler and the NSA can do this too."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"If you own a car that contains a phone modem, it would be a good idea to "
"deactivate this."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Due to bad security in a drug pump, crackers could use it to <a "
"href=\"https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> "
"kill patients</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> "
"Many smartphone apps use insecure authentication methods when storing your "
"personal data on remote servers</a>. This leaves personal information like "
"email addresses, passwords, and health information vulnerable. Because many "
"of these apps are proprietary it makes it hard to impossible to know which "
"apps are at risk."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Hospira infusion pumps, which are used to administer drugs to a patient, "
"were rated &ldquo;<a "
"href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least "
"secure IP device I've ever seen</a>&rdquo; by a security researcher."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Depending on what drug is being infused, the insecurity could open the door "
"to murder."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Mac OS X had an <a "
"href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> "
"intentional local back door for 4 years</a>, which could be exploited by "
"attackers to gain root privileges."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"An app to prevent &ldquo;identity theft&rdquo; (access to personal data) by "
"storing users' data on a special server <a "
"href=\"https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was "
"deactivated by its developer</a> which had discovered a security flaw."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"That developer seems to be conscientious about protecting personal data from "
"third parties in general, but it can't protect that data from the state.  "
"Quite the contrary: confiding your data to someone else's server, if not "
"first encrypted by you with free software, undermines your rights."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"Lots of <a "
"href=\"https://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> "
"hospital equipment has lousy security</a>, and it can be fatal."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The <a "
"href=\"https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity "
"of WhatsApp</a> makes eavesdropping a snap."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a href=\"https://www.bunniestudios.com/blog/?p=3554\"> Some flash memories "
"have modifiable software</a>, which makes them vulnerable to viruses."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"We don't call this a &ldquo;back door&rdquo; because it is normal that you "
"can install a new system in a computer, given physical access to it.  "
"However, memory sticks and cards should not be modifiable in this way."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> "
"Point-of-sale terminals running Windows were taken over</a> and turned into "
"a botnet for the purpose of collecting customers' credit card numbers."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> "
"The NSA can tap data in smart phones, including iPhones, Android, and "
"BlackBerry</a>.  While there is not much detail here, it seems that this "
"does not operate via the universal back door that we know nearly all "
"portable phones have. It may involve exploiting various bugs.  There are <a "
"href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> "
"lots of bugs in the phones' radio software</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The "
"NSA has put back doors into nonfree encryption software</a>. We don't know "
"which ones they are, but we can be sure they include some widely used "
"systems.  This reinforces the point that you can never trust the security of "
"nonfree software."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"The FTC punished a company for making webcams with <a "
"href=\"https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> "
"bad security so that it was easy for anyone to watch through them</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a href=\"http://spritesmods.com/?art=hddhack&amp;page=6\"> Replaceable "
"nonfree software in disk drives can be written by a nonfree "
"program</a>. This makes any system vulnerable to persistent attacks that "
"normal forensics won't detect."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"It is possible to <a "
"href=\"https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> "
"kill people by taking control of medical implants by radio</a>.  More "
"information in <a href=\"https://www.bbc.com/news/technology-17631838\">BBC "
"News</a> and <a "
"href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> "
"IOActive Labs Research blog</a>."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> "
"&ldquo;Smart homes&rdquo;</a> turn out to be stupidly vulnerable to "
"intrusion."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"<a "
"href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> "
"Crackers found a way to break security on a &ldquo;smart&rdquo; TV</a> and "
"use its camera to watch the people who are watching TV."
msgstr ""

#. type: Content of: <div><div><ul><li><p>
msgid ""
"It is possible to <a "
"href=\"https://www.pcworld.com/article/495592/with_hacking_music_can_take_control_of_your_car.html\"> "
"take control of some car computers through malware in music files</a>.  Also "
"<a href=\"https://www.nytimes.com/2011/03/10/business/10hack.html\"> by "
"radio</a>. More information in <a "
"href=\"https://web.archive.org/web/20240308015157/http://www.autosec.org/faq.html\"> "
"Automotive Security And Privacy Center</a>."
msgstr ""

#. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes.
#. type: Content of: <div><div>
msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*"
msgstr ""

#. type: Content of: <div><div><p>
msgid ""
"Please send general FSF &amp; GNU inquiries to <a "
"href=\"mailto:gnu@gnu.org\">&lt;gnu@gnu.org&gt;</a>.  There are also <a "
"href=\"/contact/\">other ways to contact</a> the FSF.  Broken links and "
"other corrections or suggestions can be sent to <a "
"href=\"mailto:webmasters@gnu.org\">&lt;webmasters@gnu.org&gt;</a>."
msgstr ""

#.  TRANSLATORS: Ignore the original text in this paragraph,
#.         replace it with the translation of these two:
#
#.         We work hard and do our best to provide accurate, good quality
#.         translations.  However, we are not exempt from imperfection.
#.         Please send your comments and general suggestions in this regard
#.         to <a href="mailto:web-translators@gnu.org">
#
#.         &lt;web-translators@gnu.org&gt;</a>.</p>
#
#.         <p>For information on coordinating and contributing translations of
#.         our web pages, see <a
#.         href="/server/standards/README.translations.html">Translations
#.         README</a>. 
#. type: Content of: <div><div><p>
msgid ""
"Please see the <a "
"href=\"/server/standards/README.translations.html\">Translations README</a> "
"for information on coordinating and contributing translations of this "
"article."
msgstr ""

#. type: Content of: <div><p>
msgid "Copyright &copy; 2013, 2015-2025 Free Software Foundation, Inc."
msgstr ""

#. type: Content of: <div><p>
msgid ""
"This page is licensed under a <a rel=\"license\" "
"href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons "
"Attribution 4.0 International License</a>."
msgstr ""

#. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits.
#. type: Content of: <div><div>
msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*"
msgstr ""

#.  timestamp start 
#. type: Content of: <div><p>
msgid "Updated:"
msgstr ""