<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Surveillance - GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<style type="text/css" media="screen,print"><!--
.pict {
width: 18em;
margin: 2em auto;
}
.pict p {
font-size: .9em;
}
@media (min-width: 46em) {
.pict {
width: 18em;
float: right;
margin: .3em 0 1em 2em;
}
}
--></style>
<!-- GNUN: localize URL /graphics/dog.small.jpg -->
<!--#include virtual="/proprietary/po/proprietary-surveillance.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="32"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="24"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
By type /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Proprietary Surveillance</h2>
<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>
<div id="surveillance" class="pict">
<a href="/graphics/dog.html">
<img src="/graphics/dog.small.jpg" alt="Cartoon of a dog, wondering at the three ads that popped up on his computer screen..." /></a>
<p>“How did they find out I'm a dog?”</p>
</div>
<div class="article">
<p>A common malicious functionality is to snoop on the user. This page
records <strong>clearly established cases of proprietary software that
spies on or tracks users</strong>. Manufacturers even refuse
to <a href="https://techcrunch.com/2018/10/19/smart-home-devices-hoard-data-government-demands/">say
whether they snoop on users for the state</a>.</p>
<p>All appliances and applications that are tethered to a specific
server are snoopers by nature. We do not list them here because they
have their own page: <a
href="/proprietary/proprietary-tethers.html#about-page">Proprietary
Tethers</a>.</p>
<p>There is a similar site named <a href="https://spyware.neocities.org">Spyware Watchdog</a> that classifies spyware programs, so that users can be more aware that they are installing spyware.</p>
<div class="important" style="clear: both">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>
<div id="TOC" class="toc-inline">
<h3 id="TableOfContents">Table of Contents</h3>
<h4><a href="#Introduction">Introduction</a></h4>
<h4><a href="#OSSpyware">Spyware in Laptops and Desktops</a></h4>
<ul>
<li><a href="#SpywareInWindows">Windows</a></li>
<li><a href="#SpywareInMacOS">MacOS</a></li>
<li><a href="#SpywareInBIOS">BIOS</a></li>
</ul>
<h4><a href="#SpywareOnMobiles">Spyware on Mobiles</a></h4>
<ul>
<li><a href="#SpywareInTelephones">All “Smart” Phones</a></li>
<li><a href="#SpywareIniThings">iThings</a></li>
<li><a href="#SpywareInAndroid">Android Telephones</a></li>
<li><a href="#SpywareInElectronicReaders">E-Readers</a></li>
</ul>
<h4><a href="#SpywareInApplications">Spyware in Applications</a></h4>
<ul>
<li><a href="#SpywareInDesktopApps">Desktop Apps</a></li>
<li><a href="#SpywareInMobileApps">Mobile Apps</a></li>
<li><a href="#SpywareInSkype">Skype</a></li>
<li><a href="#SpywareInGames">Games</a></li>
</ul>
<h4><a href="#SpywareInEquipment">Spyware in Connected Equipment</a></h4>
<ul>
<li><a href="#SpywareInTVSets">TV Sets</a></li>
<li><a href="#SpywareInCameras">Cameras</a></li>
<li><a href="#SpywareInToys">Toys</a></li>
<li><a href="#SpywareInDrones">Drones</a></li>
<li><a href="#SpywareAtHome">Other Appliances</a></li>
<li><a href="#SpywareOnWearables">Wearables</a>
<ul>
<li><a href="#SpywareOnSmartWatches">“Smart” Watches</a></li>
</ul>
</li>
<li><a href="#SpywareInVehicles">Vehicles</a></li>
<li><a href="#SpywareInVR">Virtual Reality</a></li>
</ul>
<h4><a href="#SpywareOnTheWeb">Spyware on the Web</a></h4>
<ul>
<li><a href="#SpywareInChrome">Chrome</a></li>
<li><a href="#SpywareInJavaScript">JavaScript</a></li>
<li><a href="#SpywareInFlash">Flash</a></li>
</ul>
<h4><a href="#SpywareInNetworks">Spyware in Networks</a></h4>
</div>
<div class="big-section">
<h3 id="Introduction">Introduction</h3>
</div>
<div style="clear: left;"></div>
<p>For decades, the Free Software movement has been denouncing the
abusive surveillance machine of
<a href="/proprietary/proprietary.html">proprietary software</a>
companies such as
<a href="/proprietary/malware-microsoft.html">Microsoft</a>
and
<a href="/proprietary/malware-apple.html">Apple</a>.
In the recent years, this tendency to watch people has spread across
industries, not only in the software business, but also in the
hardware. Moreover, it also spread dramatically away from the
keyboard, in the mobile computing industry, in the office,
at home, <a
href="https://www.theguardian.com/world/2023/sep/07/uk-owners-of-smart-home-devices-being-asked-for-swathes-of-personal-data">
home</a>, in transportation systems, and in the classroom.</p>
<h4 id="AggregateInfoCollection">Aggregate or anonymized data</h4>
<p>Many companies, in their privacy policy, have a clause that claims
they share aggregate, non-personally identifiable information with
third parties/partners. Such claims are worthless, for several
reasons:</p>
<ul>
<li>They could change the policy at any time.</li>
<li>They can twist the words by distributing an “aggregate” of
“anonymized” data which can be reidentified and attributed to
individuals.</li>
<li>The raw data they don't normally distribute can be taken by
data breaches.</li>
<li>The raw data they don't normally distribute can be taken by
subpoena.</li>
</ul>
<p>Therefore, we must not be distracted by companies' statements of
what they will <em>do</em> with the data they collect. The wrong is that
they collect it at all.</p>
<h4 id="LatestAdditions">Latest additions</h4>
<p>Entries in each category are in reverse chronological order, based
on the dates of publication of linked articles.
The latest additions are listed on the <a
href="/proprietary/proprietary.html#latest">main page</a> of the
Malware section.</p>
<div class="big-section">
<h3 id="OSSpyware">Spyware in Laptops and Desktops</h3>
<span class="anchor-reference-id">(<a href="#OSSpyware">#OSSpyware</a>)</span>
</div>
<div style="clear: left;"></div>
<div class="big-subsection">
<h4 id="SpywareInWindows">Windows</h4>
<span class="anchor-reference-id">(<a href="#SpywareInWindows">#SpywareInWindows</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202503280">
<!--#set var="DATE" value='<small class="date-tag">2025-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://arstechnica.com/gadgets/2025/03/new-windows-11-build-makes-mandatory-microsoft-account-sign-in-even-more-mandatory/">
tightening the chains that force Windows useds to sign into their
Microsoft account</a> [*], thus identifying themselves. We suspect this
is an intentional strategy to avoid inspiring a lot of resistance
all at once: leave openings to escape identification, then gradually
close them.</p>
<p>Enough is enough!</p>
<p>[*] <small>Why “useds”? Because running Windows is
not you using Windows; it is Windows using you.</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202407300">
<!--#set var="DATE" value='<small class="date-tag">2024-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In its default configuration, Windows 11 now <a
href="https://www.zdnet.com/article/windows-11-now-turns-on-onedrive-folder-backup-without-your-permission/">
uploads users' files and personal information to Microsoft's
“cloud”</a> without asking permission to do so. This is
presented as a convenient backup method, but if the allotted storage
capacity is exceeded, the user will need to buy more space, increasing
Microsoft's profit.</p>
<p>However, this small profit is probably not the company's major
reason for making cloud storage the default. Here is an excerpt
from the <a href="https://www.microsoft.com/en-US/servicesagreement">
Microsoft Services agreement</a> (Section 2b):</p>
<blockquote><p><i>To the extent necessary to provide the Services to
you and others, to protect you and the Services, and to improve
Microsoft products and services, you grant to Microsoft a worldwide
and royalty-free intellectual property license to use Your Content,
for example, to make copies of, retain, transmit, reformat,
display, and distribute via communication tools Your Content on the
Services.</i></p></blockquote>
<p>We strongly suspect that the backed-up material is used to feed
Microsoft's greedy “AI.” In addition, it is most likely
analysed to better profile users in order to flood them with targeted
ads, thereby generating more profit.</p>
<p>Users, on the other hand, are at the mercy of any
entity that demands their data, let alone of any cracker
that breaks into Microsoft's servers. They <em>must</em>
escape from this sick environment, and install a sane <a
href="https://www.gnu.org/distros/free-distros.html"> free/libre
system</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202302080">
<!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As soon as it boots, and without asking any permission, <a
href="https://web.archive.org/web/20230212120649/https://www.techspot.com/news/97535-windows-11-spyware-machine-out-users-control.html">Windows
11 starts to send data to online servers</a>. The user's personal
details, location or hardware information are reported to Microsoft and
other companies to be used as telemetry data. All of this is done is
the background, and users have no easy way to prevent it—unless
they switch the computer offline.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202301190">
<!--#set var="DATE" value='<small class="date-tag">2023-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/">
released an “update” that installs a surveillance
program</a> on users' computers to gather data on some installed
programs for Microsoft's benefit. The update is rolling out
automatically, and the program runs “one time silently.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202209220">
<!--#set var="DATE" value='<small class="date-tag">2022-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 11 Home and Pro now <a
href="https://www.microsoft.com/windows/windows-11-specifications">
require internet connection and a Microsoft account</a> to
complete the installation. Windows 11 Pro had an option to create
a local account instead, but the option has been removed. This
account can (and most certainly will) be used for surveillance
and privacy violations. Thankfully, a free software tool named <a
href="https://gothub.projectsegfau.lt/pbatard/rufus/">Rufus</a> can bypass those
requirements, or help users install a <a href="/distros/distros.html">
free operating system</a> instead.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912160">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation/">tricking
users to create an account on their network</a> to be able to install
and use the Windows operating system, which is malware. The account can
be used for surveillance and/or violating people's rights in many ways,
such as turning their purchased software to a subscription product.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201712110">
<!--#set var="DATE" value='<small class="date-tag">2017-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>HP's proprietary operating system <a
href="http://www.bbc.com/news/technology-42309371">includes
href="https://www.bbc.com/news/technology-42309371">includes a
proprietary keyboard driver with a key logger in it</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201710134">
<!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 telemetry program sends information to Microsoft about
the user's computer and their use of the computer.</p>
<p>Furthermore, for users who installed the
fourth stable build of Windows 10, called the
“Creators Update,” Windows maximized the surveillance <a
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law">
href="https://arstechnica.com/gadgets/2017/10/dutch-privacy-regulator-says-that-windows-10-breaks-the-law/">
by force setting the telemetry mode to “Full”</a>.</p>
<p>The <a
href="https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#full-level">
“Full” telemetry mode</a> allows Microsoft Windows
engineers to access, among other things, registry keys <a
href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc939702(v=technet.10)">
which can contain sensitive information like administrator's login
password</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201702020">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>DRM-restricted files can be used to <a
href="https://yro.slashdot.org/story/17/02/02/231229/windows-drm-protected-files-used-to-decloak-tor-browser-users">
identify people browsing through Tor</a>. The vulnerability exists
only if you use Windows.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201611240">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>By default, Windows 10 <a
href="http://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties">sends
href="https://betanews.com/2016/11/24/microsoft-shares-windows-10-telemetry-data-with-third-parties/">sends
debugging information to Microsoft, including core dumps</a>. Microsoft
now distributes them to another company.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201608170.1">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In order to increase Windows 10's install base, Microsoft <a class="not-a-duplicate"
href="https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive">
blatantly disregards user choice and privacy</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201603170">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://duo.com/blog/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
href="https://duo.com/decipher/bring-your-own-dilemma-oem-laptops-and-windows-10-security">
Windows 10 comes with 13 screens of snooping options</a>, all enabled
by default, and turning them off would be daunting to most users.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201601050">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>It appears <a
href="http://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
href="https://www.ghacks.net/2016/01/05/microsoft-may-be-collecting-more-data-than-initially-thought/">
Windows 10 sends data to Microsoft about what applications are
running</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201512280">
<!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has <a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
backdoored its disk encryption</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511264">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A downgrade to Windows 10 deleted surveillance-detection
applications. Then another downgrade inserted a general spying
program. Users noticed this and complained, so Microsoft renamed it <a
href="https://www.theregister.co.uk/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
href="https://www.theregister.com/2015/11/26/microsoft_renamed_data_slurper_reinserted_windows_10/">
to give users the impression it was gone</a>.</p>
<p>To use proprietary software is to invite such treatment.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201508180">
<!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20150905163414/http://www.pocket-lint.com/news/134954-cortana-is-always-listening-with-new-wake-on-voice-tech-even-when-windows-10-is-sleeping">
Intel devices will be able to listen for speech all the time, even
when “off.”</a></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201508130">
<!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
href="https://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/">
Windows 10 sends identifiable information to Microsoft</a>, even if
a user turns off its Bing search and Cortana features, and activates
the privacy-protection settings.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201507300">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows 10 <a
href="https://web.archive.org/web/20180923125732/https://jonathan.porta.codes/2015/07/30/windows-10-seems-to-have-some-scary-privacy-defaults/">
ships with default settings that show no regard for the privacy of
its users</a>, giving Microsoft the “right” to snoop on
the users' files, text input, voice input, location info, contacts,
calendar records and web browsing history, as well as automatically
connecting the machines to open hotspots and showing targeted ads.</p>
<p>We can suppose Microsoft looks at users' files for the US government
on demand, though the “privacy policy” does not explicitly
say so. Will it look at users' files for the Chinese government
on demand?</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201506170">
<!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft uses Windows 10's “privacy policy”
to overtly impose a “right” to look at
users' files at any time. Windows 10 full disk encryption <a
href="https://edri.org/our-work/microsofts-new-small-print-how-your-personal-data-abused/">
gives Microsoft a key</a>.</p>
<p>Thus, Windows is overt malware in regard to surveillance, as in
other issues.</p>
<p>The unique “advertising ID” for each user enables
other companies to track the browsing of each specific user.</p>
<p>It's as if Microsoft has deliberately chosen to make Windows 10
maximally evil on every dimension; to make a grab for total power
over anyone that doesn't drop Windows now.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201410040">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>It only gets worse with time. <a
href="http://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
href="https://www.techworm.net/2014/10/microsofts-windows-10-permission-watch-every-move.html">
Windows 10 requires users to give permission for total snooping</a>,
including their files, their commands, their text input, and their
voice input.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201405140">
<!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
Microsoft SkyDrive allows the NSA to directly examine users'
data</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201401150">
<!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="baidu-ime"><a
href="https://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
href="https://web.archive.org/web/20140219183154/http://www.techrepublic.com/blog/asian-technology/japanese-government-warns-baidu-ime-is-spying-on-users/">
Baidu's Japanese-input and Chinese-input apps spy on users</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201307080">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in older versions of Windows: <a
href="https://www.theregister.co.uk/2003/02/28/windows_update_keeps_tabs/">
href="https://www.theregister.com/2003/02/28/windows_update_keeps_tabs/">
Windows Update snoops on the user</a>. <a
href="https://www.infoworld.com/article/2611451/a-look-at-the-black-underbelly-of-windows-8-1--blue-.html">
Windows 8.1 snoops on local searches</a>. And there's a <a
href="http://www.marketoracle.co.uk/Article40836.html"> secret NSA
key in Windows</a>, whose functions we don't know.</p>
</li>
</ul>
<p>Microsoft's snooping on users did not start with Windows 10.
There's a lot more <a href="/proprietary/malware-microsoft.html">
Microsoft malware</a>.</p>
<div class="big-subsection">
<h4 id="SpywareInMacOS">MacOS</h4>
<span class="anchor-reference-id">(<a href="#SpywareInMacOS">#SpywareInMacOS</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202011120">
<!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple has <a
href="https://sneak.berlin/20201112/your-computer-isnt-yours">implemented
href="https://sneak.berlin/20201112/your-computer-isnt-yours/">implemented
a malware in its computers that imposes surveillance</a> on users
and reports users' computing to Apple.</p>
<p>The reports are even unencrypted and they've been leaking this
data for two years already. This malware is reporting to Apple what
user opens what program at what time. It also gives Apple
power to sabotage users' computing.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201809070">
<!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Adware Doctor, an ad blocker for MacOS, <a
href="https://www.vice.com/en/article/wjye8x/mac-anti-adware-doctor-app-steals-browsing-history">reports
the user's browsing history</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201411040">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple has made various <a
href="http://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
href="https://www.theguardian.com/technology/2014/nov/04/apple-data-privacy-icloud">
MacOS programs send files to Apple servers without asking
permission</a>. This exposes the files to Big Brother and perhaps
to other snoops.</p>
<p>It also demonstrates how you can't trust proprietary software,
because even if today's version doesn't have a malicious functionality,
tomorrow's version might add it. The developer won't remove the
malfeature unless many users push back hard, and the users can't
remove it themselves.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201410300">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p> MacOS automatically <a
href="https://web.archive.org/web/20170831144456/https://www.washingtonpost.com/news/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/">
sends to Apple servers unsaved documents being edited</a>. The
things you have not decided to save are <a
href="https://www.schneier.com/blog/archives/2014/10/apple_copies_yo.html?utm_source=twitterfeed&utm_medium=twitter/">
even more sensitive</a> than the things you have stored in files.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201410220">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple admits the <a
href="http://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
href="https://www.intego.com/mac-security-blog/spotlight-suggestions-in-os-x-yosemite-and-ios-are-you-staying-private/">
spying in a search facility</a>, but there's a lot <a
href="https://github.com/fix-macosx/yosemite-phone-home">
href="https://gothub.projectsegfau.lt/fix-macosx/yosemite-phone-home/"> more snooping
that Apple has not talked about</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201410200">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Various operations in <a
href="http://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
href="https://lifehacker.com/safari-and-spotlight-can-send-data-to-apple-heres-how-1648453540">
the latest MacOS send reports to Apple</a> servers.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201401100.1">
<!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
Spotlight search</a> sends users' search terms to Apple.</p>
</li>
</ul>
<p>There's a lot more <a href="#SpywareIniThings">iThing spyware</a>, and
<a href="/proprietary/malware-apple.html">Apple malware</a>.</p>
<div class="big-subsection">
<span id="SpywareAtLowLevel"></span>
<h4 id="SpywareInBIOS">BIOS</h4>
<span class="anchor-reference-id">(<a href="#SpywareInBIOS">#SpywareInBIOS</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201509220">
<!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.computerworld.com/article/2984889/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html">
Lenovo stealthily installed crapware and spyware via
BIOS</a> on Windows installs. Note that the specific
sabotage method Lenovo used did not affect GNU/Linux; also, a
“clean” Windows install is not really clean since <a
href="/proprietary/malware-microsoft.html">Microsoft puts in its
own malware</a>.</p>
</li>
</ul>
<div class="big-section">
<h3 id="SpywareOnMobiles">Spyware on Mobiles</h3>
<span class="anchor-reference-id">(<a href="#SpywareOnMobiles">#SpywareOnMobiles</a>)</span>
</div>
<div style="clear: left;"></div>
<div class="big-subsection">
<h4 id="SpywareInTelephones">All “Smart” Phones</h4>
<span class="anchor-reference-id">(<a href="#SpywareInTelephones">#SpywareInTelephones</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202106250">
<!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.elsalvador.com/eldiariodehoy/app-chivo-bitcoin-pone-en-riesgo-datos-personales-de-usuarios/852310/2021/">El
Salvador Dictatorship's Chivo wallet is spyware</a>, it's a
proprietary program that breaks users' freedom and spies on people;
demands personal data such as the national ID number and does face
recognition, and it is bad security for its data. It also asks for
almost every malware permission in people's smartphones.</p>
<p>The article criticizes it for faults in “data
protection”, though <a
href="/philosophy/surveillance-vs-democracy.html">“data protection”
is the wrong approach to privacy anyway</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202106170">
<!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.theguardian.com/technology/2021/jun/17/nine-out-of-10-health-apps-harvest-user-data-global-study-shows">Almost
all proprietary health apps harvest users' data</a>, including
sensitive health information, tracking identifiers, and cookies to
track user activities. Some of these applications are tracking users
across different platforms.</p>
</li>
<li id="M202102200">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The proprietary program Clubhouse
is malware and a privacy disaster. Clubhouse <a
href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects
people's personal data such as recordings of people's
conversations</a>, and, as a secondary problem, does
<!-- Copied from workshop/mal.rec. Do not encrypt them,
which shows a bad security part of the issue.</p>
<p>A user's unique Clubhouse ID number and chatroom ID are transmitted edit in plaintext, and Agora (the company behind the app) would likely
have access to users' raw audio, potentially providing access to
the Chinese government.</p>
<p>Even with good security of data transmission, collecting personal
data of people is wrong and a violation of people's privacy rights.</p>
</li> proprietary-surveillance.html. -->
<li id="M202101080">
<!--#set var="DATE" value='<small class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As of 2021, WhatsApp (one of Facebook's subsidiaries) is <a
href="https://www.forbes.com/sites/carlypage/2021/01/08/whatsapp-tells-users-share-your-data-with-facebook-or-well-deactivate-your-account/">forcing
its users to hand over sensitive personal data</a> to its parent
company. This increases Facebook's power over users, and further
jeopardizes people's privacy and security.</p>
<p>Instead of WhatsApp you can use <a
href="https://directory.fsf.org/wiki/Jami">GNU Jami</a>, which is
free software and will not collect your data.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202006260">
<!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Most apps are malware, but
Trump's campaign app, like Modi's campaign app, is <a
href="https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/">
especially nasty malware, helping companies snoop on users as well
as snooping on them itself</a>.</p>
<p>The article says that Biden's app has a less manipulative overall
approach, but that does not tell us whether it has functionalities we
consider malicious, such as sending data the user has not explicitly
asked to send.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201809121">
<!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tiny Lab Productions, along with online ad businesses run
by Google, Twitter and three other companies are facing a lawsuit <a
href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for
violating people's privacy by collecting their data from mobile games
and handing over these data to other companies/advertisers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201601110">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The natural extension of monitoring
people through “their” phones is <a
href="http://www.northwestern.edu/newscenter/stories/2016/01/fool-activity-tracker.html">
href="https://news.northwestern.edu/stories/2016/01/fool-activity-tracker">
proprietary software to make sure they can't “fool”
the monitoring</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201510050">
<!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>According to Edward Snowden, <a
href="http://www.bbc.com/news/uk-34444233">agencies
href="https://www.bbc.com/news/uk-34444233">agencies can take over
smartphones</a> by sending hidden text messages which enable
them to turn the phones on and off, listen to the microphone,
retrieve geo-location data from the GPS, take photographs, read
text messages, read call, location and web browsing history, and
read the contact list. This malware is designed to disguise itself
from investigation.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201311120">
<!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
The NSA can tap data in smart phones, including iPhones,
Android, and BlackBerry</a>. While there is not much
detail here, it seems that this does not operate via
the universal back door that we know nearly all portable
phones have. It may involve exploiting various bugs. There are <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/">
lots of bugs in the phones' radio software</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201307000">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Portable phones with GPS <a
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
href="https://www.aclu.org/issues/privacy-technology/location-tracking/you-are-being-tracked">
will send their GPS location on remote command, and users cannot stop
them</a>. (The US says it will eventually require all new portable phones
to have GPS.)</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareIniThings">iThings</h4>
<span class="anchor-reference-id">(<a href="#SpywareIniThings">#SpywareIniThings</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202211140">
<!--#set var="DATE" value='<small class="date-tag">2022-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20230101185726/https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558">
The iMonster app store client programs collect many kinds of data</a>
about the user's actions and private communications. “Do not
track” options are available, but tracking doesn't stop if
the user activates them: Apple keeps on collecting data for itself,
although it claims not to send it to third parties.</p>
<p><a
href="https://www.theregister.com/2022/11/14/apple_data_collection_lawsuit/">
Apple is being sued</a> for that.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202105240">
<!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/">Apple
is moving its Chinese customers' iCloud data to a datacenter controlled
by the Chinese government</a>. Apple is already storing the encryption
keys on these servers, obeying Chinese authority, making all Chinese
user data available to the government.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202009183">
<!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook <a
href="https://www.dailymail.co.uk/news/article-8747541/Facebook-accused-watching-Instagram-users-mobile-cameras.html">snoops
on Instagram</a> users by surreptitously turning on the device's
camera.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202004200">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple whistleblower Thomas Le Bonniec reports that Apple
made a practice of surreptitiously activating the Siri software to <a
href="https://www.politico.eu/wp-content/uploads/2020/05/Public-Statement-Siri-recordings-TLB.pdf">
record users' conversations when they had not activated Siri</a>.
This was not just occasional, it was systematic practice.</p>
<p>His job was to listen to these recordings, in a group that made
transcripts of them. He does not believes that Apple has ceased this
practice.</p>
<p>The only reliable way to prevent this is, for the program that
controls access to the microphone to decide when the user has
“activated” any service, to be free software, and the
operating system under it free as well. This way, users could make
sure Apple can't listen to them.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201910131">
<!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Safari occasionally <a
href="https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/">
sends browsing data from Apple devices in China to the Tencent Safe
Browsing service</a>, to check URLs that possibly correspond to
“fraudulent” websites. Since Tencent collaborates
with the Chinese government, its Safe Browsing black list most certainly
contains the websites of political opponents. By linking the requests
originating from single IP addresses, the government can identify
dissenters in China and Hong Kong, thus endangering their lives.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201905280">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In spite of Apple's supposed commitment to
privacy, iPhone apps contain trackers that are busy at night <a
href="https://www.oregonlive.com/opinion/2019/05/its-3-am-do-you-know-who-your-iphone-is-talking-to.html">
sending users' personal information to third parties</a>.</p>
<p>The article mentions specific examples: Microsoft OneDrive,
Intuit's Mint, Nike, Spotify, The Washington Post, The Weather
Channel (owned by IBM), the crime-alert service Citizen, Yelp
and DoorDash. But it is likely that most nonfree apps contain
trackers. Some of these send personally identifying data such as phone
fingerprint, exact location, email address, phone number or even
delivery address (in the case of DoorDash). Once this information
is collected by the company, there is no telling what it will be
used for.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711250">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The DMCA and the EU Copyright Directive make it <a
href="https://boingboing.net/2017/11/25/la-la-la-cant-hear-you.html">
illegal to study how iOS cr…apps spy on users</a>, because
this would require circumventing the iOS DRM.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201709210">
<!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In the latest iThings system,
“turning off” WiFi and Bluetooth the obvious way <a
href="https://www.theguardian.com/technology/2017/sep/21/ios-11-apple-toggling-wifi-bluetooth-control-centre-doesnt-turn-them-off">
doesn't really turn them off</a>. A more advanced way really does turn
them off—only until 5am. That's Apple for you—“We
know you want to be spied on”.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201702150">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple proposes <a
href="https://www.theguardian.com/technology/2017/feb/15/apple-removing-iphone-home-button-fingerprint-scanning-screen">a
fingerprint-scanning touch screen</a>—which would mean no way
to use it without having your fingerprints taken. Users would have
no way to tell whether the phone is snooping on them.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201611170">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>iPhones <a
href="https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/">send
lots of personal data to Apple's servers</a>. Big Brother can get
them from there.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201609280">
<!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The iMessage app on iThings <a
href="https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/">tells
a server every phone number that the user types into it</a>; the
server records these numbers for at least 30 days.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201509240">
<!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>iThings automatically upload to Apple's servers all the photos
and videos they make.</p>
<blockquote><p> iCloud Photo Library stores every photo and video you
take, and keeps them up to date on all your devices. Any edits you
make are automatically updated everywhere. […] </p></blockquote>
<p>(From <a href="https://www.apple.com/icloud/photos/">Apple's href="https://web.archive.org/web/20150921152044/https://www.apple.com/icloud/photos/">Apple's iCloud
information</a> as accessed on 24 Sep 2015.) The iCloud feature is
<a href="https://support.apple.com/en-us/HT202033">activated by the
startup of iOS</a>. The term “cloud” means “please
don't ask where.”</p>
<p>There is a way to
<a href="https://support.apple.com/en-us/HT201104"> deactivate
iCloud</a>, but it's active by default so it still counts as a
surveillance functionality.</p>
<p>Unknown people apparently took advantage of this to <a
href="https://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence">get
nude photos of many celebrities</a>. They needed to break Apple's
security to get at them, but NSA can access any of them through <a
href="/philosophy/surveillance-vs-democracy.html#digitalcash">PRISM</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201409220">
<!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
href="https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
remotely extract some data from iPhones for the state</a>.</p>
<p>This may have improved with <a
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
href="https://theintercept.com/2014/09/22/apple-data/">
not as much as Apple claims</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201407230">
<!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
href="https://www.theguardian.com/technology/2014/jul/23/iphone-backdoors-surveillance-forensic-services">
Several “features” of iOS seem to exist
for no possible purpose other than surveillance</a>. Here is the <a
href="http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms_Moved.pdf">
Technical presentation</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201401100">
<!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The <a class="not-a-duplicate"
href="http://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
href="https://finance.yahoo.com/blogs/the-exchange/privacy-advocates-worry-over-new-apple-iphone-tracking-feature-161836223.html">
iBeacon</a> lets stores determine exactly where the iThing is, and
get other info too.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201312300">
<!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
href="https://web.archive.org/web/20190924053515/https://www.zerohedge.com/news/2013-12-30/how-nsa-hacks-your-iphone-presenting-dropout-jeep">
Either Apple helps the NSA snoop on all the data in an iThing, or it
is totally incompetent</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201308080">
<!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The iThing also <a
href="https://www.theregister.co.uk/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
href="https://www.theregister.com/2013/08/08/ios7_tracking_now_its_a_favourite_feature/">
tells Apple its geolocation</a> by default, though that can be
turned off.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201210170">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>There is also a feature for web sites to track users, which is <a
href="http://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
href="https://nakedsecurity.sophos.com/2012/10/17/how-to-disable-apple-ios-user-tracking-ios-6/">
enabled by default</a>. (That article talks about iOS 6, but it is
still true in iOS 7.)</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201204280">
<!--#set var="DATE" value='<small class="date-tag">2012-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Users cannot make an Apple ID (<a
href="https://apple.stackexchange.com/questions/49951/how-can-i-download-free-apps-without-registering-an-apple-id">necessary
to install even gratis apps</a>) without giving a valid
email address and receiving the verification code Apple sends
to it.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInAndroid">Android Telephones</h4>
<span class="anchor-reference-id">(<a href="#SpywareInAndroid">#SpywareInAndroid</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202411040">
<!--#set var="DATE" value='<small class="date-tag">2024-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Pixel 9 “smart”phone <a
href="https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/">
frequently updates Google servers with its location and current
configuration</a> along with personally identifiable data, raising
concerns about user privacy. Moreover, it communicates
with services that are not in use, and periodically attempts to
download experimental, possibly insecure software. The system does
not inform the user that it is doing all this.</p>
<p>There is hope, however: it is possible to <a
href="https://doc.e.foundation/devices"> replace the original Android
operating system with a deGoogled version</a> in Pixel phones up to
8a, and in phones from many other brands. No doubt that the Pixel 9
will be supported soon.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202012070">
<!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Baidu apps were <a
href="https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/">
caught collecting sensitive personal data</a> that can be used for
lifetime tracking of users, and putting them in danger. More than 1.4
billion people worldwide are affected by these proprietary apps, and
users' privacy is jeopardized by this surveillance tool. Data collected
by Baidu may be handed over to the Chinese government, possibly
putting Chinese people in danger.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202010120">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Samsung is forcing its smartphone users in Hong Kong (and Macau) <a
href="https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
href="https://web.archive.org/web/20240606175013/https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/">to
use a public DNS in Mainland China</a>, using software update released
in September 2020, which causes many unease and privacy concerns.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202004300">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Xiaomi phones <a
href="https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/">report
many actions the user takes</a>: starting an app, looking at a folder,
visiting a website, listening to a song. They send device identifying
information too.</p>
<p>Other nonfree programs snoop too. For instance, Spotify and
other streaming dis-services make a dossier about each user, and <a
href="/malware/proprietary-surveillance.html#M201508210"> they make
users identify themselves to pay</a>. Out, out, damned Spotify!</p>
<p>Forbes exonerates the same wrongs when the culprits are not Chinese,
but we condemn this no matter who does it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201812060">
<!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook's app got “consent” to <a
href="https://www.theguardian.com/technology/2018/dec/06/facebook-emails-reveal-discussions-over-call-log-consent">
upload call logs automatically from Android phones</a> while disguising
what the “consent” was for.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201811230">
<!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>An Android phone was observed to track location even while
in airplane mode. It didn't send the location data while in
airplane mode. Instead, <a
href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/">
it saved up the data, and sent them all later</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711210">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Android tracks location for Google <a
href="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">
href="https://www.techdirt.com/2017/11/21/investigation-finds-google-collected-location-data-even-with-location-services-turned-off/">
even when “location services” are turned off, even when
the phone has no SIM card</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201611150">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some portable phones <a
href="http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
href="https://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html">are
sold with spyware sending lots of data to China</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201609140">
<!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Play (a component of Android) <a
href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg">
tracks the users' movements without their permission</a>.</p>
<p>Even if you disable Google Maps and location tracking, you must
disable Google Play itself to completely stop the tracking. This is
yet another example of nonfree software pretending to obey the user,
when it's actually doing something else. Such a thing would be almost
unthinkable with free software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201507030">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Samsung phones come with <a
href="http://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
href="https://arstechnica.com/gadgets/2015/07/samsung-sued-for-loading-devices-with-unremovable-crapware-in-china/">apps
that users can't delete</a>, and they send so much data that their
transmission is a substantial expense for users. Said transmission,
not wanted or requested by the user, clearly must constitute spying
of some kind.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201403120">
<!--#set var="DATE" value='<small class="date-tag">2014-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="/proprietary/proprietary-back-doors.html#samsung">
Samsung's back door</a> provides access to any file on the system.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201308010">
<!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in Android phones (and Windows? laptops): The Wall Street
Journal (in an article blocked from us by a paywall) reports that <a
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
href="https://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
the FBI can remotely activate the GPS and microphone in Android phones
and laptops</a> (presumably Windows laptops). Here is <a
href="http://cryptome.org/2013/08/fbi-hackers.htm">more
href="https://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201307280">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware is present in some Android devices when they are
sold. Some Motorola phones, made when this company was owned
by Google, use a modified version of Android that <a
href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
sends personal data to Motorola</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201307250">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A Motorola phone <a
href="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/">
listens for voice all the time</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201302150">
<!--#set var="DATE" value='<small class="date-tag">2013-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Play intentionally sends app developers <a
href="http://gadgets.ndtv.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
href="https://gadgets360.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116">
the personal details of users that install the app</a>.</p>
<p>Merely asking the “consent” of users is not enough to
legitimize actions like this. At this point, most users have stopped
reading the “Terms and Conditions” that spell out what
they are “consenting” to. Google should clearly and
honestly identify the information it collects on users, instead of
hiding it in an obscurely worded EULA.</p>
<p>However, to truly protect people's privacy, we must prevent Google
and other companies from getting this personal information in the
first place!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201111170">
<!--#set var="DATE" value='<small class="date-tag">2011-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some manufacturers add a <a
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
href="https://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
hidden general surveillance package such as Carrier IQ</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInElectronicReaders">E-Readers</h4>
<span class="anchor-reference-id">(<a href="#SpywareInElectronicReaders">#SpywareInElectronicReaders</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201603080">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>E-books can contain JavaScript code, and <a
href="http://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
href="https://www.theguardian.com/books/2016/mar/08/men-make-up-their-minds-about-books-faster-than-women-study-finds">
sometimes this code snoops on readers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201410080">
<!--#set var="DATE" value='<small class="date-tag">2014-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Adobe made “Digital Editions,”
the e-reader used by most US libraries, <a
href="https://web.archive.org/web/20141220181015/http://www.computerworlduk.com/blogs/open-enterprise/drm-strikes-again-3575860/">
send lots of data to Adobe</a>. Adobe's “excuse”: it's
needed to check DRM!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201212030">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in many e-readers—not only the Kindle: <a
href="https://www.eff.org/pages/reader-privacy-chart-2012"> they
report even which page the user reads at what time</a>.</p>
</li>
</ul>
<div class="big-section">
<h3 id="SpywareInApplications">Spyware in Applications</h3>
<span class="anchor-reference-id">(<a href="#SpywareInApplications">#SpywareInApplications</a>)</span>
</div>
<div style="clear: left;"></div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202502230">
<!--#set var="DATE" value='<small class="date-tag">2025-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://proton.me/blog/outlook-is-microsofts-new-data-collection-service">
Outlook has become a “data collection and ad delivery
service”</a>. Since Outlook is now integrated with
Microsoft “cloud” services, and doesn't support
end-to-end encryption, the company has full access to users'
emails, contacts, and calendar events. Microsoft may also <a
href="https://www.cyberkendra.com/2023/11/new-outlook-update-raises-privacy.html">
retrieve credentials associated with any third-party services</a>
that are synchronized with Outlook. This trove of personal data
enables Microsoft, as well as its commercial partners, to flood
users with targeted ads, and possibly to train “artificial
intelligences.” Even worse, this data is available to any
government that can force Microsoft to hand it over.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202411050">
<!--#set var="DATE" value='<small class="date-tag">2024-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As of 2021, <a
href="https://www.rferl.org/a/russia-40-apps-preinstalled-electronic-devices/32532513.html">
preinstallation of Russian-made proprietary software has
been mandatory</a> on new computers and “smart”
devices sold in Russia, under threat of a fine for the retailer, and <a
href="https://tadviser.com/index.php/Article:Pre-installation_of_Russian_software_on_smartphones_and_computers">
the list of mandatory applications keeps
growing</a>. This gives the government a convenient way to <a
href="https://www.article19.org/resources/russia-pre-installation-of-apps-matters-for-free-speech/">
censor information, spy on people's online activity, and restrict
free speech</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202306120">
<!--#set var="DATE" value='<small class="date-tag">2023-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Edge <a
href="https://www.neowin.net/news/edge-sends-images-you-view-online-to-microsoft-here-is-how-to-disable-that/">sends
the URLs of images the user views to Microsoft's servers</a> by
default, supposedly to “enhance” them. And these images
<a href="/proprietary/proprietary-surveillance.html#M201405140">may
end up on the NSA's servers</a>.</p>
<p>Microsoft claims its nonfree browser sends the URLs without
identifying you, which cannot be true, since at least your IP
address is known to the server if you don't take extra measures.
Either way, such enhancer service is unjust because any image editing
<a href="/philosophy/who-does-that-server-really-serve.html">should
be done on your own computer using installed free software</a>.</p>
<p>The article describes how to disable sending the URLs. That makes
a change for the better, but we suggest that you instead switch to a
freedom-respecting browser with additional privacy features such as
<a href="/software/gnuzilla/">IceCat</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202305300">
<!--#set var="DATE" value='<small class="date-tag">2023-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some employers are <a
href="https://www.theguardian.com/money/2023/may/30/i-feel-constantly-watched-employees-working-under-surveillance-monitorig-software-productivity">
forcing employees to run “monitoring software”</a> on
their computers. These extremely intrusive proprietary programs
can take screenshots at regular intervals, log keystrokes,
record audio and video, etc. Such practices have been shown to <a
href="https://www.eurofound.europa.eu/publications/report/2020/employee-monitoring-and-surveillance-the-challenges-of-digitalisation">
deteriorate employees' well-being</a>, and trade unions in the
European union have voiced their concerns about them. The requirement
for employee's consent, which exists in some countries, is a sham
because most often the employee is not free to refuse. In short,
these practices should be abolished.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202205240">
<!--#set var="DATE" value='<small class="date-tag">2022-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A worldwide investigation found that
most of the applications that school districts
recommended for remote education during the COVID-19 pandemic <a
href="https://web.archive.org/web/20220525011540/https://www.washingtonpost.com/technology/2022/05/24/remote-school-app-tracking-privacy/">track
and collect personal data from children as young as below the age of
five</a>. These applications, and their websites, send the collected
information to ad giants such as Facebook and Google, and they are
still being used in the classrooms even after some of the schools
reopened.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201805170">
<!--#set var="DATE" value='<small class="date-tag">2018-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Verify browser extension by Storyful <a
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
on the reporters that use it</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInDesktopApps">Desktop Apps</h4>
<span class="anchor-reference-id">(<a href="#SpywareInDesktopApps">#SpywareInDesktopApps</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202411220">
<!--#set var="DATE" value='<small class="date-tag">2024-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Windows Recall is a feature of Microsoft's Copilot tool that
comes preinstalled on AI-specialized computers. <a
href="https://www.techtarget.com/searchenterpriseai/feature/Privacy-and-security-risks-surrounding-Microsoft-Recall">
Recall records everything users do on their computer</a> and allows
them to search the recordings, but it has numerous security flaws and
poses a risk to privacy. As Recall cannot be completely uninstalled,
disabling it doesn't eliminate the risk because it can be reactivated
by malware or misconfiguration.</p>
<p>Microsoft says that <a
href="https://support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15">
Recall will not take screenshots of digitally restricted
media</a>. Meanwhile, it stores sensitive user information such as
passwords and bank account numbers, showing that whereas Microsoft
worries somewhat about corporate interests, it couldn't care less
about user privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202406100">
<!--#set var="DATE" value='<small class="date-tag">2024-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In its terms of service, Adobe gives itself permission to <a
href="https://www.cnet.com/tech/services-and-software/adobe-defends-changes-in-its-terms-of-service-amid-gen-ai-explosion/">
spy on material that people upload to its servers</a>, supposedly for
moderation purposes. In spite of Adobe's denial, we can expect
that sooner or later it will use this material to train its so-called
“artificial intelligence,” and will claim that by agreeing
to the terms of service users gave it the right to do so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202011260">
<!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft's Office 365 suite enables employers <a
href="https://www.theguardian.com/technology/2020/nov/26/microsoft-productivity-score-feature-criticised-workplace-surveillance">to
snoop on each employee</a>. After
a public outburst, Microsoft stated that <a
href="https://www.theguardian.com/technology/2020/dec/02/microsoft-apologises-productivity-score-critics-derided-workplace-surveillance">it
would remove this capability</a>. Let's hope so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912190">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Avast and AVG extensions
for Firefox and Chrome were found to <a
href="https://www.itpro.co.uk/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome">
snoop on users' detailed browsing habits</a>. Mozilla and Google
removed the problematic extensions from their stores, but this shows
once more how unsafe nonfree software can be. Tools that are supposed
to protect a proprietary system are, instead, infecting it with
additional malware (the system itself being the original malware).</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201904210">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As of April 2019, it is <a
href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
longer possible to disable an
unscrupulous tracking anti-feature</a> that <a
href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
users when they follow ping links</a> in Apple Safari, Google Chrome,
Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is
going to be based on Chromium.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201811020">
<!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Foundry's graphics software <a
href="https://torrentfreak.com/software-company-fines-pirates-after-monitoring-their-computers-181102/">
reports information to identify who is running it</a>. The result is
often a legal threat demanding a lot of money.</p>
<p>The fact that this is used for repression of forbidden sharing
makes it even more vicious.</p>
<p>This illustrates that making unauthorized copies of nonfree software
is not a cure for the injustice of nonfree software. It may avoid
paying for the nasty thing, but cannot make it less nasty.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInMobileApps">Mobile Apps</h4>
<span class="anchor-reference-id">(<a href="#SpywareInMobileApps">#SpywareInMobileApps</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202308080">
<!--#set var="DATE" value='<small class="date-tag">2023-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Yandex company has started to <a
href="https://meduza.io/en/feature/2023/08/08/user-x-with-driver-y-traveled-from-point-a-to-point-b">
give away Yango taxi ride data to Russia's Federal Security Service
(FSB)</a>. The Russian government (and whoever else receives the
the data) thus has access to a wealth of personal information,
including who traveled where, when, and with which driver. Yandex <a
href="https://yandex.ru/legal/confidential/?lang=en">
claims that it complies with European regulations</a> for data
collected in the European Economic Area, Switzerland or Israel.
But what about the rest of the world?</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202304030">
<!--#set var="DATE" value='<small class="date-tag">2023-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Pinduoduo app <a
href="https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html">
snoops on other apps, and takes control of them</a>. It also installs
additional malware that is hard to remove.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202206020">
<!--#set var="DATE" value='<small class="date-tag">2022-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Canada has fined the company Tim Hortons for making <a
href="https://arstechnica.com/tech-policy/2022/06/tim-hortons-coffee-app-broke-law-by-constantly-recording-users-movements/">
an app that tracks people's movements</a> to learn things such as
where they live, where they work, and when they visit competitors'
stores.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202204040">
<!--#set var="DATE" value='<small class="date-tag">2022-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>New Amazon worker chat app <a
href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would
ban specific words Amazon doesn't like</a>, such as
“union”, “restrooms”, and “pay
raise”. If the app was free, workers could modify the program
so it acts as they wish, not how Amazon wants it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202203010">
<!--#set var="DATE" value='<small class="date-tag">2022-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The nonfree app “Along,”
developed by a company controlled by Zuckerberg, <a
href="https://kappanonline.org/dont-go-along-with-corporate-schemes-to-gather-up-student-data/">
leads students to reveal to their teacher personal information</a>
about themselves and their families. Conversations are recorded
and the collected data sent to the company, which grants itself the
right to sell it. See also <a
href="/education/educational-malware-app-along.html#content">Educational Malware App “Along”</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202201270">
<!--#set var="DATE" value='<small class="date-tag">2022-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The data broker X-Mode <a
href="https://themarkup.org/privacy/2022/01/27/gay-bi-dating-app-muslim-prayer-apps-sold-data-on-peoples-location-to-a-controversial-data-broker">bought
location data about 20,000 people collected by around 100 different
malicious apps</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202111090">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A building in LA, with a supermarket in it, <a
href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands
customers load a particular app to pay for parking in the parking
lot</a>, and accept pervasive surveillance. They also have the
option of entering their license plate numbers in a kiosk. That is
an injustice, too.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202106030">
<!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/">TikTok
apps collect biometric identifiers and biometric information from
users' smartphones</a>. The company behind it does whatever it wants
and collects whatever data it can.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202104060">
<!--#set var="DATE" value='<small class="date-tag">2021-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The <a
href="https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/">WeddingWire
app saves people's wedding photos forever and hands over data
to others</a>, giving users no control over their personal
information/data. The app also sometimes shows old photos and
memories to users, without giving them any control over this
either.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202102200">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The proprietary program Clubhouse
is malware and a privacy disaster. Clubhouse <a
href="https://www.theguardian.com/commentisfree/2021/feb/20/why-hot-new-social-app-clubhouse-spells-nothing-but-trouble">collects
people's personal data such as recordings of people's
conversations</a>, and, as a secondary problem, does not encrypt them,
which shows a bad security part of the issue.</p>
<p>A user's unique Clubhouse ID number and chatroom ID are transmitted
in plaintext, and Agora (the company behind the app) would likely
have access to users' raw audio, potentially providing access to
the Chinese government.</p>
<p>Even with good security of data transmission, collecting personal
data of people is wrong and a violation of people's privacy rights.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202102010">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many cr…apps, developed by various
companies for various organizations, do <a
href="https://www.expressvpn.com/digital-security-lab/investigation-xoth">
location tracking unknown to those companies and those
organizations</a>. It's actually some widely used libraries that do
the tracking.</p>
<p>What's unusual here is that proprietary software developer A tricks
proprietary software developers B1 … B50 into making platforms for
A to mistreat the end user.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202003260">
<!--#set var="DATE" value='<small class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Apple iOS version of Zoom <a
href="https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account">is
sending users' data to Facebook</a> even if the user doesn't have
a Facebook account. According to the article, Zoom and Facebook
don't even mention this surveillance on their privacy policy page,
making this an obvious violation of people's privacy even in their
own terms.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202003010">
<!--#set var="DATE" value='<small class="date-tag">2020-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Alipay Health Code app
estimates whether the user has Covid-19 and <a
href="https://www.nytimes.com/2020/03/01/business/china-coronavirus-surveillance.html">
tells the cops directly</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202001290">
<!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Ring app does <a
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
surveillance for other companies as well as for Amazon</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912220">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The ToToc messaging app seems to be a <a
href="https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html">
spying tool for the government of the United Arab Emirates</a>.
Any nonfree program could be doing this, and that is a good
reason to use free software instead.</p>
<p><small>Note: this article uses the word “free” in
the sense of “gratis.”</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912090">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>iMonsters and Android phones,
when used for work, give employers powerful <a
href="https://www.fastcompany.com/90440073/if-you-use-your-personal-phone-for-work-say-goodbye-to-your-privacy">
snooping and sabotage capabilities</a> if they install their own
software on the device. Many employers demand to do this. For the
employee, this is simply nonfree software, as fundamentally unjust
and as dangerous as any other nonfree software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201910130">
<!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Chinese Communist Party's “Study
the Great Nation” app requires users to grant it <a
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
access to the phone's microphone, photos, text messages, contacts, and
internet history</a>, and the Android version was found to contain a
back-door allowing developers to run any code they wish in the users'
phone, as “superusers.” Downloading and using this
app is mandatory at some workplaces.</p>
<p>Note: The <a
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
Washington Post version of the article</a> (partly obfuscated, but
readable after copy-pasting in a text editor) includes a clarification
saying that the tests were only performed on the Android version
of the app, and that, according to Apple, “this kind of
‘superuser’ surveillance could not be conducted on
Apple's operating system.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201909091">
<!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Facebook app <a
href="https://eu.usatoday.com/story/tech/talkingtech/2019/09/09/facebook-app-social-network-tracking-your-every-move/2270305001/">
tracks users even when it is turned off</a>, after tricking them
into giving the app broad permissions in order to use one of its
functionalities.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201909090">
<!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some nonfree period-tracking apps including MIA Fem and Maya <a
href="https://www.buzzfeednews.com/article/meghara/period-tracker-apps-facebook-maya-mia-fem">
send intimate details of users' lives to Facebook</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201909060">
<!--#set var="DATE" value='<small class="date-tag">2019-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Keeping track of who downloads a proprietary
program is a form of surveillance. There is a
proprietary program for adjusting a certain telescopic rifle sight. <a
href="https://www.forbes.com/sites/thomasbrewster/2019/09/06/exclusive-feds-demand-apple-and-google-hand-over-names-of-10000-users-of-a-gun-scope-app/">
A US prosecutor has demanded the list of all the 10,000 or more people
who have installed it</a>.</p>
<p>With a free program there would not be a list of who has installed
it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201907081">
<!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many unscrupulous mobile-app developers keep finding ways to <a
href="https://www.cnet.com/tech/mobile/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/">
bypass user's settings</a>, regulations, and privacy-enhancing features
of the operating system, in order to gather as much private data as
they possibly can.</p>
<p>Thus, we can't trust rules against spying. What we can trust is
having control over the software we run.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201907080">
<!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many Android apps can track
users' movements even when the user says <a
href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location">
not to allow them access to locations</a>.</p>
<p>This involves an apparently unintentional weakness in Android,
exploited intentionally by malicious apps.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201905300">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Femm “fertility” app is secretly a <a
href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners">
tool for propaganda</a> by natalist Christians. It spreads distrust
for contraception.</p>
<p>It snoops on users, too, as you must expect from nonfree
programs.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201905060">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>BlizzCon 2019 imposed a <a
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
requirement to run a proprietary phone app</a> to be allowed into
the event.</p>
<p>This app is a spyware that can snoop on a lot of
sensitive data, including user's location and contact list, and has <a
href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
href="https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
near-complete control</a> over the phone.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201904131">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Data collected by menstrual and pregnancy monitoring apps is often <a
href="https://www.theguardian.com/world/2019/apr/13/theres-a-dark-side-to-womens-health-apps-menstrual-surveillance">
available to employers and insurance companies</a>. Even though the
data is “anonymized and aggregated,” it can easily be
traced back to the woman who uses the app.</p>
<p>This has harmful implications for women's rights to equal employment
and freedom to make their own pregnancy choices. Don't use
these apps, even if someone offers you a reward to do so. A
free-software app that does more or less the same thing without
spying on you is available from <a
href="https://search.f-droid.org/?q=menstr">F-Droid</a>, and <a
href="https://dcs.megaphone.fm/BLM6228935164.mp3?key=7e4b8f7018d13cdc2b5ea6e5772b6b8f">
href="https://web.archive.org/web/20231230011724/https://dcs.megaphone.fm/BLM6228935164.mp3?key=23a58d3f686794e6d8b8678a5204887b&request_event_id=36469053-3d0b-4724-bf2d-6dbeeeac282e">
a new one is being developed</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201904130">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google tracks the movements of Android phones and iPhones
running Google apps, and sometimes <a
href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html">
saves the data for years</a>.</p>
<p>Nonfree software in the phone has to be responsible for sending
the location data to Google.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201903251">
<!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many Android phones come with a huge number of <a
href="https://web.archive.org/web/20190326145122/https://elpais.com/elpais/2019/03/22/inenglish/1553244778_819882.html">
preinstalled nonfree apps that have access to sensitive data without
users' knowledge</a>. These hidden apps may either call home with
the data, or pass it on to user-installed apps that have access to
the network but no direct access to the data. This results in massive
surveillance on which the user has absolutely no control.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201903211">
<!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The MoviePass dis-service <a
href="https://www.cnet.com/culture/entertainment/moviepass-founder-wants-to-use-facial-recognition-to-score-you-free-movies/">
is planning to use face recognition to track people's eyes</a>
to make sure they won't put their phones down or look away during
ads—and trackers.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201903201">
<!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A study of 24 “health” apps found that 19 of them <a
href="https://www.vice.com/en/article/pan9e8/health-apps-can-share-your-data-everywhere-new-study-shows">
send sensitive personal data to third parties</a>, which can use it
for invasive advertising or discriminating against people in poor
medical condition.</p>
<p>Whenever user “consent” is sought, it is buried in
lengthy terms of service that are difficult to understand. In any case,
“consent” is not sufficient to legitimize snooping.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902230">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook offered a convenient proprietary
library for building mobile apps, which also <a
href="https://boingboing.net/2019/02/23/surveillance-zucksterism.html">
sent personal data to Facebook</a>. Lots of companies built apps that
way and released them, apparently not realizing that all the personal
data they collected would go to Facebook as well.</p>
<p>It shows that no one can trust a nonfree program, not even the
developers of other nonfree programs.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902140">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The AppCensus database gives information on <a
href="https://www.appcensus.mobi">
href="https://www.appcensus.io/"> how Android apps use and
misuse users' personal data</a>. As of March 2019, nearly
78,000 have been analyzed, of which 24,000 (31%) transmit the <a
href="/proprietary/proprietary-surveillance.html#M201812290">
Advertising ID</a> to other companies, and <a
href="https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/">
href="https://web.archive.org/web/20240501141046/https://blog.appcensus.io/2019/02/14/ad-ids-behaving-badly/">
18,000 (23% of the total) link this ID to hardware identifiers</a>,
so that users cannot escape tracking by resetting it.</p>
<p>Collecting hardware identifiers is in apparent violation of
Google's policies. But it seems that Google wasn't aware of it,
and, once informed, was in no hurry to take action. This proves
that the policies of a development platform are ineffective at
preventing nonfree software developers from including malware in
their programs.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902060">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many nonfree apps have a surveillance feature for <a
href="https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/">
recording all the users' actions</a> in interacting with the app.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902041.1">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Twenty nine “beauty camera” apps that used to
be on Google Play had one or more malicious functionalities, such as <a
href="https://www.teleanalysis.com/these-29-beauty-camera-apps-steal-private-photo/">
href="https://www.androidpolice.com/2019/02/03/google-bans-29-beauty-camera-apps-from-the-play-store-that-steal-your-photos/">
stealing users' photos</a> photos instead of “beautifying” them, them</a>,
pushing unwanted and often malicious ads on users, and redirecting
them to phishing sites that stole their credentials. Furthermore,
the user interface of most of them was designed to make uninstallation
difficult.</p>
<p>Users should of course uninstall these dangerous apps if they
haven't yet, but they should also stay away from nonfree apps in
general. <em>All</em> nonfree apps carry a potential risk because
there is no easy way of knowing what they really do.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902010">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>An investigation of the 150 most popular
gratis VPN apps in Google Play found that <a
href="https://www.top10vpn.com/free-vpn-android-app-risk-index/">
href="https://www.top10vpn.com/research/free-vpn-investigations/risk-index/">
25% fail to protect their users' privacy</a> due to DNS leaks. In
addition, 85% feature intrusive permissions or functions in their
source code—often used for invasive advertising—that could
potentially also be used to spy on users. Other technical flaws were
found as well.</p>
<p>Moreover, a previous investigation had found that <a
href="https://www.top10vpn.com/free-vpn-app-investigation/">half
href="https://www.top10vpn.com/research/free-vpn-investigations/ownership/">half of
the top 10 gratis VPN apps have lousy privacy policies</a>.</p>
<p><small>(It is unfortunate that these articles talk about “free
apps.” These apps are gratis, but they are <em>not</em> <a
href="/philosophy/free-sw.html">free software</a>.)</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201901050">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Weather Channel app <a
href="https://www.theguardian.com/technology/2019/jan/04/weather-channel-app-lawsuit-location-data-selling">
stored users' locations to the company's server</a>. The company is
being sued, demanding that it notify the users of what it will do
with the data.</p>
<p>We think that lawsuit is about a side issue. What the company does
with the data is a secondary issue. The principal wrong here is that
the company gets that data at all.</p>
<p><a
href="https://www.vice.com/en/article/gy77wy/stop-using-third-party-weather-apps">
Other weather apps</a>, including Accuweather and WeatherBug, are
tracking people's locations.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201812290">
<!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Around 40% of gratis Android apps <a
href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">
report on the user's actions to Facebook</a>.</p>
<p>Often they send the machine's “advertising ID,” so that
Facebook can correlate the data it obtains from the same machine via
various apps. Some of them send Facebook detailed information about
the user's activities in the app; others only say that the user is
using that app, but that alone is often quite informative.</p>
<p>This spying occurs regardless of whether the user has a Facebook
account.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201810244">
<!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Android apps <a
href="https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
href="https://web.archive.org/web/20210418052600/https://www.androidauthority.com/apps-uninstall-trackers-917539/amp/">
track the phones of users that have deleted them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201808030">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Google apps on Android <a
href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile">
record the user's location even when users disable “location
tracking”</a>.</p>
<p>There are other ways to turn off the other kinds of location
tracking, but most users will be tricked by the misleading control.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201806110">
<!--#set var="DATE" value='<small class="date-tag">2018-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Spanish football streaming app <a
href="https://boingboing.net/2018/06/11/spanish-football-app-turns-use.html">tracks
the user's movements and listens through the microphone</a>.</p>
<p>This makes them act as spies for licensing enforcement.</p>
<p>We expect it implements DRM, too—that there is no way to save
a recording. But we can't be sure from the article.</p>
<p>If you learn to care much less about sports, you will benefit in
many ways. This is one more.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201804160">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>More than <a
href="https://www.theguardian.com/technology/2018/apr/16/child-apps-games-android-us-google-play-store-data-sharing-law-privacy">50%
of the 5,855 Android apps studied by researchers were found to snoop
and collect information about its users</a>. 40% of the apps were
found to insecurely snitch on its users. Furthermore, they could
detect only some methods of snooping, in these proprietary apps whose
source code they cannot look at. The other apps might be snooping
in other ways.</p>
<p>This is evidence that proprietary apps generally work against
their users. To protect their privacy and freedom, Android users
need to get rid of the proprietary software—both proprietary
Android by <a href="https://replicant.us">switching to Replicant</a>,
and the proprietary apps by getting apps from the free software
only <a href="https://f-droid.org/">F-Droid store</a> that <a
href="https://f-droid.org/wiki/page/Antifeatures">
href="https://f-droid.org/docs/Anti-Features/"> prominently warns
the user if an app contains anti-features</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201804020">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Grindr collects information about <a
href="https://www.commondreams.org/news/2018/04/02/egregious-breach-privacy-popular-app-grindr-supplies-third-parties-users-hiv-status">
which users are HIV-positive, then provides the information to
companies</a>.</p>
<p>Grindr should not have so much information about its users.
It could be designed so that users communicate such info to each
other but not to the server's database.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201803050">
<!--#set var="DATE" value='<small class="date-tag">2018-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The moviepass app and dis-service
spy on users even more than users expected. It <a
href="https://techcrunch.com/2018/03/05/moviepass-ceo-proudly-says-the-app-tracks-your-location-before-and-after-movies/">records
where they travel before and after going to a movie</a>.</p>
<p>Don't be tracked—pay cash!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201802280">
<!--#set var="DATE" value='<small class="date-tag">2018-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spotify app <a
href="https://www.sec.gov/Archives/edgar/data/1639920/000119312518063434/d494294df1.htm">harvests
users' data to personally identify and know people</a> through music,
their mood, mindset, activities, and tastes. There are over 150
billion events logged daily on the program which contains users'
data and personal information.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711240">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tracking software in popular Android apps
is pervasive and sometimes very clever. Some trackers can <a
href="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/">
follow a user's movements around a physical store by noticing WiFi
networks</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201709020">
<!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20230607090524/https://old.reddit.com/r/Instagram/comments/6xkhi8/ig_suddenly_asking_for_phone_number_not_visible/">Instagram
is forcing users to give away their phone numbers</a> and won't let
people continue using the app if they refuse.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201708270">
<!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Sarahah app <a
href="https://theintercept.com/2017/08/27/hit-app-sarahah-quietly-uploads-your-address-book/">
uploads all phone numbers and email addresses</a> in user's address
book to developer's server.</p>
<p><small>(Note that this article misuses the words
“<a href="/philosophy/free-sw.html">free software</a>”
referring to zero price.)</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201707270">
<!--#set var="DATE" value='<small class="date-tag">2017-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>20 dishonest Android apps recorded <a
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts">phone
href="https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/">phone
calls and sent them and text messages and emails to snoopers</a>.</p>
<p>Google did not intend to make these apps spy; on the contrary, it
worked in various ways to prevent that, and deleted these apps after
discovering what they did. So we cannot blame Google specifically
for the snooping of these apps.</p>
<p>On the other hand, Google redistributes nonfree Android apps, and
therefore shares in the responsibility for the injustice of their being
nonfree. It also distributes its own nonfree apps, such as Google Play,
<a href="/philosophy/free-software-even-more-important.html">which
are malicious</a>.</p>
<p>Could Google have done a better job of preventing apps from
cheating? There is no systematic way for Google, or Android users,
to inspect executable proprietary apps to see what they do.</p>
<p>Google could demand the source code for these apps, and study
the source code somehow to determine whether they mistreat users in
various ways. If it did a good job of this, it could more or less
prevent such snooping, except when the app developers are clever
enough to outsmart the checking.</p>
<p>But since Google itself develops malicious apps, we cannot trust
Google to protect us. We must demand release of source code to the
public, so we can depend on each other.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201705230">
<!--#set var="DATE" value='<small class="date-tag">2017-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apps for BART <a
href="https://web.archive.org/web/20171124190046/https://consumerist.com/2017/05/23/passengers-say-commuter-rail-app-illegally-collects-personal-user-data/">
snoop on users</a>.</p>
<p>With free software apps, users could <em>make sure</em> that they
don't snoop.</p>
<p>With proprietary apps, one can only hope that they don't.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201705040">
<!--#set var="DATE" value='<small class="date-tag">2017-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A study found 234 Android apps that track users by <a
href="https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/">listening
to ultrasound from beacons placed in stores or played by TV
programs</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201704260">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Faceapp appears to do lots of surveillance, judging by <a
href="https://web.archive.org/web/20170426191242/https://www.washingtonpost.com/news/the-intersect/wp/2017/04/26/everything-thats-wrong-with-faceapp-the-latest-creepy-photo-app-for-your-face/">
how much access it demands to personal data in the device</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201704190">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Users are suing Bose for <a
href="https://web.archive.org/web/20170423010030/https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/">
distributing a spyware app for its headphones</a>. Specifically,
the app would record the names of the audio files users listen to
along with the headphone's unique serial number.</p>
<p>The suit accuses that this was done without the users' consent.
If the fine print of the app said that users gave consent for this,
would that make it acceptable? No way! It should be flat out <a
href="/philosophy/surveillance-vs-democracy.html"> illegal to design
the app to snoop at all</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201704074">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Pairs of Android apps can collude
to transmit users' personal data to servers. <a
href="https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/">A
study found tens of thousands of pairs that collude</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201703300">
<!--#set var="DATE" value='<small class="date-tag">2017-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Verizon <a
href="https://yro.slashdot.org/story/17/03/30/0112259/verizon-to-force-appflash-spyware-on-android-phones">
announced an opt-in proprietary search app that it will</a> pre-install
on some of its phones. The app will give Verizon the same information
about the users' searches that Google normally gets when they use
its search engine.</p>
<p>Currently, the app is <a
href="https://www.eff.org/deeplinks/2017/04/update-verizons-appflash-pre-installed-spyware-still-spyware">
being pre-installed on only one phone</a>, and the user must
explicitly opt-in before the app takes effect. However, the app
remains spyware—an “optional” piece of spyware is
still spyware.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201701210">
<!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Meitu photo-editing app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
user data to a Chinese company</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201611280">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Uber app tracks <a
href="https://techcrunch.com/2016/11/28/uber-background-location-data-collection/">clients'
movements before and after the ride</a>.</p>
<p>This example illustrates how “getting the user's
consent” for surveillance is inadequate as a protection against
massive surveillance.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201611160">
<!--#set var="DATE" value='<small class="date-tag">2016-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A <a
href="https://research.csiro.au/ng/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
href="https://research.csiro.au/isp/wp-content/uploads/sites/106/2016/08/paper-1.pdf">
research paper</a> that investigated the privacy and security of
283 Android VPN apps concluded that “in spite of the promises
for privacy, security, and anonymity given by the majority of VPN
apps—millions of users may be unawarely subject to poor security
guarantees and abusive practices inflicted by VPN apps.”</p>
<p>Following is a non-exhaustive list, taken from the research paper,
of some proprietary VPN apps that track users and infringe their
privacy:</p>
<dl class="compact">
<dt>SurfEasy</dt>
<dd>Includes tracking libraries such as NativeX and Appflood,
meant to track users and show them targeted ads.</dd>
<dt>sFly Network Booster</dt>
<dd>Requests the <code>READ_SMS</code> and <code>SEND_SMS</code>
permissions upon installation, meaning it has full access to users'
text messages.</dd>
<dt>DroidVPN and TigerVPN</dt>
<dd>Requests the <code>READ_LOGS</code> permission to read logs
for other apps and also core system logs. TigerVPN developers have
confirmed this.</dd>
<dt>HideMyAss</dt>
<dd>Sends traffic to LinkedIn. Also, it stores detailed logs and
may turn them over to the UK government if requested.</dd>
<dt>VPN Services HotspotShield</dt>
<dd>Injects JavaScript code into the HTML pages returned to the
users. The stated purpose of the JS injection is to display ads. Uses
roughly five tracking libraries. Also, it redirects the user's
traffic through valueclick.com (an advertising website).</dd>
<dt>WiFi Protector VPN</dt>
<dd>Injects JavaScript code into HTML pages, and also uses roughly
five tracking libraries. Developers of this app have confirmed that
the non-premium version of the app does JavaScript injection for
tracking the user and displaying ads.</dd>
</dl>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201609210">
<!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google's new voice messaging app <a
href="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
href="https://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs
all conversations</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201606050">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook's new Magic Photo app <a
href="https://www.theregister.co.uk/2015/11/10/facebook_scans_camera_for_your_friends/">
href="https://www.theregister.com/2015/11/10/facebook_scans_camera_for_your_friends/">
scans your mobile phone's photo collections for known faces</a>,
and suggests you circulate the picture you take according to who is
in the frame.</p>
<p>This spyware feature seems to require online access to some
known-faces database, which means the pictures are likely to be
sent across the wire to Facebook's servers and face-recognition
algorithms.</p>
<p>If so, none of Facebook users' pictures are private anymore,
even if the user didn't “upload” them to the service.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201605310">
<!--#set var="DATE" value='<small class="date-tag">2016-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Facebook's app listens all the time, <a
href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-using-people-s-phones-listen-what-they-re-saying-claims-professor-a7057526.html">to
href="https://www.independent.co.uk/tech/facebook-using-people-s-phones-to-listen-in-on-what-they-re-saying-claims-professor-a7057526.html">to
snoop on what people are listening to or watching</a>. In addition,
it may be analyzing people's conversations to serve them with targeted
advertisements.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201604250">
<!--#set var="DATE" value='<small class="date-tag">2016-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
href="https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
spy on many sorts of data in the phone, and in server accounts,
it can alter them too</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201601130">
<!--#set var="DATE" value='<small class="date-tag">2016-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apps that include <a
href="https://web.archive.org/web/20180913014551/http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
Symphony surveillance software snoop on what radio and TV programs
are playing nearby</a>. Also on what users post on various sites
such as Facebook, Google+ and Twitter.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511190">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“Cryptic communication,”
unrelated to the app's functionality, was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
href="https://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
found in the 500 most popular gratis Android apps</a>.</p>
<p>The article should not have described these apps as
“free”—they are not free software. The clear way
to say “zero price” is “gratis.”</p>
<p>The article takes for granted that the usual analytics tools are
legitimate, but is that valid? Software developers have no right to
analyze what users are doing or how. “Analytics” tools
that snoop are just as wrong as any other snooping.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201510300">
<!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>More than 73% and 47% of mobile applications, for Android and iOS
respectively <a href="https://techscience.org/a/2015103001/">hand over
personal, behavioral and location information</a> of their users to
third parties.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201508210">
<!--#set var="DATE" value='<small class="date-tag">2015-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Like most “music screaming” disservices, Spotify is
based on proprietary malware (DRM and snooping). In August 2015 it <a
href="http://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
href="https://www.theguardian.com/technology/2015/aug/21/spotify-faces-user-backlash-over-new-privacy-policy">
demanded users submit to increased snooping</a>, and some are starting
to realize that it is nasty.</p>
<p>This article shows the <a
href="https://www.theregister.co.uk/2015/08/21/spotify_worse_than_the_nsa/">
href="https://www.theregister.com/2015/08/21/spotify_worse_than_the_nsa/">
twisted ways that they present snooping as a way to “serve”
users better</a>—never mind whether they want that. This is a
typical example of the attitude of the proprietary software industry
towards those they have subjugated.</p>
<p>Out, out, damned Spotify!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201507281">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many retail businesses publish cr…apps that ask to <a
href="https://www.delish.com/kitchen-tools/a43252/how-food-apps-use-data/">
spy on the user's own data</a>—often many kinds.</p>
<p>Those companies know that snoop-phone usage trains people to say
yes to almost any snooping.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201506264">
<!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.cl.cam.ac.uk/~arb33/papers/FerreiraEtAl-Securacy-WiSec2015.pdf">
A study in 2015</a> found that 90% of the top-ranked gratis proprietary
Android apps contained recognizable tracking libraries. For the paid
proprietary apps, it was only 60%.</p>
<p>The article confusingly describes gratis apps as
“free”, but most of them are not in fact <a
href="/philosophy/free-sw.html">free software</a>. It also uses the
ugly word “monetize”. A good replacement for that word
is “exploit”; nearly always that will fit perfectly.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201505060">
<!--#set var="DATE" value='<small class="date-tag">2015-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Gratis Android apps (but not <a
href="/philosophy/free-sw.html">free software</a>) connect to 100 <a
href="http://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
href="https://www.theguardian.com/technology/2015/may/06/free-android-apps-connect-tracking-advertising-websites">tracking
and advertising</a> URLs, on the average.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201504060">
<!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Widely used <a
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
href="https://freedom-to-tinker.com/2015/04/06/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
QR-code scanner apps snoop on the user</a>. This is in addition to
the snooping done by the phone company, and perhaps by the OS in
the phone.</p>
<p>Don't be distracted by the question of whether the app developers
get users to say “I agree”. That is no excuse for
malware.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201411260">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many proprietary apps for mobile devices
report which other apps the user has installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
href="https://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
is doing this in a way that at least is visible and optional</a>. Not
as bad as what the others do.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201401150.1">
<!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Simeji keyboard is a smartphone version of Baidu's <a
href="/proprietary/proprietary-surveillance.html#baidu-ime">spying <abbr
title="Input Method Editor">IME</abbr></a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201312270">
<!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The nonfree Snapchat app's principal purpose is to restrict the
use of data on the user's computer, but it does surveillance too: <a
href="http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
href="https://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers">
it tries to get the user's list of other people's phone
numbers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201312060">
<!--#set var="DATE" value='<small class="date-tag">2013-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Brightest Flashlight app <a
href="http://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
href="https://www.theguardian.com/technology/2013/dec/06/android-app-50m-downloads-sent-data-advertisers">
sends user data, including geolocation, for use by companies</a>.</p>
<p>The FTC criticized this app because it asked the user to
approve sending personal data to the app developer but did not ask
about sending it to other companies. This shows the weakness of
the reject-it-if-you-dislike-snooping “solution” to
surveillance: why should a flashlight app send any information to
anyone? A free software flashlight app would not.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201212100">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>FTC says most mobile apps for children don't respect privacy: <a
href="http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
http://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
href="https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/">
https://arstechnica.com/information-technology/2012/12/ftc-disclosures-severely-lacking-in-kids-mobile-appsand-its-getting-worse/</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInSkype">Skype</h4>
<span class="anchor-reference-id">(<a href="#SpywareInSkype">#SpywareInSkype</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201908151">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Skype refuses to say whether it can <a
href="http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html">eavesdrop
on calls</a>.</p>
<p>That almost certainly means it can do so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201307110">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Skype contains <a
href="https://web.archive.org/web/20130928235637/http://www.forbes.com/sites/petercohan/2013/06/20/project-chess-how-u-s-snoops-on-your-skype/">spyware</a>.
Microsoft changed Skype <a
href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
href="https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data">
specifically for spying</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInGames">Games</h4>
<span class="anchor-reference-id">(<a href="#SpywareInGames">#SpywareInGames</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202010221">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is imposing its
surveillance on the game of Minecraft by <a
href="https://www.theverge.com/2020/10/22/21527647/minecraft-microsoft-account-mojang-java">requiring
every player to open an account on Microsoft's network</a>. Microsoft
has bought the game and will merge all accounts into its network,
which will give them access to people's data.</p>
<p>Minecraft players <a
href="https://directory.fsf.org/wiki/Minetest">can play Minetest</a>
instead. The essential advantage of Minetest is that it is free
software, meaning it respects the user's computer freedom. As a bonus,
it offers more options.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201908210">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft recorded users of Xboxes and had <a
href="https://www.vice.com/en/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana">
human workers listen to the recordings</a>.</p>
<p>Morally, we see no difference between having human workers listen and
having speech-recognition systems listen. Both intrude on privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201806240">
<!--#set var="DATE" value='<small class="date-tag">2018-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Red Shell is a spyware that
is found in many proprietary games. It <a
href="https://nebulous.cloud/threads/red-shell-illegal-spyware-for-steam-games.31924/">
tracks data on users' computers and sends it to third parties</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201804144">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>ArenaNet surreptitiously installed a spyware
program along with an update to the massive
multiplayer game Guild Wars 2. The spyware allowed ArenaNet <a
href="https://techraptor.net/content/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
href="https://techraptor.net/gaming/news/arenanet-used-spyware-anti-cheat-for-guild-wars-2-banwave">
to snoop on all open processes running on its user's computer</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711070">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The driver for a certain gaming keyboard <a
href="https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html">sends
information to China</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201512290">
<!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many <a
href="http://www.thestar.com/news/canada/2015/12/29/how-much-data-are-video-games-collecting-about-you.html/">
href="https://web.archive.org/web/20240114145409/https://www.thestar.com/news/canada/video-game-companies-are-collecting-massive-amounts-of-data-about-you/article_31fba9a3-2760-57ae-9ae0-4083904bcb87.html">
video game consoles snoop on their users and report to the
internet</a>—even what their users weigh.</p>
<p>A game console is a computer, and you can't trust a computer with
a nonfree operating system.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201509160">
<!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Modern gratis game cr…apps <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
href="https://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
collect a wide range of data about their users and their users'
friends and associates</a>.</p>
<p>Even nastier, they do it through ad networks that merge the data
collected by various cr…apps and sites made by different
companies.</p>
<p>They use this data to manipulate people to buy things, and hunt for
“whales” who can be led to spend a lot of money. They also
use a back door to manipulate the game play for specific players.</p>
<p>While the article describes gratis games, games that cost money
can use the same tactics.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201401280">
<!--#set var="DATE" value='<small class="date-tag">2014-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Angry Birds <a
href="http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
href="https://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html">
spies for companies, and the NSA takes advantage
to spy through it too</a>. Here's information on <a
href="http://confabulator.blogspot.com/2012/11/analysis-of-what-information-angry.html">
more spyware apps</a>.</p>
<p><a
href="https://www.propublica.org/article/spy-agencies-probe-angry-birds-and-other-apps-for-personal-data">
More about NSA app spying</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M200510200">
<!--#set var="DATE" value='<small class="date-tag">2005-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Blizzard Warden is a hidden
“cheating-prevention” program that <a
href="https://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware">
spies on every process running on a gamer's computer and sniffs a
good deal of personal data</a>, including lots of activities which
have nothing to do with cheating.</p>
</li>
</ul>
<div class="big-section">
<h3 id="SpywareInEquipment">Spyware in Connected Equipment</h3>
<span class="anchor-reference-id">(<a href="#SpywareInEquipment">#SpywareInEquipment</a>)</span>
</div>
<div style="clear: left;"></div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202101050">
<!--#set var="DATE" value='<small class="date-tag">2021-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Most Internet connected devices in Mozilla's <a
href="https://foundation.mozilla.org/en/privacynotincluded">“Privacy
href="https://www.mozillafoundation.org/privacynotincluded/">“Privacy
Not Included”</a> list <a
href="https://foundation.mozilla.org/privacynotincluded/arlo-video-doorbell">are
href="https://www.mozillafoundation.org/privacynotincluded/arlo-video-doorbell/">are
designed to snoop on users</a> even if they meet
Mozilla's “Minimum Security Standards.” Insecure
design of the program running on some of these devices <a
href="https://foundation.mozilla.org/privacynotincluded/vibratissimo-panty-buster">makes
href="https://www.mozillafoundation.org/privacynotincluded/vibratissimo-panty-buster/">makes
the user susceptible to be snooped on and exploited by crackers as
well</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912110">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As tech companies add microphones to a wide range
of products, including refrigerators and motor vehicles,
they also set up transcription farms where human employees <a
href="https://getpocket.com/explore/item/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in">
listen to what people say</a> and tweak the recognition algorithms.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201708280">
<!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The bad security in many Internet of Stings devices allows <a
href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs
href="https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/">ISPs
to snoop on the people that use them</a>.</p>
<p>Don't be a sucker—reject all the stings.</p>
<p><small>(It is unfortunate that the article uses the term <a
href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.)</small></p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInTVSets">TV Sets</h4>
<span class="anchor-reference-id">(<a href="#SpywareInTVSets">#SpywareInTVSets</a>)</span>
</div>
<p>Emo Phillips made a joke: The other day a woman came up to me and
said, “Didn't I see you on television?” I said, “I
don't know. You can't see out the other way.” Evidently that was
before Amazon “smart” TVs.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202204140">
<!--#set var="DATE" value='<small class="date-tag">2022-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Today's “smart” TVs <a
href="https://www.techdirt.com/2022/04/14/its-still-stupidly-ridiculously-difficult-to-buy-a-dumb-tv/">
push people to surrender to tracking via internet</a>. Some won't work
unless they have a chance to download nonfree software. And they are
designed for programmed obsolescence.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202201290">
<!--#set var="DATE" value='<small class="date-tag">2022-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“Smart” TV manufacturers <a
href="https://www.theguardian.com/technology/2022/jan/29/what-your-smart-tv-knows-about-you-and-how-to-stop-it-harvesting-data">
spy on people using various methods</a>, and harvest their
data. They are collecting audio, video, and TV usage data to profile
people.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202010282">
<!--#set var="DATE" value='<small class="date-tag">2020-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>TV manufacturers are turning to produce only
“Smart” TV sets (which include spyware) that <a
href="https://frame.work/blog/in-defense-of-dumb-tvs">it's now very
hard to find a TV that doesn't spy on you</a>.</p>
<p>It appears that those manufacturers business model is not to produce
TV and sell them for money, but to collect your personal data and
(possibly) hand over them to others for benefit.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202006250">
<!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>TV manufacturers are able to <a
href="https://www.zdnet.com/article/fbi-warns-about-snoopy-smart-tvs-spying-on-you/">snoop
every second of what the user is watching</a>. This is illegal due to
the Video Privacy Protection Act of 1988, but they're circumventing
it through EULAs.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201901070">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio TVs <a
href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019">
collect “whatever the TV sees,”</a> in the own words of the company's
CTO, and this data is sold to third parties. This is in return for
“better service” (meaning more intrusive ads?) and slightly
lower retail prices.</p>
<p>What is supposed to make this spying acceptable, according to him,
is that it is opt-in in newer models. But since the Vizio software is
nonfree, we don't know what is actually happening behind the scenes,
and there is no guarantee that all future updates will leave the
settings unchanged.</p>
<p>If you already own a Vizio “smart” TV (or any “smart” TV, for that
matter), the easiest way to make sure it isn't spying on you is
to disconnect it from the Internet, and use a terrestrial antenna
instead. Unfortunately, this is not always possible. Another option,
if you are technically oriented, is to get your own router (which can
be an old computer running completely free software), and set up a
firewall to block connections to Vizio's servers. Or, as a last resort,
you can replace your TV with another model.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201804010">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some “Smart” TVs automatically <a
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
load downgrades that install a surveillance app</a>.</p>
<p>We link to the article for the facts it presents. It
is too bad that the article finishes by advocating the
moral weakness of surrendering to Netflix. The Netflix app <a
href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
malware too</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201702060">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
href="https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs
report everything that is viewed on them, and not just broadcasts and
cable</a>. Even if the image is coming from the user's own computer,
the TV reports what it is. The existence of a way to disable the
surveillance, even if it were not hidden as it was in these TVs,
does not legitimize the surveillance.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511130">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some web and TV advertisements play inaudible
sounds to be picked up by proprietary malware running
on other devices in range so as to determine that they
are nearby. Once your Internet devices are paired with
your TV, advertisers can correlate ads with Web activity, and other <a
href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
href="https://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/">
cross-device tracking</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511060">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio goes a step further than other TV
manufacturers in spying on their users: their <a
href="https://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you">
“smart” TVs analyze your viewing habits in detail and
link them your IP address</a> so that advertisers can track you
across devices.</p>
<p>It is possible to turn this off, but having it enabled by default
is an injustice already.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511020">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tivo's alliance with Viacom adds 2.3 million households
to the 600 millions social media profiles the company
already monitors. Tivo customers are unaware they're
being watched by advertisers. By combining TV viewing
information with online social media participation, Tivo can now <a
href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102">
href="https://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102/">
correlate TV advertisement with online purchases</a>, exposing all
users to new combined surveillance by default.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201507240">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” TVs recognize and <a
href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track
href="https://www.engadget.com/2015-07-24-vizio-ipo-inscape-acr.html">track
what people are watching</a>, even if it isn't a TV channel.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201505290">
<!--#set var="DATE" value='<small class="date-tag">2015-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Verizon cable TV <a
href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
href="https://arstechnica.com/information-technology/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/">
snoops on what programs people watch, and even what they wanted to
record</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201504300">
<!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio <a
href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
href="https://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html">
used a firmware “upgrade” to make its TVs snoop on what
users watch</a>. The TVs did not do that when first sold.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201502090">
<!--#set var="DATE" value='<small class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Samsung “Smart” TV <a
href="https://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm">
transmits users' voice on the internet to another company, Nuance</a>.
Nuance can save it and would then have to give it to the US or some
other government.</p>
<p>Speech recognition is not to be trusted unless it is done by free
software in your own computer.</p>
<p>In its privacy policy, Samsung explicitly confirms that <a
href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
href="https://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice
data containing sensitive information will be transmitted to third
parties</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201411090">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon “Smart” TV is <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
href="https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201409290">
<!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>More or less all “smart” TVs <a
href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
href="https://myce.wiki/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy
on their users</a>.</p>
<p>The report was as of 2014, but we don't expect this has got
better.</p>
<p>This shows that laws requiring products to get users' formal
consent before collecting personal data are totally inadequate.
And what happens if a user declines consent? Probably the TV will
say, “Without your consent to tracking, the TV will not
work.”</p>
<p>Proper laws would say that TVs are not allowed to report what the
user watches—no exceptions!</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201405200.1">
<!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>LG <a
href="https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/">
disabled network features</a> on <em>previously purchased</em>
“smart” TVs, unless the purchasers agreed to let LG begin
to snoop on them and distribute their personal data.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201405200">
<!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in LG “smart” TVs <a
href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
reports what the user watches, and the switch to turn this off has
no effect</a>. (The fact that the transmission reports a 404 error
really means nothing; the server could save that data anyway.)</p>
<p>Even worse, it <a
href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/">
href="https://rrrrambles.wordpress.com/2013/11/21/lg-tv-logging-filenames-from-network-folders/">
snoops on other devices on the user's local network</a>.</p>
<p>LG later said it had installed a patch to stop this, but any
product could spy this way.</p>
<p>Meanwhile, LG TVs <a
href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml">
href="https://www.techdirt.com/2014/05/20/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties/">
do lots of spying anyway</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201311210">
<!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Spyware in LG “smart” TVs <a
href="https://doctorbeet.blogspot.com/2013/11/lg-smart-tvs-logging-usb-filenames-and.html">
reports what the user watches, and the switch to turn this off has
no effect</a>. (The fact that the transmission reports a 404 error
really means nothing; the server could save that data anyway.)</p>
<p>Even worse, it <a
href="https://rrrrambles.wordpress.com/2013/11/21/lg-tv-logging-filenames-from-network-folders/">
snoops on other devices on the user's local network</a>.</p>
<p>LG later said it had installed a patch to stop this, but any
product could spy this way.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201212170">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="break-security-smarttv"><a
href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html">
Crackers found a way to break security on a “smart” TV</a>
and use its camera to watch the people who are watching TV.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInCameras">Cameras</h4>
<span class="anchor-reference-id">(<a href="#SpywareInCameras">#SpywareInCameras</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202501170">
<!--#set var="DATE" value='<small class="date-tag">2025-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Canon is <a
href="https://arstechnica.com/gadgets/2025/01/canon-charges-50-per-year-to-use-a-900-camera-as-a-functional-webcam/">
preventing customers from using one of its cameras as a webcam</a>
unless they create an account on the company's server, and pay an
additional subscription. This unjust practice could be eliminated if
the camera firmware were free (as in freedom).</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202312230">
<!--#set var="DATE" value='<small class="date-tag">2023-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Surveillance cameras put in by government
A to surveil for it may be surveilling for
government B as well. That's because A put in a product <a
href="https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html">
made by B with nonfree software</a>.</p>
<p><small>(Please note that this article misuses the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hack</a>” to
mean “break security.”)</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202307040">
<!--#set var="DATE" value='<small class="date-tag">2023-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.theguardian.com/technology/2023/jul/04/smile-youre-on-camera-self-driving-cars-are-here-and-theyre-watching-you">
Driverless cars in San Francisco collect videos constantly</a>, using
cameras inside and outside, and governments have already collected
those videos secretly.</p>
<p>As the Surveillance Technology Oversight Project says, they are
“driving us straight into authoritarianism.” We must <a
href="/philosophy/surveillance-vs-democracy.html">regulate <em>all</em>
cameras that collect images that can be used to track people</a>,
to make sure they are not used for that.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902270">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Ring doorbell camera is designed so that the
manufacturer (now Amazon) can watch all the time. Now it turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do not expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows
Amazon to watch</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201901100">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
href="https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html">
send the video they capture to Amazon servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone that comes near, or merely
passes by, the user's front door.</p>
<p>The article focuses on how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but the primary abuse—that Amazon gets the
video—Amazon expects society to surrender to.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201810300">
<!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Nearly all “home security cameras” <a
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/">
href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds-a8814384448/">
give the manufacturer an unencrypted copy of everything they
see</a>. “Home insecurity camera” would be a better
name!</p>
<p>When Consumer Reports tested them, it suggested that these
manufacturers promise not to look at what's in the videos. That's not
security for your home. Security means making sure they don't get to
see through your camera.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201710040">
<!--#set var="DATE" value='<small class="date-tag">2017-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Every “home security” camera, if its
manufacturer can communicate with it, is a surveillance device. <a
href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change">
Canary camera is an example</a>.</p>
<p>The article describes wrongdoing by the manufacturer, based on
the fact that the device is tethered to a server.</p>
<p><a href="/proprietary/proprietary-tethers.html">More about
proprietary tethering</a>.</p>
<p>But it also demonstrates that the device gives the company
surveillance capability.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201603220">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Over 70 brands of network-connected surveillance cameras have <a
href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
href="https://web.archive.org/web/20250117130741/http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">
security bugs that allow anyone to watch through them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201511250">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Nest Cam “smart” camera is <a
href="http://www.bbc.com/news/technology-34922712">always
href="https://www.bbc.com/news/technology-34922712">always watching</a>,
even when the “owner” switches it “off.”</p>
<p>A “smart” device means the manufacturer is using it
to outsmart you.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInToys">Toys</h4>
<span class="anchor-reference-id">(<a href="#SpywareInToys">#SpywareInToys</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711244">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
href="https://web.archive.org/web/20220604212722/https://www.contextis.com/en/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
universal back door</a>. If the product as shipped doesn't act as a
listening device, remote changes to the code could surely convert it
into one.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711100">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A remote-control sex toy was found to make <a
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio
href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance">audio
recordings of the conversation between two users</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201703140">
<!--#set var="DATE" value='<small class="date-tag">2017-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A computerized vibrator <a
href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack">
was snooping on its users through the proprietary control app</a>.</p>
<p>The app was reporting the temperature of the vibrator minute by
minute (thus, indirectly, whether it was surrounded by a person's
body), as well as the vibration frequency.</p>
<p>Note the totally inadequate proposed response: a labeling
standard with which manufacturers would make statements about their
products, rather than free software which users could have checked
and changed.</p>
<p>The company that made the vibrator <a
href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">
was sued for collecting lots of personal information about how people
used it</a>.</p>
<p>The company's statement that it was anonymizing the data may be
true, but it doesn't really matter. If it had sold the data to a data
broker, the data broker would have been able to figure out who the
user was.</p>
<p>Following this lawsuit, <a
href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits">
the company has been ordered to pay a total of C$4m</a> to its
customers.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201702280">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“CloudPets” toys with microphones <a
href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults">
leak childrens' conversations to the manufacturer</a>. Guess what? <a
href="https://www.vice.com/en/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings">
Crackers found a way to access the data</a> collected by the
manufacturer's snooping.</p>
<p>That the manufacturer and the FBI could listen to these
conversations was unacceptable by itself.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201612060.1">
<!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The “smart” toys My Friend Cayla and i-Que can be <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/">remotely
controlled with a mobile phone</a>; physical access is not
necessary. This would enable crackers to listen in on a child's
conversations, and even speak into the toys themselves.</p>
<p>This means a burglar could speak into the toys and ask the child
to unlock the front door while Mommy's not looking.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201612060">
<!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The “smart” toys My Friend Cayla and i-Que transmit <a
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">children's
href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/">children's
conversations to Nuance Communications</a>, a speech recognition
company based in the U.S.</p>
<p>Those toys also contain major security vulnerabilities; crackers
can remotely control the toys with a mobile phone. This would enable
crackers to listen in on a child's speech, and even speak into the
toys themselves.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201502180">
<!--#set var="DATE" value='<small class="date-tag">2015-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Barbie <a
href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
href="https://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is
going to spy on children and adults</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInDrones">Drones</h4>
<span class="anchor-reference-id">(<a href="#SpywareInDrones">#SpywareInDrones</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201708040">
<!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>While you're using a DJI drone
to snoop on other people, DJI is in many cases <a
href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping
on you</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareAtHome">Other Appliances</h4><span class="anchor-reference-id">(<a href="#SpywareAtHome">#SpywareAtHome</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202407200">
<!--#set var="DATE" value='<small class="date-tag">2024-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The company making a “smart” bassinet called Snoo has <a
href="https://www.theverge.com/2024/7/20/24202166/snoo-premium-subscription-happiest-baby">
locked the most advanced functionalities of the Snoo behind a
paywall</a>. This unexpected change mainly affects users who received
the appliance as a gift, or bought it second-hand on the assumption
that all these functionalities would be available to them, as they
used to be. This is another example of the deceptive behavior of
proprietary software developers who take advantage of their power
over users to change rules at will.</p>
<p>Another malicious feature of the Snoo is the fact that users
need to create an account with the company, which thus has access
to personal data, location (SSID), appliance log, etc., as well as
manual notes about baby history.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202309270">
<!--#set var="DATE" value='<small class="date-tag">2023-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Philips Hue, the most ubiquitous
home automation product in the US, is planning to soon <a
href="https://boingboing.net/2023/09/27/philips-hue-to-make-you-create-an-account-and-log-in-to-adjust-your-lightbulbs.html">
force users to log in to the app server</a> in order to be able to
adjust a lightbulb, or use other functionalities, in what amounts to
a massive user-tracking data grab.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202009270">
<!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many employers are using nonfree
software, including videoconference software, to <a
href="https://www.theguardian.com/world/2020/sep/27/shirking-from-home-staff-feel-the-heat-as-bosses-ramp-up-remote-surveillance">
surveil and monitor staff working at home</a>. If the program reports
whether you are “active,” that is in effect a malicious
surveillance feature.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202008030">
<!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Nest <a
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
is taking over ADT</a>. Google sent out a software
update to its speaker devices using their back door <a
href="https://www.protocol.com/google-smart-speaker-alarm-adt">
href="https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt"> that
listens for things like smoke alarms</a> and then notifies your phone
that an alarm is happening. This means the devices now listen for more
than just their wake words. Google says the software update was sent
out prematurely and on accident and Google was planning on disclosing
this new feature and offering it to customers who pay for it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202006300">
<!--#set var="DATE" value='<small class="date-tag">2020-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“Bossware” is malware that bosses <a
href="https://www.eff.org/deeplinks/2020/06/inside-invasive-secretive-bossware-tracking-workers">
coerce workers into installing in their own computers</a>, so the
bosses can spy on them.</p>
<p>This shows why requiring the user's “consent” is not
an adequate basis for protecting digital privacy. The boss can coerce
most workers into consenting to almost anything, even probable exposure
to contagious disease that can be fatal. Software like this should
be illegal and bosses that demand it should be prosecuted for it.</p>
</li>
<li id="M201911190">
<!--#set var="DATE" value='<small class="date-tag">2019-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Internet-tethered Amazon Ring had
a security vulnerability that enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
access the user's wifi password</a>, and snoop on the household
through connected surveillance devices.</p>
<p>Knowledge of the wifi password would
<!-- Copied from workshop/mal.rec. Do not be sufficient to carry
out any significant surveillance if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
manufacturers for snooping.</p>
</li> edit in proprietary-surveillance.html. -->
<li id="M201907210">
<!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google “Assistant” records users' conversations <a
href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even
when it is not supposed to listen</a>. Thus, when one of Google's
subcontractors discloses a thousand confidential voice recordings,
users were easily identified from these recordings.</p>
<p>Since Google “Assistant” uses proprietary software, there is no
way to see or control what it records or sends.</p>
<p>Rather than trying to better control the use of recordings, Google
should not record or listen to the person's voice. It should only
get commands that the user wants to send to some Google service.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201905061">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Alexa collects a lot more information from users
than is necessary for correct functioning (time, location,
recordings made without a legitimate prompt), and sends
it to Amazon's servers, which store it indefinitely. Even
worse, Amazon forwards it to third-party companies. Thus,
even if users request deletion of their data from Amazon's servers, <a
href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
href="https://web.archive.org/web/20190507014804/https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
the data remain on other servers</a>, where they can be accessed by
advertising companies and government agencies. In other words,
deleting the collected information doesn't cancel the wrong of
collecting it.</p>
<p>Data collected by devices such as the Nest thermostat, the Philips
Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
speakers are likewise stored longer than necessary on the servers
the devices are tethered to. Moreover, they are made available to
Alexa. As a result, Amazon has a very precise picture of users' life
at home, not only in the present, but in the past (and, who knows,
in the future too?)</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201904240">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some of users' commands to the Alexa service are <a
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
recorded for Amazon employees to listen to</a>. The Google and Apple
voice assistants do similar things.</p>
<p>A fraction of the Alexa service staff even has access to <a
href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788">
href="https://news.bloomberglaw.com/tech-and-telecom-law/amazons-alexa-reviewers-can-access-customers-home-addresses">
location and other personal data</a>.</p>
<p>Since the client program is nonfree, and data processing is done
“<a href="/philosophy/words-to-avoid.html#CloudComputing">in
the cloud</a>” (a soothing way of saying “We won't
tell you how and where it's done”), users have no way
to know what happens to the recordings unless human eavesdroppers <a
href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
href="https://web.archive.org/web/20240416214211/https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
break their non-disclosure agreements</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902080">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The HP <a
href="https://boingboing.net/2019/02/08/inkjet-dystopias.html">
“ink subscription” cartridges have DRM that constantly
communicates with HP servers</a> to make sure the user is still
paying for the subscription, and hasn't printed more pages than were
paid for.</p>
<p>Even though the ink subscription program may be cheaper in some
specific cases, it spies on users, and involves totally unacceptable
restrictions in the use of ink cartridges that would otherwise be in
working order.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201808120">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Crackers found a way to break the security of an Amazon device,
and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
turn it into a listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
easier for Amazon. And if some government such as China or the US
told Amazon to do this, or cease to sell the product in that country,
do you think Amazon would have the moral fiber to say no?</p>
<p><small>(These crackers are probably hackers too, but please <a
href="https://stallman.org/articles/on-hacking.html"> don't use
“hacking” to mean “breaking security”</a>.)</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201804140">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A medical insurance company <a
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next">
href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next/">
offers a gratis electronic toothbrush that snoops on its user by
sending usage data back over the Internet</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201708230">
<!--#set var="DATE" value='<small class="date-tag">2017-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Sonos <a
href="https://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/">
told all its customers, “Agree”
to snooping or the product will stop working</a>. <a
href="https://www.consumerreports.org/consumerist/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/">
Another article</a> says they won't forcibly change the software, but
people won't be able to get any upgrades and eventually it will
stop working.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201706204">
<!--#set var="DATE" value='<small class="date-tag">2017-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Lots of “smart” products are designed <a
href="http://enews.cnet.com/ct/42931641:shoPz52LN:m:1:1509237774:B54C9619E39F7247C0D58117DD1C7E96:r:27417204357610908031812337994022">to
href="https://www.cnet.com/pictures/products-with-alexa-built-in-smart-home/?ftag=CAD6b2b181&bhid=27417204357610908031812337994022">to
listen to everyone in the house, all the time</a>.</p>
<p>Today's technological practice does not include any way of making
a device that can obey your voice commands without potentially spying
on you. Even if it is air-gapped, it could be saving up records
about you for later examination.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201407170">
<!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="nest-thermometers">Nest thermometers send <a
href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a
href="https://bgr.com/general/google-nest-jailbreak-hack/">a lot of
data about the user</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201310260">
<!--#set var="DATE" value='<small class="date-tag">2013-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20180911191954/http://consumerman.com/Rent-to-own%20giant%20accused%20of%20spying%20on%20its%20customers.htm">
Rent-to-own computers were programmed to spy on their renters</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareOnWearables">Wearables</h4>
<span class="anchor-reference-id">(<a href="#SpywareOnWearables">#SpywareOnWearables</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201807260">
<!--#set var="DATE" value='<small class="date-tag">2018-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tommy Hilfiger clothing <a
href="https://www.theguardian.com/fashion/2018/jul/26/tommy-hilfiger-new-clothing-line-monitor-customers">will
monitor how often people wear it</a>.</p>
<p>This will teach the sheeple to find it normal that companies
monitor every aspect of what they do.</p>
</li>
</ul>
<h5 id="SpywareOnSmartWatches">“Smart” Watches</h5>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202009100">
<!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Internet-enabled watches with proprietary software
are malware, violating people (specially children's)
privacy. In addition, they have a lot of security flaws. They <a
href="https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/">
permit security breakers (and unauthorized people) to access</a> the watch.</p>
<p>Thus, ill-intentioned unauthorized people can intercept communications between parent and child and spoof messages to and from the watch, possibly endangering the child.</p>
<p><small>(Note that this article misuses the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”
to mean “crackers.”)</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201603020">
<!--#set var="DATE" value='<small class="date-tag">2016-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A very cheap “smart watch” comes with an Android app <a
href="https://www.theregister.co.uk/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
href="https://www.theregister.com/2016/03/02/chinese_backdoor_found_in_ebays_popular_cheap_smart_watch/">
that connects to an unidentified site in China</a>.</p>
<p>The article says this is a back door, but that could be a
misunderstanding. However, it is certainly surveillance, at least.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201407090">
<!--#set var="DATE" value='<small class="date-tag">2014-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>An LG “smart” watch is designed <a
href="http://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
href="https://www.huffingtonpost.co.uk/2014/07/09/lg-kizon-smart-watch_n_5570234.html">
to report its location to someone else and to transmit conversations
too</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInVehicles">Vehicles</h4>
<span class="anchor-reference-id">(<a href="#SpywareInVehicles">#SpywareInVehicles</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202409200">
<!--#set var="DATE" value='<small class="date-tag">2024-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Kia cars were built with a back door that enabled the company's
server to locate them and take control of them. The car owner had
access to these controls through the Kia server. That the
car owner had such control
is not objectionable. However, that Kia itself had such control
is Orwellian, and ought to be illegal. The icing on the Orwellian
cake is that the server had a security fault which <a
href="https://samcurry.net/hacking-kia">allowed absolutely anyone to
activate those controls</a> for any Kia car.</p>
<p>Many people will be outraged at that security bug, but this was
presumably an accident. The fact that Kia had such control over cars
after selling them to customers is what outrages us, and that must
have been intentional on Kia's part.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202403110">
<!--#set var="DATE" value='<small class="date-tag">2024-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20240311120515/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html">
GM is spying on drivers</a> who own or rent their cars, and give
away detailed driving data to insurance companies through data
brokers. These companies then analyze the data, and hike up insurance
prices if they think the data denotes “risky driving.”
For the car to make this data available to anyone but the owner or
renter of the car should be a crime. If the car is owned by a rental
company, that company should not have access to it either.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202311080">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Recent autos offer a feature by which the drivers
can connect their snoop-phones to the car. That feature <a
href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">
snoops on the calls and texts</a> and gives the data to the car
manufacturer, and to the state.</p>
<p>A good privacy law would prohibit cars recording this data about
the users' activities. But not just <em>this</em> data—lots of
other data too.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202309060">
<!--#set var="DATE" value='<small class="date-tag">2023-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In an article from Mozilla, every car brand they researched <a
href="https://www.mozillafoundation.org/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/">
has failed their privacy tests</a>. Some car manufacturers explicitly
mention that they collect data which includes “sexual
activities” and “genetic information”. Not only
collecting any of such data is a huge privacy violation in the first
place, some companies assume drivers and passengers' consent before
they get in the car. Notably, Tesla threatens that the car may be
“inoperable” if the user opts out of data collection.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202304060">
<!--#set var="DATE" value='<small class="date-tag">2023-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tesla cars record videos of activity inside the car, and <a
href="https://arstechnica.com/tech-policy/2023/04/tesla-workers-shared-images-from-car-cameras-including-scenes-of-intimacy/">
company staff can watch those recordings and copy them</a>. Or at
least they were able to do so until last year.</p>
<p>Tesla may have changed some security functions so that this
is harder to do. But if Tesla can get those recordings, that is
because it is planning for some people to use them in some situation,
and that is unjust already. It should be illegal to make a car
that takes photos or videos of the people in the car—or of
people outside the car.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202304010">
<!--#set var="DATE" value='<small class="date-tag">2023-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>GM is switching to a new
audio/video system in its cars in order to <a
href="https://edition.cnn.com/2023/04/01/business/gm-apple-play-evs/index.html">
collect complete information about what people in the car watch or
listen to, and also how they drive</a>.</p>
<p>The new system for navigation and “driving assistance”
will be tethered to various online dis-services, and GM will snoop on
everything the users do with them. But don't feel bad about that,
because some of these subscriptions will be gratis for the first
8 years.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202302280">
<!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Volkswagen <a
href="https://pluralistic.net/2023/02/28/kinderwagen/">
tracks the location of every driver, and sells that data to
third-parties</a>. However, it refuses to use the data to implement a
feature for the benefit of its customers unless they pay extra money
for it.</p>
<p>This came to attention and brought controversy when Volkswagen
refused to locate a car-jacked vehicle with a toddler in it because
the owner of the car had not subscribed to the relevant service.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202105130">
<!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://gizmodo.com/get-ready-for-in-car-ads-1846888390">Ford
is planning to force ads on drivers in cars</a>, with the ability for
the owner to pay extra to turn them off. The system probably imposes
surveillance on drivers too.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202008181">
<!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>New Toyotas will <a
href="https://www.theregister.com/2020/08/18/aws_toyota_alliance/">
upload data to AWS to help create custom insurance premiums</a>
based on driver behaviour.</p>
<p>Before you buy a “connected” car, make sure you can
disconnect its cellular antenna and its GPS antenna. If you want
GPS navigation, get a separate navigator which runs free software
and works with Open Street Map.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201912171">
<!--#set var="DATE" value='<small class="date-tag">2019-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Most modern cars now <a
href="https://boingboing.net/2019/12/17/cars-now-run-on-the-new-oil.html">
record and send various kinds of data to the manufacturer</a>. For
the user, access to the data is nearly impossible, as it involves
cracking the car's computer, which is always hidden and running with
proprietary software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201903290">
<!--#set var="DATE" value='<small class="date-tag">2019-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tesla cars collect lots of personal data, and <a
href="https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html">
when they go to a junkyard the driver's personal data goes with
them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902011">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The FordPass Connect feature of some Ford vehicles has <a
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
href="https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
near-complete access to the internal car network</a>. It is constantly
connected to the cellular phone network and sends Ford a lot of data,
including car location. This feature operates even when the ignition
key is removed, and users report that they can't disable it.</p>
<p>If you own one of these cars, have you succeeded in breaking the
connectivity by disconnecting the cellular modem, or wrapping the
antenna in aluminum foil?</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201811300">
<!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In China, it is mandatory for electric
cars to be equipped with a terminal that <a
href="https://www.apnews.com/4a749a4211904784826b45e812cff4ca">
href="https://apnews.com/article/north-america-ap-top-news-international-news-shanghai-china-4a749a4211904784826b45e812cff4ca">
transfers technical data, including car location,
to a government-run platform</a>. In practice, <a
href="/proprietary/proprietary-surveillance.html#car-spying">
manufacturers collect this data</a> as part of their own spying, then
forward it to the government-run platform.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201810230">
<!--#set var="DATE" value='<small class="date-tag">2018-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>GM <a
href="https://boingboing.net/2018/10/23/dont-touch-that-dial.html">
tracked the choices of radio programs</a> in its
“connected” cars, minute by minute.</p>
<p>GM did not get users' consent, but it could have got that easily by
sneaking it into the contract that users sign for some digital service
or other. A requirement for consent is effectively no protection.</p>
<p>The cars can also collect lots of other data: listening to you,
watching you, following your movements, tracking passengers' cell
phones. <em>All</em> such data collection should be forbidden.</p>
<p>But if you really want to be safe, we must make sure the car's
hardware cannot collect any of that data, or that the software
is free so we know it won't collect any of that data.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711230">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>AI-powered driving apps can <a
href="https://www.vice.com/en/article/43nz9p/ai-powered-driving-apps-can-track-your-every-move">
track your every move</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201607160">
<!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="car-spying">Computerized cars with nonfree software are <a
href="http://www.thelowdownblog.com/2016/07/your-cars-been-studying-you-closely-and.html">
snooping devices</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201602240">
<!--#set var="DATE" value='<small class="date-tag">2016-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="nissan-modem">The Nissan Leaf has a built-in
cell phone modem which allows effectively anyone to <a
href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">
access its computers remotely and make changes in various
settings</a>.</p>
<p>That's easy to do because the system has no authentication
when accessed through the modem. However, even if it asked
for authentication, you couldn't be confident that Nissan
has no access. The software in the car is proprietary, <a
href="/philosophy/free-software-even-more-important.html">which means
it demands blind faith from its users</a>.</p>
<p>Even if no one connects to the car remotely, the cell phone modem
enables the phone company to track the car's movements all the time;
it is possible to physically remove the cell phone modem, though.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201306140">
<!--#set var="DATE" value='<small class="date-tag">2013-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tesla cars allow the company to extract
data remotely and determine the car's location
at any time. (See Section 2, paragraphs b and c of the <a
href="https://www.tesla.com/sites/default/files/pdfs/en_US/tmi_privacy_statement_external_6-14-2013_v2.pdf">
privacy statement</a>.) The company says it doesn't store this
information, but if the state orders it to get the data and hand it
over, the state can store it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201303250">
<!--#set var="DATE" value='<small class="date-tag">2013-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="records-drivers">Proprietary software in cars <a
href="http://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
href="https://www.usatoday.com/story/money/cars/2013/03/24/car-spying-edr-data-privacy/1991751/">
records information about drivers' movements</a>, which is made
available to car manufacturers, insurance companies, and others.</p>
<p>The case of toll-collection systems, mentioned in this article,
is not really a matter of proprietary surveillance. These systems
are an intolerable invasion of privacy, and should be replaced with
anonymous payment systems, but the invasion isn't done by malware. The
other cases mentioned are done by proprietary malware in the car.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInVR">Virtual Reality</h4>
<span class="anchor-reference-id">(<a href="#SpywareInVR">#SpywareInVR</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202008182">
<!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Oculus headsets <a
href="https://www.theverge.com/2020/8/18/21372435/oculus-facebook-login-change-separate-account-support-end-quest-october">require
users to identify themselves to Facebook</a>. This will give Facebook
free rein to pervasively snoop on Oculus users.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201612230">
<!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>VR equipment, measuring every slight motion,
creates the potential for the most intimate
surveillance ever. All it takes to make this potential real <a
href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is
software as malicious as many other programs listed in this
page</a>.</p>
<p>You can bet Facebook will implement the maximum possible
surveillance on Oculus Rift devices. The moral is, never trust a VR
system with nonfree software in it.</p>
</li>
</ul>
<div class="big-section">
<h3 id="SpywareOnTheWeb">Spyware on the Web</h3>
<span class="anchor-reference-id">(<a href="#SpywareOnTheWeb">#SpywareOnTheWeb</a>)</span>
</div>
<div style="clear: left;"></div>
<p>In addition, many web sites spy on their visitors. Web sites are not
programs, so it
<a href="/philosophy/network-services-arent-free-or-nonfree.html">
makes no sense to call them “free” or “proprietary”</a>,
but the surveillance is an abuse all the same.</p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201904210"> id="M202009220">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>' class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>As of April 2019, it is <a
href="https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/">no
longer possible to disable an
unscrupulous tracking anti-feature</a> that
<p>The Markup investigated 80,000 popular web sites and <a
href="https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing">reports
users when
href="https://themarkup.org/blacklight/2020/09/22/blacklight-tracking-advertisers-digital-privacy-sensitive-websites">
reports on how much they follow ping links</a> in Apple Safari, Google Chrome,
Opera, Microsoft Edge and also in snoop on users</a>. Almost 70,000 had
third-party trackers. 5,000 fingerprinted the upcoming Microsoft Edge that is
going browser to be based on Chromium.</p> identify
users. 12,000 recorded the user's mouse clicks and movements.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201901101">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Until 2015, any tweet that listed a geographical tag <a
href="http://web-old.archive.org/web/20190115233002/https://www.wired.com/story/twitter-location-data-gps-privacy/">
sent the precise GPS location to Twitter's server</a>. It still
contains these GPS locations.</p>
</li>
<li id="M201805170">
<!--#set var="DATE" value='<small class="date-tag">2018-05</small>'
--><!--#echo encoding="none" var="DATE"
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<p>The Storyful program <a
href="https://www.theguardian.com/world/2018/may/17/revealed-how-storyful-uses-tool-monitor-what-journalists-watch">spies
on the reporters that use it</a>.</p>
</li>
<li id="M201701060">
<!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>When a page uses Disqus
for comments, the proprietary Disqus software <a
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook">loads
href="https://blog.dantup.com/2017/01/visiting-a-site-that-uses-disqus-comments-when-not-logged-in-sends-the-url-to-facebook/">loads
a Facebook software package into the browser of every anonymous visitor
to the page, and makes the page's URL available to Facebook</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201612064">
<!--#set var="DATE" value='<small class="date-tag">2016-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Online sales, with tracking and surveillance of customers, <a
href="https://www.theguardian.com/commentisfree/2016/dec/06/cookie-monsters-why-your-browsing-history-could-mean-rip-off-prices">enables
businesses to show different people different prices</a>. Most of
the tracking is done by recording interactions with servers, but
proprietary software contributes.</p>
</li>
<li id="M201405140">
<!--#set var="DATE" value='<small class="date-tag">2014-05</small>'
--><!--#echo encoding="none" var="DATE"
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<p><a
href="https://web.archive.org/web/20190421070310/https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/">
Microsoft SkyDrive allows the NSA to directly examine users'
data</a>.</p>
</li>
<li id="M201210240">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many web sites rat their visitors to advertising
networks that track users. Of the top 1000 web sites, <a
href="https://www.law.berkeley.edu/research/bclt/research/privacy-at-bclt/web-privacy-census/">84%
(as of 5/17/2012) fed their visitors third-party cookies, allowing
other sites to track them</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201208210">
<!--#set var="DATE" value='<small class="date-tag">2012-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many web sites report all their visitors
to Google by using the Google Analytics service, which <a
href="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">
href="https://www.pcworld.com/article/460787/google_analytics_breaks_norwegian_privacy_laws_local_agency_said.html">
tells Google the IP address and the page that was visited</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201200000">
<!--#set var="DATE" value='<small class="date-tag">[2012]</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many web sites try to collect users' address books (the user's list
of other people's phone numbers or email addresses). This violates
the privacy of those other people.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201110040">
<!--#set var="DATE" value='<small class="date-tag">2011-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Pages that contain “Like” buttons <a
href="https://www.smh.com.au/technology/facebooks-privacy-lie-aussie-exposes-tracking-as-new-patent-uncovered-20111004-1l61i.html">
enable Facebook to track visitors to those pages</a>—even users
that don't have Facebook accounts.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInJavaScript">JavaScript</h4>
<span class="anchor-reference-id">(<a href="#SpywareInJavaScript">#SpywareInJavaScript</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202204280">
<!--#set var="DATE" value='<small class="date-tag">2022-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The US government <a
href="https://themarkup.org/pixel-hunt/2022/04/28/applied-for-student-aid-online-facebook-saw-you">sent
personal data to Facebook</a> for every college student that applied
for US government student aid. It justified this as being for a
“campaign.”</p>
<p>The data included name, phone number and email address. This shows
the agency didn't even make a handwaving attempt to anonymize the
student. Not that anonymization usually does much good—but
the failure to even try shows that the agency was completely blind
to the issue of respecting students' privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201811270">
<!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Many web sites use JavaScript code <a
href="http://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
href="https://gizmodo.com/before-you-hit-submit-this-company-has-already-logge-1795906081">
to snoop on information that users have typed into a
form but not sent</a>, in order to learn their identity. Some are <a
href="https://www.manatt.com/insights/newsletters/advertising-law/sites-illegally-tracked-consumers-new-suits-allege">
getting sued</a> for this.</p>
<p>The chat facilities of some customer services use the same sort of
malware to <a
href="https://gizmodo.com/be-warned-customer-service-agents-can-see-what-youre-t-1830688119">
read what the user is typing before it is posted</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201807190">
<!--#set var="DATE" value='<small class="date-tag">2018-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>British Airways used <a
href="https://www.theverge.com/2018/7/19/17591732/british-airways-gdpr-compliance-twitter-personal-data-security">nonfree
JavaScript on its web site to give other companies personal data on
its customers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201712300">
<!--#set var="DATE" value='<small class="date-tag">2017-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some JavaScript malware <a
href="https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research">
swipes usernames from browser-based password managers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201711150">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some websites send
JavaScript code to collect all the user's input, <a
href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/">which
can then be used to reproduce the whole session</a>.</p>
<p>If you use LibreJS, it will block that malicious JavaScript
code.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInFlash">Flash</h4>
<span class="anchor-reference-id">(<a href="#SpywareInFlash">#SpywareInFlash</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201310110">
<!--#set var="DATE" value='<small class="date-tag">2013-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Flash and JavaScript are used for <a
href="http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
href="https://arstechnica.com/information-technology/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/">
“fingerprinting” devices</a> to identify users.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201003010">
<!--#set var="DATE" value='<small class="date-tag">2010-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Flash Player's <a
href="https://web.archive.org/web/20200808151607/http://www.imasuper.com/2008/10/09/flash-cookies-the-silent-privacy-killer/">
cookie feature helps web sites track visitors</a>.</p>
</li>
</ul>
<div class="big-subsection">
<h4 id="SpywareInChrome">Chrome</h4>
<span class="anchor-reference-id">(<a href="#SpywareInChrome">#SpywareInChrome</a>)</span>
</div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202109210">
<!--#set var="DATE" value='<small class="date-tag">2021-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google's proprietary Chrome web browser <a
href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/">
added a surveillance API (idle detection API)</a> which lets
websites ask Chrome to report when a user with a web page open is
idle.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201906220">
<!--#set var="DATE" value='<small class="date-tag">2019-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Chrome is an <a
href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/">
instrument of surveillance</a>. It lets thousands of trackers invade
users' computers and report the sites they visit to advertising and
data companies, first of all to Google. Moreover, if users have a
Gmail account, Chrome automatically logs them in to the browser for
more convenient profiling. On Android, Chrome also reports their
location to Google.</p>
<p>The best way to escape surveillance is to switch to <a
href="/software/icecat/">IceCat</a>, a modified version of Firefox
with several changes to protect users' privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201704131">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Low-priced Chromebooks for schools are <a
href="https://www.eff.org/wp/school-issued-devices-and-student-privacy">
collecting far more data on students than is necessary, and store
it indefinitely</a>. Parents and students complain about the lack
of transparency on the part of both the educational services and the
schools, the difficulty of opting out of these services, and the lack
of proper privacy policies, among other things.</p>
<p>But complaining is not sufficient. Parents, students and teachers
should realize that the software Google uses to spy on students is
nonfree, so they can't verify what it really does. The only remedy is
to persuade school officials to <a href="/education/edu-schools.html">
exclusively use free software</a> for both education and school
administration. If the school is run locally, parents and teachers
can mandate their representatives at the School Board to refuse the
budget unless the school initiates a switch to free software. If
education is run nation-wide, they need to persuade legislators
(e.g., through free software organizations, political parties,
etc.) to migrate the public schools to free software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201507280">
<!--#set var="DATE" value='<small class="date-tag">2015-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Chrome makes it easy for an extension to do <a
href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total
snooping on the user's browsing</a>, and many of them do so.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201506180">
<!--#set var="DATE" value='<small class="date-tag">2015-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Chrome includes a module that <a
href="https://www.privateinternetaccess.com/blog/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">
activates microphones and transmits audio to its servers</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201308040">
<!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Chrome <a
href="https://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
href="https://web.archive.org/web/20151018132125/http://www.brad-x.com/2013/08/04/google-chrome-is-spyware/">
spies on browser history, affiliations</a>, and other installed
software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M200809060">
<!--#set var="DATE" value='<small class="date-tag">2008-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Chrome contains a key logger that <a
href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/">
sends Google every URL typed in</a>, one key at a time.</p>
</li>
</ul>
<div class="big-section">
<h3 id="SpywareInNetworks">Spyware in Networks</h3>
<span class="anchor-reference-id">(<a href="#SpywareInNetworks">#SpywareInNetworks</a>)</span>
</div>
<div style="clear: left;"></div>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202202151">
<!--#set var="DATE" value='<small class="date-tag">2022-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Honorlock set a network of fake test answer
honeypot sites, tempting people to get exam answers, but <a
href="https://themarkup.org/machine-learning/2022/02/15/a-network-of-fake-test-answer-sites-is-trying-to-incriminate-students">that
is a way to entrap students, so as to identify them and punish
them</a>, using nonfree JS code to identify them.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202110250">
<!--#set var="DATE" value='<small class="date-tag">2021-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Ed Tech
<p>EdTech companies use their surveillance power to
manipulate students, and direct them into tracks towards various
levels of knowledge, power and prestige. The article argues that <a
href="https://blogs.lse.ac.uk/medialse/2021/10/25/algorithmic-injustice-in-education-why-tech-companies-should-require-a-license-to-operate-in-childrens-education/">these
companies should obtain licenses to operate</a>. That wouldn't hurt,
but it doesn't address the root of the problem. All data acquired
in a school about any student, teacher, or employee must not leave
the school, and must be kept in computers that belong to the school
and run free (as in freedom) software. That way, the school district
and/or parents can control what is done with those data.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202105060">
<!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://me2ba.org/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
href="https://internetsafetylabs.org/blog/news-press/me2ba-product-testing-spotlight-report-published-data-sharing-in-primary-secondary-school-mobile-apps-2/">60%
of school apps are sending student data to potentially high-risk
third parties</a>, putting students and possibly all other school
workers under surveillance. This is made possible by using unsafe
and proprietary programs made by data-hungry corporations.</p>
<p><small>Please note that whether students consent to this or not,
doesn't justify the surveillance they're imposed to.</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202105030">
<!--#set var="DATE" value='<small class="date-tag">2021-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The United States' government is reportedly considering <a
href="https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/">teaming
up with private companies to monitor American citizens' private online
activity and digital communications</a>.</p>
<p>What creates the opportunity to try this is the fact that these
companies are already snooping on users' private activities. That
in turn is due to people's use of nonfree software which snoops,
and online dis-services which snoop.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202102160">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google <a
href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed
over personal data of Indian protesters and activists to Indian
police</a> which led to their arrest. The cops requested the IP
address and the location where a document was created and with that
information, they identified protesters and activists.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202012250">
<!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The HonorLock online exam
proctoring program is a surveillance tool that <a
href="https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps">tracks
students and collects data</a> such as face, driving license, and
network information, among others, in blatant violation of students'
privacy.</p>
<p>Preventing students from cheating should not be an excuse for
running malware/spyware on their computers, and it's good that students
are protesting. But their petitions overlook a crucial issue, namely,
the injustice of being forced to run nonfree software in order to
get an education.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202009070">
<!--#set var="DATE" value='<small class="date-tag">2020-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>While the world is still
struggling with COVID-19 coronavirus, many <a
href="https://mashable.com/article/privacy-in-the-age-of-coronavirus/">people
href="https://mashable.com/article/privacy-in-the-age-of-coronavirus">people
are in danger of surveillance</a> and their computers are infected
with malware as a result of installing proprietary software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M202004301">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/">are
href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex-a7383469308/">are
collecting user's personal and identifiable data</a> including how long
a call lasts, who's participating in the call, and the IP addresses
of everyone taking part. From experience, this can even harm users
physically if those companies hand over data to governments.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201905281">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://answers.microsoft.com/en-us/outlook_com/forum/all/why-does-my-new-e-mail-account-need-a-phone-number/70049eaf-3b66-4d02-87cc-79dc73c2ea08">forces
people to give their phone number</a> in order to be able to create an account on
the company's network. On top of mistreating their users by providing
nonfree software, Microsoft is tracking their lives outside the computer and
violates their privacy.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201902040">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google invites people to <a
href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss">
let Google monitor their phone use, and all internet use in their
homes, for an extravagant payment of $20</a>.</p>
<p>This is not a malicious functionality of a program with some other
purpose; this is the software's sole purpose, and Google says so. But
Google says it in a way that encourages most people to ignore the
details. That, we believe, makes it fitting to list here.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201808131">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google
will track people even if people turn off location history</a>, using
Google Maps, weather updates, and browser searches. Google basically
uses any app activity to track people.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201808130">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Since the beginning of 2017, <a
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">Android
href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled">Android
phones have been collecting the addresses of nearby cellular
towers</a>, even when location services are disabled, and sending
that data back to Google.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201606030">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Investigation Shows <a
href="https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml">GCHQ
href="https://www.techdirt.com/2016/06/03/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions/">GCHQ
Using US Companies, NSA To Route Around Domestic Surveillance
Restrictions</a>.</p>
<p>Specifically, it can collect the emails of members of Parliament
this way, because they pass it through Microsoft.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-surveillance.html. -->
<li id="M201212290">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Cisco TNP IP phones are <a
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
href="https://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
spying devices</a>.</p>
</li>
</ul>
</div>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2015-2021 2015-2025 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025/05/08 09:07:45 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>