Additions to the Malware Section

These are all the malware items that have been added to this directory since 2018, in reverse chronological order. (In some cases, the latest reference was updated after the item was added.)

Added: 2025年10月21日 — Latest reference: 2025年10月13日
Jeep forced a software change into certain cars. In addition to being unjust, this one was dangerous too.
Added: 2025年10月13日 — Latest reference: 2023年03月08日
Motorola ships Android phones with a locked bootloader, offering a method to unlock the devices. The method involves creating an account, which requires running nonfree JavaScript and disclosing personal data as well as identifying at least your phone's model.

This puts users in danger of privacy breaches in exchange for permission to modify the software that runs in a device they own. Users should be free to modify this and all software as they wish, without interference from the manufacturer or developer.

Back in 2013 (when the company was owned by Google) someone found a way to crack the bootloader restrictions. Android developers also provide a lock/unlock method.
Added: 2025年09月20日 — Latest reference: 2025年07月25日
Echelon forcefully downgraded the firmware of its home gym equipment so that the devices will provide their full capabilities only if connected to Echelon's servers and only with a paid subscription, all the while breaking compatibility with third party apps that offer additional functionalities. Efforts to restore offline functionality were successful, but the fix can't be released due to section 1201 of the DMCA.

Note that those articles mention “open source”; the GNU Project recommends the expression free/libre software instead.
Added: 2025年09月05日 — Latest reference: 2025年08月27日
Google has announced the inclusion of a “security” measure in Android “smartphones,” which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.

The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.

Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?
Added: 2025年08月24日 — Latest reference: 2025年08月06日
Academic researchers have published an attack that led Google's supposed “intelligence” [*] to obey malicious commands to manipulate devices in the user's home.

Giving Google control of your devices, or control of your own computing that you do on their servers, inevitably makes you vulnerable to Google.

This announcement shows that the vulnerability includes third-party crackers [**] too.

The article says that the crack discoverers worked with Google to “mitigate“ the danger. What, concretely, does “mitigate“ mean here? Probably in this case it is a weasel word to suggest fixing a problem without claiming to have fixed it.

[*] Let's not call these systems “artificial intelligence.” Intelligence is something they do not have.

[**] Please note that the article wrongly refers to crackers as “hackers.”
Added: 2025年08月06日 — Latest reference: 2025年07月27日
Samsung disabled the option to unlock the bootloader in the new version of its proprietary Android distribution, making it impossible for users to install a third-party operating system on their mobile devices. This takes away people's right to run the system of their choice (which we hope is a free/libre system), and to extend the life of their device once Samsung stops supporting its software.
Added: 2025年06月13日 — Latest reference: 2025年06月03日
Researchers discovered that the Meta Pixel and Yandex Metrica trackers, which are embedded in many websites, have been spying on behalf of the native Meta and Yandex Android apps respectively, by taking advantage of security flaws in the Android API. When the user of an Android device accessed these pages with a browser such as Chrome, the trackers made all browsing data available to the native apps running in the background. The data could then be correlated to the user account or the Android Advertising ID, i.e. de-anonymized.

Although Meta and Yandex have discontinued this type of spying, they may resume it in the future, possibly with other methods, and we don't know which other companies might follow their example. A foolproof way to avoid this sort of tracking is to refrain from installing any proprietary apps on a “smart”phone, especially if the app has a way of identifying users. To avoid proprietary apps, we recommend using the F-Droid store instead of Google Play.

Since most trackers, including the Meta Pixel and Yandex Metrica, are nonfree JavaScript programs, it is also good practice to prevent nonfree JavaScript from running in the browser, with an add-on such as GNU LibreJS.
Added: 2025年06月08日 — Latest reference: 2025年05月15日
Denuvo is a digital restrictions management (DRM) system that is integrated into the code of some PC games, as an “anti-piracy solution.” But what Denuvo does, really, is to make the games Defective by design.
- It requires periodic connection to the Denuvo servers, even for games that can be played locally. As a result, a number of games became unplayable when these servers stopped working.
- It limits the number of operating systems a game can be played on. This affects GNU/Linux users who try different versions of the Proton compatibility layer to play a game made for Windows.
- It has a detrimental effect on game performance.
Of course, gamers hate Denuvo. But hate is useless. They should go one step further, and stop buying games that use DRM.
Added: 2025年06月04日 — Latest reference: 2025年03月15日
Amazon arbitrarily decided to make all Echo devices send all the audio they hear to Amazon servers, even if the “owner” of the device specified local processing.

The server will figure out what (if anything) someone asked it to do.

What else will it do with that recording? There are no limits except management's will. It might save some of the utterances it hears, and present them years later to the political police.
Added: 2025年05月30日 — Latest reference: 2025年05月10日
With Windows 10 soon reaching obsolescence, users whose computer is not modern enough are facing unjust choices, such as paying for updates or buying a new computer. But their best option is to replace Windows with a free operating system, and enjoy the freedom and justice it brings them.
Added: 2025年05月28日 — Latest reference: 2025年05月19日
Microsoft Teams has been collecting voice and face data from students of an Australian school, to feed the CoPilot chatbot. It took the school network administrators a whole month to realize what was happening, and disable this malfeature. It was obviously beyond their imagination that Microsoft could have made biometric data collection the default in Teams!

Let's hope legislators and regulatory agencies all over the world will quickly put a stop to this sort of outrageous practice.

In any case people would be better off switching to a free-software replacement such as Jitsi Meet for medium-size groups, or Big Blue Button for larger ones. Many public instances are available, and groups of users can also set up their own servers.
Added: 2025年05月26日 — Latest reference: 2025年05月10日
Nintendo has been known to remotely brick the Wii until users consented to new, more restrictive legal terms. This company is now pushing tyranny even further: in the 2025 update of its User Account Agreement, it warns that Switch consoles may be permanently bricked if they are not used as authorized.

In addition, Nintendo can record audio and video chats for moderation purposes. User's consent is required, but there is no guarantee that the recordings will not be sent to third parties. In short, there is no privacy in these chats.

If you ever consider buying a Switch, think twice, because you will not own it. Nintendo will.
Added: 2025年05月25日 — Latest reference: 2024年12月12日
BeReal, a nonfree social media app, pressures users into giving their consent to tracking by means of dark patterns and harrassment.
Added: 2025年05月18日 — Latest reference: 2025年04月16日
Synology forces users to install self-branded hard drives in some of its recent NAS systems on pretext of reliability, by blocking critical functions of drives that were purchased from other sources, and cutting down on support. Synology does this by replacing the original firmware with custom firmware that acts like DRM.
Added: 2025年05月17日 — Latest reference: 2025年03月05日
When connected to the internet, some Brother printers suffer a firmware downgrade that degrades the printing quality when using third-party toner. This proves that these printers have a back door which lets Brother control them.

As a general precaution, users should make sure their printer can't connect to the manufacturer's server, for example by shielding it from the internet by a firewall. This will not restore the ability of printers to use third-party toner if they have already lost it, but will prevent any future downgrades. All printer manufacturers are concerned, not only Brother.
Added: 2025年05月09日 — Latest reference: 2022年05月13日
Apple has been labeling various third-party files and programs as “damaged”, preventing users from opening them, and implying that software from third-party sources is dangerous. While these restrictions can be circumvented, they violate users' freedom to do their computing as they wish. Most of the time, the purpose of warnings such as “damaged” is to scare users into sticking with Apple's proprietary programs for no good reason.
Added: 2025年05月04日 — Latest reference: 2025年03月28日
Microsoft is tightening the chains that force Windows useds to sign into their Microsoft account [*], thus identifying themselves. We suspect this is an intentional strategy to avoid inspiring a lot of resistance all at once: leave openings to escape identification, then gradually close them.

Enough is enough!

[*] Why “useds”? Because running Windows is not you using Windows; it is Windows using you.
Added: 2025年04月03日 — Latest reference: 2024年07月20日
The company making a “smart” bassinet called Snoo has locked the most advanced functionalities of the Snoo behind a paywall. This unexpected change mainly affects users who received the appliance as a gift, or bought it second-hand on the assumption that all these functionalities would be available to them, as they used to be. This is another example of the deceptive behavior of proprietary software developers who take advantage of their power over users to change rules at will.

Another malicious feature of the Snoo is the fact that users need to create an account with the company, which thus has access to personal data, location (SSID), appliance log, etc., as well as manual notes about baby history.
Added: 2025年04月01日 — Latest reference: 2018年07月11日
Nintendo has devoted a lot of effort to preventing users from installing third-party software on its Switch consoles. These are now full-blown jails.
Added: 2025年03月30日 — Latest reference: 2025年02月21日
Apple stopped offering iCloud end-to-end encryption in the UK after the UK government demanded worldwide access to encrypted user data. This is one more proof that storing your own data “in the cloud” puts it at risk.
Added: 2025年03月30日 — Latest reference: 2025年01月17日
Canon is preventing customers from using one of its cameras as a webcam unless they create an account on the company's server, and pay an additional subscription. This unjust practice could be eliminated if the camera firmware were free (as in freedom).
Added: 2025年03月17日 — Latest reference: 2024年08月14日
A critical vulnerability in Windows systems that support IPv6 was discovered in 2024, 16 years after the first affected system was released. Unless the relevant patch is applied, an attacker can remotely execute arbitrary code on these systems. Microsoft considers exploits “likely.”

The same sort of vulnerability in a free/libre operating system would probably be discovered sooner, since many more people would be able to look at the source code.
Added: 2025年03月16日 — Latest reference: 2024年11月04日
The Pixel 9 “smart”phone frequently updates Google servers with its location and current configuration along with personally identifiable data, raising concerns about user privacy. Moreover, it communicates with services that are not in use, and periodically attempts to download experimental, possibly insecure software. The system does not inform the user that it is doing all this.

There is hope, however: it is possible to replace the original Android operating system with a deGoogled version in Pixel phones up to 8a, and in phones from many other brands. No doubt that the Pixel 9 will be supported soon.
Added: 2025年03月11日 — Latest reference: 2023年12月04日
Bungie's Destiny 2 is plagued with two major flaws:
- Like all proprietary tethered games, it can't be played when the company's servers are offline.
- Ever since Bungie chose BattlEye as an anti-cheat program, Destiny 2 has been incompatible with GNU/Linux [this page can't be viewed without JavaScript]. Bungie forces Steam Deck users to replace SteamOS with Windows, or play from Edge browser. This doesn't have to be so, as several other games that use BattlEye do support GNU/Linux systems. Rather than doing the necessary adjustments, Bungie forces users to run nonfree software in order to keep an absolute control over them.
Added: 2025年03月11日 — Latest reference: 2018年01月26日
Google's ad platform enabled advertisers to run cryptocurrency miner code on the computers of YouTube users through proprietary JavaScript. Some people noticed this, and the outrage made Google remove the miners, but the number of affected users was probably very high.
Added: 2025年03月08日 — Latest reference: 2025年02月28日
Microsoft is shutting down Skype on May 5th, 2025. As with other tethered proprietary programs, users have to rely on servers that are controlled by the developer. When these servers shut down, the service disappears. Instead of migrating to the service that Microsoft suggests as a replacement, Skype users should regain control of their communications by switching to one that is based on free software. Jitsi Meet, for example, is appropriate for small video meetings. Anyone can set up a Jitsi server and let other people use it, and indeed many of these are available around the world.
Added: 2025年03月08日 — Latest reference: 2025年02月23日
Outlook has become a “data collection and ad delivery service”. Since Outlook is now integrated with Microsoft “cloud” services, and doesn't support end-to-end encryption, the company has full access to users' emails, contacts, and calendar events. Microsoft may also retrieve credentials associated with any third-party services that are synchronized with Outlook. This trove of personal data enables Microsoft, as well as its commercial partners, to flood users with targeted ads, and possibly to train “artificial intelligences.” Even worse, this data is available to any government that can force Microsoft to hand it over.
Added: 2025年03月07日 — Latest reference: 2024年11月11日
Ubisoft is facing a fraud lawsuit for shutting down the proprietary video game The Crew, which was tethered to its servers. As this game can't be played offline, people who used to think they owned a copy of it are now realizing they only bought a license that could be revoked at will by the developer.

This is one more example of what tethering of a proprietary program leads to. If The Crew were free software, its users would be able to set up another server, and keep on playing.
Added: 2025年03月07日 — Latest reference: 2024年07月30日
In its default configuration, Windows 11 now uploads users' files and personal information to Microsoft's “cloud” without asking permission to do so. This is presented as a convenient backup method, but if the allotted storage capacity is exceeded, the user will need to buy more space, increasing Microsoft's profit.

However, this small profit is probably not the company's major reason for making cloud storage the default. Here is an excerpt from the Microsoft Services agreement (Section 2b):

To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant to Microsoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services.

We strongly suspect that the backed-up material is used to feed Microsoft's greedy “AI.” In addition, it is most likely analysed to better profile users in order to flood them with targeted ads, thereby generating more profit.

Users, on the other hand, are at the mercy of any entity that demands their data, let alone of any cracker that breaks into Microsoft's servers. They must escape from this sick environment, and install a sane free/libre system.
Added: 2025年03月02日 — Latest reference: 2024年12月25日
Windows Defender deletes downloaded files that it considers malware as soon as they are saved to disk, without requesting permission to do so. Many angry users have complained about this unacceptable behavior over the last few years, and even suggested fixes, but Microsoft has ignored them. It is high time for Windows users to escape Microsoft's tyranny by migrating to a free/libre system.
Added: 2025年03月02日 — Latest reference: 2024年11月05日
As of 2021, preinstallation of Russian-made proprietary software has been mandatory on new computers and “smart” devices sold in Russia, under threat of a fine for the retailer, and the list of mandatory applications keeps growing. This gives the government a convenient way to censor information, spy on people's online activity, and restrict free speech.
Added: 2025年03月02日 — Latest reference: 2024年06月10日
In its terms of service, Adobe gives itself permission to spy on material that people upload to its servers, supposedly for moderation purposes. In spite of Adobe's denial, we can expect that sooner or later it will use this material to train its so-called “artificial intelligence,” and will claim that by agreeing to the terms of service users gave it the right to do so.
Added: 2025年03月02日 — Latest reference: 2024年04月26日
Microsoft has started to show ads in the “Recommended” section of the Windows 11 Start menu. Previously, this section only included recently used documents and images. Now it also contains the icons of apps Microsoft wants to advertise, in the hope that the user will click on one of them, and buy the app. So far, the user can disable the ads, but this doesn't make them more legitimate.
Added: 2025年03月01日 — Latest reference: 2024年11月22日
Windows Recall is a feature of Microsoft's Copilot tool that comes preinstalled on AI-specialized computers. Recall records everything users do on their computer and allows them to search the recordings, but it has numerous security flaws and poses a risk to privacy. As Recall cannot be completely uninstalled, disabling it doesn't eliminate the risk because it can be reactivated by malware or misconfiguration.

Microsoft says that Recall will not take screenshots of digitally restricted media. Meanwhile, it stores sensitive user information such as passwords and bank account numbers, showing that whereas Microsoft worries somewhat about corporate interests, it couldn't care less about user privacy.
Added: 2025年02月23日 — Latest reference: 2019年07月22日
In 2019, Google revoked users' ability to turn off the “pull-to-refresh” gesture in Chrome for Android. Despite thousands of protests by frustrated users, Google has not reverted its decision. Proprietary software developers are known for ignoring users' requests in favor of their own gain and convenience. Only free software gives users control over their own computing.
Added: 2025年02月19日 — Latest reference: 2023年06月01日
Eclypsium discovered an insecure universal back door on many computers using Gigabyte mainboards. Gigabyte designed their nonfree firmware so they could add a program to Windows to download additional software from the Internet, and run it behind the user's back.

To add injury to injury, the back-door program was insecure, and opened ways for crackers to run their own programs on the affected systems, also behind the user's back. Gigabyte's “solution” was to ensure the back door would only run programs from Gigabyte.

In this case, the back door required the connivance of Windows accepting the program, and running it behind the user's back. Free operating systems rightly ignore such “Greek gifts,” so users of GNU (including GNU/Linux) are safe from this particular back door, even on affected hardware.

Nonfree software does not make your computer secure—it does the opposite: it prevents you from trying to secure it. When nonfree programs are required for booting and impossible to replace, they are, in effect, a low-level rootkit. All the things that the industry has done to make its power over you secure against you also protect firmware-level rootkits against you.

Instead of allowing Intel, AMD, Apple and perhaps ARM to impose security through tyranny, we should demand laws that require them to allow users to install their choice of startup software and make available the information needed to develop such. Think of this as right-to-repair at the initialization stage.

Note: Eclypsium at least mentions the problem of “unwanted behavior within official firmware,” but does not seem to recognize that the only real solution is for firmware to be free, so users can fix these problems without having to rely on the vendor.
Added: 2025年02月02日 — Latest reference: 2025年01月29日
Google is forcing its bullshit generator, Gemini, on many users of Gmail without asking them, and not even offering the users a way to deactivate it.

Workplace IT managers, whose employees are forced to use Gmail, can get it turned off after a laborious procedure, followed by waiting—the darkest of dark patterns.
Added: 2024年11月26日 — Latest reference: 2024年09月20日
Kia cars were built with a back door that enabled the company's server to locate them and take control of them. The car owner had access to these controls through the Kia server. That the car owner had such control is not objectionable. However, that Kia itself had such control is Orwellian, and ought to be illegal. The icing on the Orwellian cake is that the server had a security fault which allowed absolutely anyone to activate those controls for any Kia car.

Many people will be outraged at that security bug, but this was presumably an accident. The fact that Kia had such control over cars after selling them to customers is what outrages us, and that must have been intentional on Kia's part.
Added: 2024年11月21日 — Latest reference: 2024年11月03日
Dating apps exploit their users; fundamental features require an expensive subscription, and they are designed to be addictive.
Added: 2024年11月19日 — Latest reference: 2023年09月08日
BMW has retreated from making car owners pay for a subscription to the heated seats feature.

Customers rejected it. Bravo for them!

Instead BMW plans to require subscriptions for digital services and disservices—things related to the Orwellian tracking done by any “connected” car.
Added: 2024年11月10日 — Latest reference: 2023年12月27日
A back door in Apple devices, present and abused from at least 2019 until 2023, allowed crackers to have full control over them by sending iMessage texts that installed malware without any action on the user's part. Infections, among other things, gave the intruders access to owners' microphone recordings, photos, location and other personal data.
Added: 2024年07月31日 — Latest reference: 2024年05月24日
Spotify sold a music streaming device but they no longer support it. Due to its proprietary nature, it can no longer be updated or even used. Users requested Spotify to make the software that runs on the device libre, and Spotify refused, so these devices are now e-waste. Spotify is now offering refunds to save the purchasers from losing money on these products, but this wouldn't prevent the products from being e-waste, and wouldn't save users from being jerked around by Spotify. This is an example of how software that is not free controls the user instead of the user controlling the software. It is also an important lesson for us to insist the software in a device be libre before we buy it.
Added: 2024年05月23日 — Latest reference: 2024年03月15日
Microsoft is using malware tactics to get users to switch to their web browser, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.
Added: 2024年04月07日 — Latest reference: 2024年03月11日
GM is spying on drivers who own or rent their cars, and give away detailed driving data to insurance companies through data brokers. These companies then analyze the data, and hike up insurance prices if they think the data denotes “risky driving.” For the car to make this data available to anyone but the owner or renter of the car should be a crime. If the car is owned by a rental company, that company should not have access to it either.
Added: 2024年02月22日 — Latest reference: 2023年12月23日
Surveillance cameras put in by government A to surveil for it may be surveilling for government B as well. That's because A put in a product made by B with nonfree software.

(Please note that this article misuses the word “hack” to mean “break security.”)
Added: 2024年01月20日 — Latest reference: 2023年11月10日
Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, forcing them to give the reason why they were closing it. This prompt was removed after public pressure.

This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!
Added: 2024年01月18日 — Latest reference: 2024年01月18日
UHD Blu-ray disks are encrypted with AACS, one of the worst kinds of DRM. Playing them on a PC requires software and hardware that meet stringent proprietary specifications, which developers can only obtain after signing an agreement that explicitly forbids them from disclosing any source code.
Added: 2024年01月03日 — Latest reference: 2023年12月06日
Newag, a Polish railway manufacturer, puts DRM inside trains to prevent third-party repairs.
- The train's software contains code to detect if the GPS coordinates are near some third party repairers, or the train has not been running for some time. If yes, the train will be “locked up” (i.e. bricked). It was also possible to unlock it by pressing a secret combination of buttons in the cockpit, but this ability was removed by a manufacturer's software update.
- The train will also lock up after a certain date, which is hardcoded in the software.
- The company pushes a software update that detects if the DRM code has been bypassed, i.e. the lock should have been engaged but the train is still operational. If yes, the controller cabin screen will display a scary message warning about “copyright violation”.
Added: 2024年01月03日 — Latest reference: 2023年11月30日
x86 and ARM based computers shipped with UEFI are potentially vulnerable to a design omission called LogoFAIL. A cracker can replace the BIOS logo with a fake one that contains malicious code. Users can't fix this omission because it is in the nonfree UEFI firmware that users can't replace.
Added: 2024年01月03日 — Latest reference: 2023年11月08日
Recent autos offer a feature by which the drivers can connect their snoop-phones to the car. That feature snoops on the calls and texts and gives the data to the car manufacturer, and to the state.

A good privacy law would prohibit cars recording this data about the users' activities. But not just this data—lots of other data too.
Added: 2023年12月30日 — Latest reference: 2018年09月17日
Clash Royale is an online game with an “optimized” gacha system that makes it very addictive for players, and very profitable for its developers.
Added: 2023年12月26日 — Latest reference: 2023年09月05日
Google Nest snooper/surveillance cameras are always tethered to Google servers, record videos 24/7, and are subscription-based, which is an injustice to people who use them. The article discusses the rise in prices for “plans” you can buy from Google, which include storing videos in the “cloud”—another word for someone else's computer.
Added: 2023年12月20日 — Latest reference: 2023年11月30日
To block non-Apple repairs, Apple encodes the iMonster serial number in the original parts. This is called “parts pairing”. Swapping parts between working iMonsters of the same model causes malfunction or disabling of some functionalities. Part replacement may also trigger persistent alerts, unless it is done by an Apple store.
Added: 2023年12月09日 — Latest reference: 2023年11月09日
Samsung's Push Service proprietary app sends notifications to the user's phone about “updates” in Samsung apps, including the Gaming Hub, but these updates only sometimes have to do with a new version of the apps. Many times, the notifications from Gaming Hub are simply ads for games that they think the user should install based on the data collected from the user. Most importantly, it cannot be permanently disabled.
Added: 2023年12月09日 — Latest reference: 2023年11月07日
Chamberlain Group blocks users from using third-party software with its garage openers. This is an intentional attack on using free software. The official garage opener proprietary mobile app is now also infested with ads, including up-selling its other services and devices.
Added: 2023年12月08日 — Latest reference: 2023年11月10日
In Australia, people assume that “smart” means “tethered.” When people's ISP goes down, all the tethered devices become useless.

That's in addition to the nasty things tethered devices do when they are “functioning” normally—such as snoop on the commands sent to the device and the results they report.

Smart users know better than to accept tethered devices.
Added: 2023年11月20日 — Latest reference: 2023年08月22日
Some Bambu Lab 3D printers were reported to start printing without user's consent, as a result of a malfunction of the servers to which they were tethered. This caused significant damage.
Added: 2023年11月19日 — Latest reference: 2023年08月08日
The Yandex company has started to give away Yango taxi ride data to Russia's Federal Security Service (FSB). The Russian government (and whoever else receives the the data) thus has access to a wealth of personal information, including who traveled where, when, and with which driver. Yandex claims that it complies with European regulations for data collected in the European Economic Area, Switzerland or Israel. But what about the rest of the world?
Added: 2023年11月15日 — Latest reference: 2023年09月06日
In an article from Mozilla, every car brand they researched has failed their privacy tests. Some car manufacturers explicitly mention that they collect data which includes “sexual activities” and “genetic information”. Not only collecting any of such data is a huge privacy violation in the first place, some companies assume drivers and passengers' consent before they get in the car. Notably, Tesla threatens that the car may be “inoperable” if the user opts out of data collection.
Added: 2023年11月04日 — Latest reference: 2022年09月22日
Windows 11 Home and Pro now require internet connection and a Microsoft account to complete the installation. Windows 11 Pro had an option to create a local account instead, but the option has been removed. This account can (and most certainly will) be used for surveillance and privacy violations. Thankfully, a free software tool named Rufus can bypass those requirements, or help users install a free operating system instead.
Added: 2023年11月02日 — Latest reference: 2019年12月11日
As tech companies add microphones to a wide range of products, including refrigerators and motor vehicles, they also set up transcription farms where human employees listen to what people say and tweak the recognition algorithms.
Added: 2023年10月29日 — Latest reference: 2023年09月27日
Philips Hue, the most ubiquitous home automation product in the US, is planning to soon force users to log in to the app server in order to be able to adjust a lightbulb, or use other functionalities, in what amounts to a massive user-tracking data grab.
Added: 2023年07月15日 — Latest reference: 2023年07月04日
Driverless cars in San Francisco collect videos constantly, using cameras inside and outside, and governments have already collected those videos secretly.

As the Surveillance Technology Oversight Project says, they are “driving us straight into authoritarianism.” We must regulate all cameras that collect images that can be used to track people, to make sure they are not used for that.
Added: 2023年07月15日 — Latest reference: 2023年05月30日
Some employers are forcing employees to run “monitoring software” on their computers. These extremely intrusive proprietary programs can take screenshots at regular intervals, log keystrokes, record audio and video, etc. Such practices have been shown to deteriorate employees' well-being, and trade unions in the European union have voiced their concerns about them. The requirement for employee's consent, which exists in some countries, is a sham because most often the employee is not free to refuse. In short, these practices should be abolished.
Added: 2023年07月08日 — Latest reference: 2023年06月12日
Edge sends the URLs of images the user views to Microsoft's servers by default, supposedly to “enhance” them. And these images may end up on the NSA's servers.

Microsoft claims its nonfree browser sends the URLs without identifying you, which cannot be true, since at least your IP address is known to the server if you don't take extra measures. Either way, such enhancer service is unjust because any image editing should be done on your own computer using installed free software.

The article describes how to disable sending the URLs. That makes a change for the better, but we suggest that you instead switch to a freedom-respecting browser with additional privacy features such as IceCat.
Added: 2023年05月29日 — Latest reference: 2023年05月04日
Controlling Honeywell internet thermostats with the dedicated app has proven unreliable, due to recurrent connection issues with the server these thermostats are tethered to.
Added: 2023年05月18日 — Latest reference: 2023年05月10日
HP delivers printers with a universal back door, and recently used it to sabotage them by remotely installing malware. The malware makes the printer refuse to function with non-HP ink cartrides, and even with old HP cartridges which HP now declares to have “expired.” HP calls the back door “dynamic security,” and has the gall to claim that this “security” protects users from malware.

If you own an HP printer that can still use non-HP cartridges, we urge you to disconnect it from the internet. This will ensure that HP doesn't sabotage it by “updating” its software.

Note how the author of the Guardian article credulously repeats HP's assertion that the “dynamic security” feature protects users against malware, not recognizing that the article demonstrates it does the opposite.
Added: 2023年04月29日 — Latest reference: 2023年02月14日
Microsoft is remotely disabling Internet Explorer, forcibly redirecting users to Microsoft Edge.

Imposing such change is malicious, and the fact that the redirection is from one unjust program (IE) to another unjust program (Edge) does not excuse it.
Added: 2023年04月29日 — Latest reference: 2023年01月19日
Microsoft released an “update” that installs a surveillance program on users' computers to gather data on some installed programs for Microsoft's benefit. The update is rolling out automatically, and the program runs “one time silently.”
Added: 2023年04月25日 — Latest reference: 2023年02月28日
Volkswagen tracks the location of every driver, and sells that data to third-parties. However, it refuses to use the data to implement a feature for the benefit of its customers unless they pay extra money for it.

This came to attention and brought controversy when Volkswagen refused to locate a car-jacked vehicle with a toddler in it because the owner of the car had not subscribed to the relevant service.
Added: 2023年04月25日 — Latest reference: 2022年07月14日
BMW is now luring British customers into paying for the built-in heated-seat feature of their new cars on a subscription basis. People also have the option to buy the feature when they are paying for the car, but those who bought a used car have to pay BMW extra money to remotely enable the heated seats. This is probably done by BMW accessing a back door in the car software.
Added: 2023年04月25日 — Latest reference: 2022年07月04日
A bug in Tesla cars software lets crackers install new car keys, unlock cars, start engines, and even prevent real owners from accessing their cars.

A cracker even reported that he was able to disable security systems and take control of 25 cars.
Please note that these articles wrongly use the word “hacker” instead of cracker.
Added: 2023年04月12日 — Latest reference: 2023年04月06日
Tesla cars record videos of activity inside the car, and company staff can watch those recordings and copy them. Or at least they were able to do so until last year.

Tesla may have changed some security functions so that this is harder to do. But if Tesla can get those recordings, that is because it is planning for some people to use them in some situation, and that is unjust already. It should be illegal to make a car that takes photos or videos of the people in the car—or of people outside the car.
Added: 2023年04月04日 — Latest reference: 2023年04月03日
The Pinduoduo app snoops on other apps, and takes control of them. It also installs additional malware that is hard to remove.
Added: 2023年04月04日 — Latest reference: 2023年04月01日
GM is switching to a new audio/video system in its cars in order to collect complete information about what people in the car watch or listen to, and also how they drive.

The new system for navigation and “driving assistance” will be tethered to various online dis-services, and GM will snoop on everything the users do with them. But don't feel bad about that, because some of these subscriptions will be gratis for the first 8 years.
Added: 2023年03月15日 — Latest reference: 2023年02月08日
As soon as it boots, and without asking any permission, Windows 11 starts to send data to online servers. The user's personal details, location or hardware information are reported to Microsoft and other companies to be used as telemetry data. All of this is done is the background, and users have no easy way to prevent it—unless they switch the computer offline.
Added: 2023年01月29日 — Latest reference: 2023年01月23日
A dispute between Blizzard and one of its partners caused World of Warcraft to go offline in China. The shutdown may not be permanent, but even if it is not, the fact that a business disagreement can stop all users in China from playing the game illustrates the injustice of requiring the use of a specific server.

We expect that users must pay to use that server, but whether that is the case is a side issue. Even if use of that server is gratis, the harm comes from the fact that the program doesn't allow people to make and use other servers for that job.

Let's hope game fans in China learn the importance of rejecting nonfree games.
Added: 2023年01月08日 — Latest reference: 2022年11月30日
Hackers discovered dozens of flaws in the security (in the usual narrow sense) of many brands of automobiles.

Security in the usual narrow sense means security against unknown third parties. We are more concerned with security in the broader sense—against the manufacturer as well as against unknown third parties. It is clear that each of these vulnerabilities can be exploited by the manufacturer too, and by any government that can threaten the manufacturer enough to compel the manufacturer's cooperation.
Added: 2022年12月13日 — Latest reference: 2022年11月14日
The iMonster app store client programs collect many kinds of data about the user's actions and private communications. “Do not track” options are available, but tracking doesn't stop if the user activates them: Apple keeps on collecting data for itself, although it claims not to send it to third parties.

Apple is being sued for that.
Added: 2022年12月05日 — Latest reference: 2022年10月14日
The Microsoft Office encryption is weak, and susceptible to attack.

Encryption is a tricky field, and easy to mess up. It is wise to insist on encryption software that is (1) free software and (2) studied by experts.
Added: 2022年12月03日 — Latest reference: 2022年11月30日
Obeying a demand by the Chinese government, Apple restricted the use of AirDrop in China. It imposed a ten-minute time limit during which users can receive files from non contacts. This makes it nearly impossible to use AirDrop for its intended purpose, which is to exchange files with strangers between iMonsters in physical proximity. This happened after it became known that dissenters were using the app to distribute digital anti-government fliers anonymously.
Added: 2022年11月26日 — Latest reference: 2022年10月11日
Xiaomi provides a tool to unlock the bootloader of Xiaomi smartphones and tablets, but this requires creating an account on the company's servers, i.e. providing your phone number. This is the price you have to pay for “legally” running a free software operating system on Xiaomi devices. But the manufacturer retains control of the unlocked device through a backdoor in the bootloader—the same backdoor that was remotely used to unlock it.
Added: 2022年09月21日 — Latest reference: 2022-09-00
B-CAS [1] is the digital restrictions management (DRM) system used by Japanese TV broadcasters, including NHK (public-service TV). It is sold by the B-CAS company, which has a de-facto monopoly on it. Initially intended for pay-TV, its use was extended to digital free-to-air broadcasting as a means to enforce restrictions on copyrighted works. The system encrypts works that permit free redistribution just like other works, thus denying users their nominal rights.

On the client side, B-CAS is typically implemented by a card that plugs into a compatible receiver, or alternatively by a tuner card that plugs into a computer. Beside implementing drastic copying and viewing restrictions, this system gives broadcasters full power over users, through back doors among other means. For example:
- It can force messages to the user's TV screen, and the user can't turn them off.
- It can collect viewing information and send it to other companies to take surveys. Until 2011, user registration was required, so the viewing habits of each customer were recorded. We don't know whether this personal information was deleted from the company's servers after 2011.
- Each card has an ID, which enables broadcasters to force customer-specific updates via the back door normally used to update the decryption key. Thus pay-TV broadcasters can disable decryption of the broadcast wave if subscription fees are not paid on time. This feature could also be used by any broadcaster (possibly instructed by the government) to stop certain persons from watching TV.
- As the export of B-CAS cards is illegal, people outside Japan can't (officially) decrypt the satellite broadcast signal that may spill over to their location. They are thus deprived of a valuable source of information about what happens in Japan.
These unacceptable restrictions led to a sort of cat-and-mouse game, with some users doing their best to bypass the system, and broadcasters trying to stop them without much success: cryptographic keys were retrieved through the back door of the B-CAS card, illegal cards were made and sold on the black market, as well as a tuner for PC that disables the copy control signal.

While B-CAS cards are still in use with older equipment, modern high definition TVs have an even nastier version of this DRM (called ACAS) in a special chip that is built into the receiver. The chip can update its own software from the company's servers, even when the receiver is turned off (but still plugged into an outlet). This feature could be abused to disable stored TV programs that the power in place doesn't agree with, thus interfering with free speech.

Being part of the receiver, the ACAS chip is supposed to be tamper-resistant. Time will tell…

[1] We thank the free software supporter who translated this article from Japanese, and shared his experience of B-CAS with us. (Unfortunately, the article presents DRM as a good thing.)
Added: 2022年09月20日 — Latest reference: 2022年08月24日
A security researcher found that the iOS in-app browser of TikTok injects keylogger-like JavaScript code into outside web pages. This code has the ability to track all users' activities, and to retrieve any personal data that is entered on the pages. We have no way of verifying TikTok's claim that the keylogger-like code only serves purely technical functions. Some of the accessed data could well be saved to the company's servers, and even sent to third parties. This would open the door to extensive surveillance, including by the Chinese government (to which TikTok has indirect ties). There is also a risk that the data would be stolen by crackers, and used to launch malware attacks.

The iOS in-app browsers of Instagram and Facebook behave essentially the same way as TikTok's. The main difference is that Instagram and Facebook allow users to access third-party sites with their default browser, whereas TikTok makes it nearly impossible.

The researcher didn't study the Android versions of in-app browsers, but we have no reason to assume they are safer than the iOS versions.

Please note that the article wrongly refers to crackers as “hackers.”
Added: 2022年09月14日 — Latest reference: 2022年08月07日
Some Epson printers are programmed to stop working after they have printed a predetermined number of pages, on the pretext that ink pads become saturated with ink. This constitutes an unacceptable infringement on users' freedom to use their printers as they wish, and on their right to repair them.
Added: 2022年09月14日 — Latest reference: 2022年04月14日
Today's “smart” TVs push people to surrender to tracking via internet. Some won't work unless they have a chance to download nonfree software. And they are designed for programmed obsolescence.
Added: 2022年09月13日 — Latest reference: 2022年08月29日
US states that ban abortion talk about making it a crime to go to another state to get an abortion. They could use various forms of location tracking, including the network, to prosecute abortion-seekers. The state could subpoena the data, so that the network's “privacy” policy would be irrelevant.

That article explains why wireless networks collect location data, one unavoidable reason and one avoidable (emergency calls). It also explains some of the many ways the location data are used.

Networks should never do localization for emergency calls except when you make an emergency call, or when there is a court order to do so. It should be illegal for a network to do precise localization (the kind needed for emergency calls) except to handle an emergency call, and if a network does so illegally, it should be required to inform the owner of the phone in writing on paper, with an apology.
Added: 2022年09月12日 — Latest reference: 2015年07月28日
Many retail businesses publish cr…apps that ask to spy on the user's own data—often many kinds.

Those companies know that snoop-phone usage trains people to say yes to almost any snooping.
Added: 2022年08月31日 — Latest reference: 2020年06月11日
Network location tracking is used, among other techniques, for targeted advertising.
Added: 2022年08月28日 — Latest reference: 2022年08月22日
Tesla sells an add-on software feature that drivers are not allowed to use.

This practice depends on a back door, which is unjust in itself. Asking users to buy something years in advance to avoid having to pay an even higher price later is manipulative.
Added: 2022年08月28日 — Latest reference: 2022年07月20日
Shortcuts, a built-in scripting app on Apple devices, doesn't give you complete freedom to share scripts (a.k.a. “shortcuts”). Exporting a script as a file requires an Apple ID, and may be subjected to censorship by Apple.

In this situation (and many others), switching from iPhony/iBad to a freedom respecting device gives you both convenience and freedom. The assumption that you must sacrifice convenience to get freedom is often wrong. Jails are inconvenient.
Added: 2022年08月22日 — Latest reference: 2022年07月30日
The nonfree software in a Tesla artificially limits the car's driving range, demanding ransom to unlock the battery's full charge.

This is one more reason why cars must not be “connected.”
Added: 2022年08月22日 — Latest reference: 2022年07月01日
ATMs and vending machines in Russia run nonfree software—The machines' owners cannot fix them.
Added: 2022年08月22日 — Latest reference: 2020年09月22日
The Markup investigated 80,000 popular web sites and reports on how much they snoop on users. Almost 70,000 had third-party trackers. 5,000 fingerprinted the browser to identify users. 12,000 recorded the user's mouse clicks and movements.
Added: 2022年08月22日 — Latest reference: 2019年05月14日
Adobe revoked the license of some older versions of its applications, and warned customers that they can get sued for using them.

This is further proof that users of nonfree software are in the hands of its developer.
Added: 2022年06月14日 — Latest reference: 2022年06月02日
Canada has fined the company Tim Hortons for making an app that tracks people's movements to learn things such as where they live, where they work, and when they visit competitors' stores.
Added: 2022年06月04日 — Latest reference: 2022年05月24日
A worldwide investigation found that most of the applications that school districts recommended for remote education during the COVID-19 pandemic track and collect personal data from children as young as below the age of five. These applications, and their websites, send the collected information to ad giants such as Facebook and Google, and they are still being used in the classrooms even after some of the schools reopened.
Added: 2022年05月10日 — Latest reference: 2022年04月28日
The US government sent personal data to Facebook for every college student that applied for US government student aid. It justified this as being for a “campaign.”

The data included name, phone number and email address. This shows the agency didn't even make a handwaving attempt to anonymize the student. Not that anonymization usually does much good—but the failure to even try shows that the agency was completely blind to the issue of respecting students' privacy.
Added: 2022年05月08日 — Latest reference: 2016年03月06日
Electronic Arts made one of its games permanently unplayable by shutting down its servers. This game was heavily reliant on the company's servers, and because the software is proprietary, users can't modify it to make it connect to some other server. If the game were free, people could still play what they purchased.
Added: 2022年04月19日 — Latest reference: 2022年04月04日
New Amazon worker chat app would ban specific words Amazon doesn't like, such as “union”, “restrooms”, and “pay raise”. If the app was free, workers could modify the program so it acts as they wish, not how Amazon wants it.
Added: 2022年04月18日 — Latest reference: 2022年03月01日
The nonfree app “Along,” developed by a company controlled by Zuckerberg, leads students to reveal to their teacher personal information about themselves and their families. Conversations are recorded and the collected data sent to the company, which grants itself the right to sell it. See also Educational Malware App “Along”.
Added: 2022年04月12日 — Latest reference: 2022年03月21日
Apple prevents people from upgrading their Mac hardware by imposing DRM on its removable SSD storage.
Added: 2022年04月06日 — Latest reference: 2022年02月15日
Honorlock set a network of fake test answer honeypot sites, tempting people to get exam answers, but that is a way to entrap students, so as to identify them and punish them, using nonfree JS code to identify them.
Added: 2022年04月06日 — Latest reference: 2022年01月29日
“Smart” TV manufacturers spy on people using various methods, and harvest their data. They are collecting audio, video, and TV usage data to profile people.
Added: 2022年04月04日 — Latest reference: 2022年02月19日
Hewlett-Packard is implementing DRM in its printers so they refuse to print with ink cartridges from another supplier.
Added: 2022年04月04日 — Latest reference: 2022年02月15日
Dymo is now embedding DRM in the paper rolls for its label printers to make those printers reject equivalent paper rolls made by other companies. This is implemented by an RFID tag, which keeps track of how many labels remain on the roll, and blocks further printing when the roll is empty—an efficient way to prevent reusing the same RFID with a third-party roll.
Added: 2022年04月04日 — Latest reference: 2022年02月09日
A security failure in Microsoft's Windows is infecting people's computers with RedLine stealer malware using a fake Windows 11 upgrade installer.
Added: 2022年04月04日 — Latest reference: 2022年01月27日
The data broker X-Mode bought location data about 20,000 people collected by around 100 different malicious apps.
Added: 2022年02月27日 — Latest reference: 2019年03月21日
The MoviePass dis-service is planning to use face recognition to track people's eyes to make sure they won't put their phones down or look away during ads—and trackers.
Added: 2022年01月31日 — Latest reference: 2022年01月04日
A critical bug in Apple's iOS makes it possible for attackers to alter a shutdown event, tricking the user into thinking that the phone has been powered off. But in fact, it's still running, and the user can't feel any difference between a real shutdown and the fake shutdown.
Added: 2022年01月31日 — Latest reference: 2017年09月02日
Instagram is forcing users to give away their phone numbers and won't let people continue using the app if they refuse.
Added: 2022年01月19日 — Latest reference: 2022年01月05日
The Norton 360 antivirus updated its program to install a cryptocurrency miner on users' computers without people's permission. The miner is not turned on by default but there is no way to completely uninstall the crypto mining software, which has upset some users.
Added: 2022年01月11日 — Latest reference: 2022年01月01日
The legacy company that made Blackberry phones is about to kill them off by shutting down the server they are tethered to.

If the software on those phones were free (as in freedom), people could modify their software so they could talk to some other server.
Added: 2022年01月11日 — Latest reference: 2010年03月28日
Sony restricted access to the PlayStation 3 GPU, so people who installed a GNU/Linux operating system on the console couldn't use it at full capacity. When some of them broke the restriction, Sony removed the ability to install other operating systems. Then users broke that restriction too, but got sued by Sony.
Added: 2022年01月11日 — Latest reference: 2005年12月27日
To install and use third-party operating systems and programs on the Xbox console, people had to break the restrictions imposed by Microsoft.
Added: 2021年12月19日 — Latest reference: 2021年11月20日
NordicTrack, a company that sells exercise machines with ability to show videos limits what people can watch, and recently disabled a feature that was originally functional. This happened through automatic update and probably involved a universal back door.
Added: 2021年12月19日 — Latest reference: 2021年11月20日
Hundreds of Tesla drivers were locked out of their cars as a result of Tesla's app suffering from an outage, which happened because the app is tethered to the company's servers.
Added: 2021年12月19日 — Latest reference: 2021年11月11日
Some researchers at Google found a zero-day vulnerability on MacOS, which crackers used to target people visiting the websites of a media outlet and a pro-democracy labor and political group in Hong Kong.

Please note that the article wrongly refers to crackers as “hackers”.
Added: 2021年11月19日 — Latest reference: 2021年10月25日
EdTech companies use their surveillance power to manipulate students, and direct them into tracks towards various levels of knowledge, power and prestige. The article argues that these companies should obtain licenses to operate. That wouldn't hurt, but it doesn't address the root of the problem. All data acquired in a school about any student, teacher, or employee must not leave the school, and must be kept in computers that belong to the school and run free (as in freedom) software. That way, the school district and/or parents can control what is done with those data.
Added: 2021年11月18日 — Latest reference: 2021年11月09日
A building in LA, with a supermarket in it, demands customers load a particular app to pay for parking in the parking lot, and accept pervasive surveillance. They also have the option of entering their license plate numbers in a kiosk. That is an injustice, too.
Added: 2021年11月18日 — Latest reference: 2021年11月04日
Apple's new tactic to restrict users from repairing their own device and impose DRM on people is to completely disable its Face ID functionality when you replace its screen.
Added: 2021年11月18日 — Latest reference: 2021年08月18日
Microsoft is making it harder and harder to replace default apps in its Windows operating system and is pressuring users to use its proprietary programs instead. We believe the best approach to this would be replacing Windows with a free (as in freedom) operating system like GNU. We also maintain a list of fully free distributions of GNU.
Added: 2021年11月18日 — Latest reference: 2018年02月28日
Spotify app harvests users' data to personally identify and know people through music, their mood, mindset, activities, and tastes. There are over 150 billion events logged daily on the program which contains users' data and personal information.
Added: 2021年11月09日 — Latest reference: 2016年02月11日
A pacemaker running proprietary code was misconfigured and could have killed the implanted person. In order to find out what was wrong and get it fixed, the person needed to break into the remote device that sets parameters in the pacemaker (possibly infringing upon manufacturer's rights under the DMCA). If this system had run free software, it could have been fixed much sooner.
Added: 2021年11月04日 — Latest reference: 2021年10月13日
Adobe has licensed its Flash Player to China's Zhong Cheng Network who is offering the program bundled with spyware and a back door that can remotely deactivate it.

Adobe is responsible for this since they gave Zhong Cheng Network permission to do this. This injustice involves “misuse” of the DMCA, but “proper,” intended use of the DMCA is a much bigger injustice. There is a series of errors related to DMCA.
Added: 2021年10月12日 — Latest reference: 2021年10月07日
Facebook's nonfree client forces its useds to look at the newsfeed. A used of Facebook developed a browser add-on to make it easier to unfollow everyone and thus make the newsfeed empty. Many of the people used by Facebook loved this, because they regard the newsfeed as a burden that Facebook imposes on them.

If the client software for Facebook were free, useds could probably make the newsfeed disappear by modifying the client not to display it.
Added: 2021年10月12日 — Latest reference: 2021年09月22日
Some Xiaomi phones have a malfeature to bleep out phrases that express political views the Chinese government does not like. In phones sold in Europe, Xiaomi leaves this deactivated by default, but has a back door to activate the censorship.

This is the natural result of having nonfree software in a device that can communicate with the company that made it.
Added: 2021年10月12日 — Latest reference: 2021年06月25日
El Salvador Dictatorship's Chivo wallet is spyware, it's a proprietary program that breaks users' freedom and spies on people; demands personal data such as the national ID number and does face recognition, and it is bad security for its data. It also asks for almost every malware permission in people's smartphones.

The article criticizes it for faults in “data protection”, though “data protection” is the wrong approach to privacy anyway.
Added: 2021年10月08日 — Latest reference: 2021年09月21日
Google's proprietary Chrome web browser added a surveillance API (idle detection API) which lets websites ask Chrome to report when a user with a web page open is idle.
Added: 2021年09月20日 — Latest reference: 2021年09月17日
Apple has made it impossible to load Navalny's tactical voting app into an iPhone in Russia.

It is impossible because (1) the iPhone refuses to load apps from anywhere other than Apple, and (2) Apple has obeyed a Russian censorship law. The first point is enforced by Apple's nonfree software.
Added: 2021年09月15日 — Latest reference: 2021年08月17日
Various models of security cameras, DVRs, and baby monitors that run proprietary software are affected by a security vulnerability that could give attackers access to live feeds.
Added: 2021年09月01日 — Latest reference: 2021年08月24日
Recent Samsung TVs have a back door with which Samsung can brick them remotely.
Added: 2021年09月01日 — Latest reference: 2021年08月20日
The Russian communications watchdog tells Google and Apple to remove Navalny's app from their stores.

Because Apple controls what a user can install, this is absolute censorship. By contrast, because Android does not do that, users can install apps even if Google does not offer them.
Added: 2021年07月30日 — Latest reference: 2021年07月18日
The pegasus spyware used vulnerabilities on proprietary smartphone operating systems to impose surveillance on people. It can record people's calls, copy their messages, and secretly film them, using a security vulnerability. There's also a technical analysis of this spyware available in PDF format.

A free operating system would've let people to fix the bugs for themselves but now infected people will be compelled to wait for corporations to fix the problems.

Please note that the article wrongly refers to crackers as “hackers”.
Added: 2021年07月15日 — Latest reference: 2021年07月09日
A newly found Microsoft Windows vulnerability can allow crackers to remotely gain access to the operating system and install programs, view and delete data, or even create new user accounts with full user rights.

The security research firm accidentally leaked instructions on how the flaw could be exploited but Windows users should still wait for Microsoft to fix the flaw, if they fix it.

Please note that the article wrongly refers to crackers as “hackers”.
Added: 2021年07月15日 — Latest reference: 2021年07月05日
Advertising companies are experimenting to manipulate people's minds, and impose a new way of advertising by altering their dreams. This “targeted dream incubation” would trigger “refreshing dreams” of the product, according to the companies.
Added: 2021年07月04日 — Latest reference: 2021年06月22日
Peloton company which produces treadmills recently locked people out of basic features of people's treadmills by a software update. The company now asks people for a membership/subscription for what people already paid for.

The software used in the treadmill is proprietary and probably includes back doors to force software updates. It teaches the lesson that if a product talks to external networks, you must expect it to take in new malware.

Please note that the company behind this product said they are working to reverse the changes so people will no longer need subscription to use the locked feature.

Apparently public anger made the company back down. If we want that to be our safety, we need to build up the anger against malicious features (and the proprietary software that is their entry path) to the point that even the most powerful companies don't dare.
Added: 2021年06月27日 — Latest reference: 2021年06月19日
Google automatically installed an app on many proprietary Android phones. The app might or might not do malicious things but the power Google has over proprietary Android phones is dangerous.
Added: 2021年06月22日 — Latest reference: 2021年06月17日
Almost all proprietary health apps harvest users' data, including sensitive health information, tracking identifiers, and cookies to track user activities. Some of these applications are tracking users across different platforms.
Added: 2021年06月17日 — Latest reference: 2021年06月03日
TikTok apps collect biometric identifiers and biometric information from users' smartphones. The company behind it does whatever it wants and collects whatever data it can.
Added: 2021年06月13日 — Latest reference: 2020年04月13日
Google, Apple, and Microsoft (and probably some other companies) are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.
Added: 2021年06月09日 — Latest reference: 2018年08月13日
Google will track people even if people turn off location history, using Google Maps, weather updates, and browser searches. Google basically uses any app activity to track people.
Added: 2021年06月08日 — Latest reference: 2021年05月30日
Apple is systematically undermining interoperability. At the hardware level, it does this via nonstandard plugs, buses and networks. At the software level, it does this by not letting the user have any data except within one app.
Added: 2021年06月08日 — Latest reference: 2018年08月13日
Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers, even when location services are disabled, and sending that data back to Google.
Added: 2021年06月02日 — Latest reference: 2021年05月24日
Apple is moving its Chinese customers' iCloud data to a datacenter controlled by the Chinese government. Apple is already storing the encryption keys on these servers, obeying Chinese authority, making all Chinese user data available to the government.
Added: 2021年05月26日 — Latest reference: 2021年05月13日
Ford is planning to force ads on drivers in cars, with the ability for the owner to pay extra to turn them off. The system probably imposes surveillance on drivers too.
Added: 2021年05月18日 — Latest reference: 2021年05月04日
A motorcycle company named Klim is selling airbag vests with different payment methods, one of them is through a proprietary subscription-based option that will block the vest from inflating if the payments don't go through.

They say there is a 30-days grace period if you miss a payment but the grace period is no excuse to the insecurity.
Added: 2021年05月13日 — Latest reference: 2021年05月06日
60% of school apps are sending student data to potentially high-risk third parties, putting students and possibly all other school workers under surveillance. This is made possible by using unsafe and proprietary programs made by data-hungry corporations.

Please note that whether students consent to this or not, doesn't justify the surveillance they're imposed to.
Added: 2021年05月06日 — Latest reference: 2021年05月03日
The United States' government is reportedly considering teaming up with private companies to monitor American citizens' private online activity and digital communications.

What creates the opportunity to try this is the fact that these companies are already snooping on users' private activities. That in turn is due to people's use of nonfree software which snoops, and online dis-services which snoop.
Added: 2021年04月26日 — Latest reference: 2021年04月06日
The WeddingWire app saves people's wedding photos forever and hands over data to others, giving users no control over their personal information/data. The app also sometimes shows old photos and memories to users, without giving them any control over this either.
Added: 2021年04月16日 — Latest reference: 2021年04月09日
A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers demonstrated a three-bug attack chain that caused an RCE on a target machine, all this without any form of user interaction.
Added: 2021年04月11日 — Latest reference: 2021年02月16日
Google handed over personal data of Indian protesters and activists to Indian police which led to their arrest. The cops requested the IP address and the location where a document was created and with that information, they identified protesters and activists.
Added: 2021年04月11日 — Latest reference: 2020年07月02日
BMW is trying to lock certain features of its cars, and force people to pay to use part of the car they already bought. This is done through forced update of the car software via a radio-operated back door.
Added: 2021年03月16日 — Latest reference: 2021年03月10日
Amazon's monopoly and DRM is stopping public libraries from lending e-books and audiobooks. Amazon became powerful in e-book world by Swindle, and is now misusing its power and violates people's rights using Digital Restrictions Management.

The article is written in a way that endorses DRM in general, which is unacceptable. DRM is an injustice to people.
Added: 2021年03月16日 — Latest reference: 2021年03月09日
Over 150 thousand security cameras that used Verkada company's proprietary software are cracked by a major security breach. Crackers have had access to security archives of various gyms, hospitals, jails, schools, and police stations that have used Verkada's cameras.

It is injustice to the public for gyms, stores, hospitals, jails, and schools to hand “security” footage to a company from which the government can collect it at any time, without even telling them.

Please note that the article wrongly refers to crackers as “hackers”.
Added: 2021年03月16日 — Latest reference: 2020年10月28日
TV manufacturers are turning to produce only “Smart” TV sets (which include spyware) that it's now very hard to find a TV that doesn't spy on you.

It appears that those manufacturers business model is not to produce TV and sell them for money, but to collect your personal data and (possibly) hand over them to others for benefit.
Added: 2021年03月12日 — Latest reference: 2018年09月12日
Tiny Lab Productions, along with online ad businesses run by Google, Twitter and three other companies are facing a lawsuit for violating people's privacy by collecting their data from mobile games and handing over these data to other companies/advertisers.
Added: 2021年03月09日 — Latest reference: 2021年03月05日
At least 30 thousand organizations in the United States are newly “cracked” via holes in Microsoft's proprietary email software, named Microsoft 365. It is unclear whether there are other holes and vulnerabilities in the program or not but history and experience tells us it wouldn't be the last disaster with proprietary programs.
Added: 2021年03月09日 — Latest reference: 2021年02月11日
Researchers at the security firm SentinelOne discovered a security flaw in proprietary program Microsoft Windows Defender that lurked undetected for 12 years. If the program was free (as in freedom), more people would have had a chance to notice the problem, therefore, it could've been fixed a lot sooner.
Added: 2021年03月09日 — Latest reference: 2020年04月30日
Proprietary programs Google Meet, Microsoft Teams, and WebEx are collecting user's personal and identifiable data including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.
Added: 2021年03月08日 — Latest reference: 2020年04月27日
The proprietary program Microsoft Teams' insecurity could have let a malicious GIF steal user data from Microsoft Teams accounts, possibly across an entire company, and taken control of “an organization's entire roster of Teams accounts.”
Added: 2021年03月07日 — Latest reference: 2020年10月18日
Microsoft is forcing Windows users to install upgrades it pushes using its universal back doors. These upgrades can do various harms to users such as restricting computers from some functions and/or forcing users to defenselessly do whatever Microsoft tells them to do.
Added: 2021年02月25日 — Latest reference: 2021年02月20日
The proprietary program Clubhouse is malware and a privacy disaster. Clubhouse collects people's personal data such as recordings of people's conversations, and, as a secondary problem, does not encrypt them, which shows a bad security part of the issue.

A user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora (the company behind the app) would likely have access to users' raw audio, potentially providing access to the Chinese government.

Even with good security of data transmission, collecting personal data of people is wrong and a violation of people's privacy rights.
Added: 2021年02月25日 — Latest reference: 2021年02月18日
Microsoft is forcibly removing the Flash player from computers running Windows 10, using a universal backdoor in Windows.

The fact that Flash has been disabled by Adobe is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives the developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.
Added: 2021年02月22日 — Latest reference: 2021年02月19日
The Prodigy maths game played in schools at no cost entices students to play it at home, where the company tries to lure them into paying for a premium subscription in exchange for mere cosmetic features that, at school, underline the socioeconomic gap between those who can afford it and those who can't.

The strategy of using schools as a fishing pool for customers is a common practice traditionally adopted by nonfree software companies.
Added: 2021年02月22日 — Latest reference: 2020年12月25日
The HonorLock online exam proctoring program is a surveillance tool that tracks students and collects data such as face, driving license, and network information, among others, in blatant violation of students' privacy.

Preventing students from cheating should not be an excuse for running malware/spyware on their computers, and it's good that students are protesting. But their petitions overlook a crucial issue, namely, the injustice of being forced to run nonfree software in order to get an education.
Added: 2021年02月06日 — Latest reference: 2021年02月01日
Many cr…apps, developed by various companies for various organizations, do location tracking unknown to those companies and those organizations. It's actually some widely used libraries that do the tracking.

What's unusual here is that proprietary software developer A tricks proprietary software developers B1 … B50 into making platforms for A to mistreat the end user.
Added: 2021年02月04日 — Latest reference: 2020年10月12日
Samsung is forcing its smartphone users in Hong Kong (and Macau) to use a public DNS in Mainland China, using software update released in September 2020, which causes many unease and privacy concerns.
Added: 2021年01月27日 — Latest reference: 2021年01月13日
The authorities in Venice track the movements of all tourists using their portable phones. The article says that at present the system is configured to report only aggregated information. But that could be changed. What will that system do 10 years from now? What will a similar system in another country do? Those are the questions this raises.
Added: 2021年01月19日 — Latest reference: 2021年01月11日
A cracker took control of people's internet-connected chastity cages and demanded ransom. The chastity cages are being controlled by a proprietary app (mobile program).

(Please note that the article wrongly refers to crackers as "hackers".)
Added: 2021年01月11日 — Latest reference: 2021年01月08日
As of 2021, WhatsApp (one of Facebook's subsidiaries) is forcing its users to hand over sensitive personal data to its parent company. This increases Facebook's power over users, and further jeopardizes people's privacy and security.

Instead of WhatsApp you can use GNU Jami, which is free software and will not collect your data.
Added: 2021年01月08日 — Latest reference: 2016年04月04日
Many popular mobile games include a random-reward system called gacha which is especially effective on children. One variant of gacha was declared illegal in Japan in 2012, but the other variants are still luring players into compulsively spending inordinate amounts of money on virtual toys.
Added: 2021年01月05日 — Latest reference: 2021年01月05日
Most Internet connected devices in Mozilla's “Privacy Not Included” list are designed to snoop on users even if they meet Mozilla's “Minimum Security Standards.” Insecure design of the program running on some of these devices makes the user susceptible to be snooped on and exploited by crackers as well.
Added: 2021年01月04日 — Latest reference: 2021年01月04日
The personal finance management software “Quicken” has a discontinuation policy, a.k.a. planned obsolescence, which is an injustice to users. A free (as in freedom) program would let users control the software. But when you use a proprietary software, you won't be in control.
Added: 2021年01月04日 — Latest reference: 2020年12月02日
Adobe Flash Player has a universal back door which lets Adobe control the software and, for example, disable it whenever it wants. Adobe will block Flash content from running in Flash Player beginning January 12, 2021, which indicates that they have access to every Flash Player through a back door.

The back door won't be dangerous in the future, as it'll disable a proprietary program and make users delete the software, but it was an injustice for many years. Users should have deleted Flash Player even before its end of life.
Added: 2021年01月04日 — Latest reference: 2020年10月21日
As of 2019-2020, Minecraft players are being forced to move to Microsoft servers, which results in privacy violation. Microsoft publishes a program so users can run their own server, but the program is proprietary and it's another injustice to users.

People can play Minetest instead. Minetest is free software and respects the user's computer freedom.
Added: 2021年01月04日 — Latest reference: 2020年09月07日
While the world is still struggling with COVID-19 coronavirus, many people are in danger of surveillance and their computers are infected with malware as a result of installing proprietary software.
Added: 2020年12月26日 — Latest reference: 2020年11月05日
HP tricked users into installing a mischievous update in their printers that made the devices reject all third-party ink cartridges.
Added: 2020年12月23日 — Latest reference: 2020年12月15日
United States officials are facing one of biggest crackings against them in years, when malicious code was sneaked into SolarWinds' proprietary software named Orion. Crackers got access to networks when users downloaded a tainted software update. Crackers were able to monitor internal emails at some of the top agencies in the US.

(Please note that the article wrongly refers to crackers as "hackers".)
Added: 2020年12月22日 — Latest reference: 2020年12月20日
Commercial crackware can get passwords out of an iMonster, use the microphone and camera, and other things.
Added: 2020年12月21日 — Latest reference: 2020年12月19日
A Zoom executive carried out snooping and censorship for the Chinese government.

This abuse of Zoom's power shows how dangerous that power is. The root problem is not the surveillance and censorship, but rather the power that Zoom has. It gets that power partly from the use of its server, but also partly from the nonfree client program.
Added: 2020年12月18日 — Latest reference: 2020年11月23日
Some Wavelink and JetStream wifi routers have universal back doors that enable unauthenticated users to remotely control not only the routers, but also any devices connected to the network. There is evidence that this vulnerability is actively exploited.

If you consider buying a router, we encourage you to get one that runs on free software. Any attempts at introducing malicious functionalities in it (e.g., through a firmware update) will be detected by the community, and soon corrected.

If unfortunately you own a router that runs on proprietary software, don't panic! You may be able to replace its firmware with a free operating system such as libreCMC. If you don't know how, you can get help from a nearby GNU/Linux user group.
Added: 2020年12月17日 — Latest reference: 2020年12月07日
Baidu apps were caught collecting sensitive personal data that can be used for lifetime tracking of users, and putting them in danger. More than 1.4 billion people worldwide are affected by these proprietary apps, and users' privacy is jeopardized by this surveillance tool. Data collected by Baidu may be handed over to the Chinese government, possibly putting Chinese people in danger.
Added: 2020年12月05日 — Latest reference: 2020年11月26日
Microsoft's Office 365 suite enables employers to snoop on each employee. After a public outburst, Microsoft stated that it would remove this capability. Let's hope so.
Added: 2020年11月25日 — Latest reference: 2020年11月12日
Apple has implemented a malware in its computers that imposes surveillance on users and reports users' computing to Apple.

The reports are even unencrypted and they've been leaking this data for two years already. This malware is reporting to Apple what user opens what program at what time. It also gives Apple power to sabotage users' computing.
Added: 2020年11月23日 — Latest reference: 2020年11月09日
According to FTC, the company behind the Zoom conferencing software has lied to users about its end-to-end encryption for years, at least since 2016.

People can use free (as in freedom) programs such as Jitsi or BigBlueButton, better still if installed in a server controlled by the users.
Added: 2020年11月21日 — Latest reference: 2020年04月15日
Riot Games' new anti-cheat is malware; runs on system boot at kernel level on Windows. It is insecure software that increases the attack surface of the operating system.
Added: 2020年11月19日 — Latest reference: 2020年03月26日
The Apple iOS version of Zoom is sending users' data to Facebook even if the user doesn't have a Facebook account. According to the article, Zoom and Facebook don't even mention this surveillance on their privacy policy page, making this an obvious violation of people's privacy even in their own terms.
Added: 2020年11月14日 — Latest reference: 2020年11月06日
A new app published by Google lets banks and creditors deactivate people's Android devices if they fail to make payments. If someone's device gets deactivated, it will be limited to basic functionality, such as emergency calling and access to settings.
Added: 2020年11月14日 — Latest reference: 2019年05月28日
Microsoft forces people to give their phone number in order to be able to create an account on the company's network. On top of mistreating their users by providing nonfree software, Microsoft is tracking their lives outside the computer and violates their privacy.
Added: 2020年11月10日 — Latest reference: 2020年06月12日
The company behind Zoom does not only deny users' computer freedom by developing this piece of nonfree software, it also violates users' civil rights by banning events and censoring users to serve the agenda of governments.

Freedom respecting programs such as Jitsi or BigBlueButton can be used instead, better still if installed in a server controlled by its users.
Added: 2020年11月02日 — Latest reference: 2020年10月22日
Microsoft is imposing its surveillance on the game of Minecraft by requiring every player to open an account on Microsoft's network. Microsoft has bought the game and will merge all accounts into its network, which will give them access to people's data.

Minecraft players can play Minetest instead. The essential advantage of Minetest is that it is free software, meaning it respects the user's computer freedom. As a bonus, it offers more options.
Added: 2020年11月02日 — Latest reference: 2019年12月16日
Microsoft is tricking users to create an account on their network to be able to install and use the Windows operating system, which is malware. The account can be used for surveillance and/or violating people's rights in many ways, such as turning their purchased software to a subscription product.
Added: 2020年10月28日 — Latest reference: 2020年10月22日
The addictive Genshin Impact relentlessly coerces players to spend money by overwhelming the game play with loot boxes.
Added: 2020年10月16日 — Latest reference: 2020年09月10日
Internet-enabled watches with proprietary software are malware, violating people (specially children's) privacy. In addition, they have a lot of security flaws. They permit security breakers (and unauthorized people) to access the watch.

Thus, ill-intentioned unauthorized people can intercept communications between parent and child and spoof messages to and from the watch, possibly endangering the child.

(Note that this article misuses the word “hackers” to mean “crackers.”)
Added: 2020年10月06日 — Latest reference: 2020年03月11日
Roblox (among many other games) created anti-features which sucker children into utilizing third-party payment services without authorization.
Added: 2020年09月30日 — Latest reference: 2020年07月27日
The Mellow sous-vide cooker is tethered to a server. The company suddenly turned this tethering into a subscription, forbidding users from taking advantage of the “advanced features” of the cooker unless they pay a monthly fee.
Added: 2020年09月28日 — Latest reference: 2020年09月27日
Many employers are using nonfree software, including videoconference software, to surveil and monitor staff working at home. If the program reports whether you are “active,” that is in effect a malicious surveillance feature.
Added: 2020年09月28日 — Latest reference: 2020年09月18日
Facebook snoops on Instagram users by surreptitously turning on the device's camera.
Added: 2020年09月23日 — Latest reference: 2020年08月18日
Oculus headsets require users to identify themselves to Facebook. This will give Facebook free rein to pervasively snoop on Oculus users.
Added: 2020年09月02日 — Latest reference: 2020年08月30日
Apple is putting the squeeze on all business conducted through apps for iMonsters.

This is a symptom of a very big injustice: that Apple has the power to decide what software can be installed on an iMonster. That it is a jail.
Added: 2020年08月21日 — Latest reference: 2020年08月18日
New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour.

Before you buy a “connected” car, make sure you can disconnect its cellular antenna and its GPS antenna. If you want GPS navigation, get a separate navigator which runs free software and works with Open Street Map.
Added: 2020年08月21日 — Latest reference: 2020年08月18日
Apple can remotely cut off any developer's access to the tools for developing software for iOS or MacOS.

Epic (Apple's target in this example) makes nonfree games which have their own malicious features, but that doesn't make it acceptable for Apple to have this sort of power.
Added: 2020年08月20日 — Latest reference: 2020年08月11日
TikTok exploited an Android vulnerability to obtain user MAC addresses.
Added: 2020年08月18日 — Latest reference: 2020年04月20日
Apple whistleblower Thomas Le Bonniec reports that Apple made a practice of surreptitiously activating the Siri software to record users' conversations when they had not activated Siri. This was not just occasional, it was systematic practice.

His job was to listen to these recordings, in a group that made transcripts of them. He does not believes that Apple has ceased this practice.

The only reliable way to prevent this is, for the program that controls access to the microphone to decide when the user has “activated” any service, to be free software, and the operating system under it free as well. This way, users could make sure Apple can't listen to them.
Added: 2020年08月14日 — Latest reference: 2020年08月03日
Google Nest is taking over ADT. Google sent out a software update to its speaker devices using their back door that listens for things like smoke alarms and then notifies your phone that an alarm is happening. This means the devices now listen for more than just their wake words. Google says the software update was sent out prematurely and on accident and Google was planning on disclosing this new feature and offering it to customers who pay for it.
Added: 2020年08月12日 — Latest reference: 2020年07月28日
The Focals eyeglass display, with snooping microphone, has been eliminated. Google eliminated it by buying the manufacturer and shutting it down. It also shut down the server these devices depend on, which caused the ones already sold to cease to function.

It may be a good thing to wipe out this product—for “smart,” read “snoop”—but Google didn't do that for the sake of privacy. Rather, it was eliminating competition for its own snooping product.
Added: 2020年07月09日 — Latest reference: 2020年07月01日
BMW will remotely enable and disable functionality in cars through a universal back door.
Added: 2020年07月09日 — Latest reference: 2020年06月30日
“Bossware” is malware that bosses coerce workers into installing in their own computers, so the bosses can spy on them.

This shows why requiring the user's “consent” is not an adequate basis for protecting digital privacy. The boss can coerce most workers into consenting to almost anything, even probable exposure to contagious disease that can be fatal. Software like this should be illegal and bosses that demand it should be prosecuted for it.
Added: 2020年07月01日 — Latest reference: 2015年04月21日
Runescape is a popular online game with some addictive features derived from behavioral manipulation techniques. Certain repetitive aspects of the game, like grinding, can be minimised by becoming a paying member, and can thus encourage children and impressionable people to spend money on the game.
Added: 2020年06月26日 — Latest reference: 2020年06月26日
Most apps are malware, but Trump's campaign app, like Modi's campaign app, is especially nasty malware, helping companies snoop on users as well as snooping on them itself.

The article says that Biden's app has a less manipulative overall approach, but that does not tell us whether it has functionalities we consider malicious, such as sending data the user has not explicitly asked to send.
Added: 2020年06月25日 — Latest reference: 2020年06月25日
TV manufacturers are able to snoop every second of what the user is watching. This is illegal due to the Video Privacy Protection Act of 1988, but they're circumventing it through EULAs.
Added: 2020年06月22日 — Latest reference: 2020年06月16日
A disasterous security bug touches millions of products in the Internet of Stings.

As a result, anyone can sting the user, not only the manufacturer.
Added: 2020年06月13日 — Latest reference: 2019年09月06日
Best Buy made controllable appliances and shut down the service to control them through.

Best Buy acknowledged that it was mistreating its customers by doing so, and offered reimbursement of the affected appliances. The fact remains, however, that tethering a device to a server is a way of restricting and harassing users. The nonfree software in the device is what stops users from cutting the tether.
Added: 2020年06月07日 — Latest reference: 2020年05月07日
Wink sells a “smart” home hub that is tethered to a server. In May 2020, it ordered the purchasers to start paying a monthly fee for the use of that server. Because of the tethering, the hub is useless without that.
Added: 2020年05月25日 — Latest reference: 2020年05月25日
Tesla's cars have a universal remote back door. Tesla used it to disable the autopilot features on people's cars to make them pay extra for re-enabling the features.

This kind of malfeature is only possible with proprietary software—free software is controlled by its users who wouldn't let do such things to them.
Added: 2020年05月03日 — Latest reference: 2020年04月30日
Xiaomi phones report many actions the user takes: starting an app, looking at a folder, visiting a website, listening to a song. They send device identifying information too.

Other nonfree programs snoop too. For instance, Spotify and other streaming dis-services make a dossier about each user, and they make users identify themselves to pay. Out, out, damned Spotify!

Forbes exonerates the same wrongs when the culprits are not Chinese, but we condemn this no matter who does it.
Added: 2020年04月14日 — Latest reference: 2020年04月13日
The Google Play Terms of Service insist that the user of Android accept the presence of universal back doors in apps released by Google.

This does not tell us whether any of Google's apps currently contains a universal back door, but that is a secondary question. In moral terms, demanding that people accept in advance certain bad treatment is equivalent to actually doing it. Whatever condemnation the latter deserves, the former deserves the same.
Added: 2020年03月25日 — Latest reference: 2017年03月07日
The CIA exploited existing vulnerabilities in “smart” TVs and phones to design a malware that spies through their microphones and cameras while making them appear to be turned off. Since the spyware sniffs signals, it bypasses encryption.
Added: 2020年03月04日 — Latest reference: 2020年03月01日
The Alipay Health Code app estimates whether the user has Covid-19 and tells the cops directly.
Added: 2020年02月24日 — Latest reference: 2019年11月19日
Internet-tethered Amazon Ring had a security vulnerability that enabled attackers to access the user's wifi password, and snoop on the household through connected surveillance devices.

Knowledge of the wifi password would not be sufficient to carry out any significant surveillance if the devices implemented proper security, including encryption. But many devices with proprietary software lack this. Of course, they are also used by their manufacturers for snooping.
Added: 2020年02月17日 — Latest reference: 2019年12月22日
The ToToc messaging app seems to be a spying tool for the government of the United Arab Emirates. Any nonfree program could be doing this, and that is a good reason to use free software instead.

Note: this article uses the word “free” in the sense of “gratis.”
Added: 2020年02月17日 — Latest reference: 2019年12月19日
Some Avast and AVG extensions for Firefox and Chrome were found to snoop on users' detailed browsing habits. Mozilla and Google removed the problematic extensions from their stores, but this shows once more how unsafe nonfree software can be. Tools that are supposed to protect a proprietary system are, instead, infecting it with additional malware (the system itself being the original malware).
Added: 2020年02月15日 — Latest reference: 2020年02月02日
Many Android apps fool their users by asking them to decide what permissions to give the program, and then bypassing these permissions.

The Android system is supposed to prevent data leaks by running apps in isolated sandboxes, but developers have found ways to access the data by other means, and there is nothing the user can do to stop them from doing so, since both the system and the apps are nonfree.
Added: 2020年02月15日 — Latest reference: 2019年12月17日
Most modern cars now record and send various kinds of data to the manufacturer. For the user, access to the data is nearly impossible, as it involves cracking the car's computer, which is always hidden and running with proprietary software.
Added: 2020年02月15日 — Latest reference: 2019年12月09日
iMonsters and Android phones, when used for work, give employers powerful snooping and sabotage capabilities if they install their own software on the device. Many employers demand to do this. For the employee, this is simply nonfree software, as fundamentally unjust and as dangerous as any other nonfree software.
Added: 2020年02月01日 — Latest reference: 2020年01月29日
The Amazon Ring app does surveillance for other companies as well as for Amazon.
Added: 2020年01月20日 — Latest reference: 2020年01月09日
Android phones subsidized by the US government come with preinstalled adware and a back door for forcing installation of apps.

The adware is in a modified version of an essential system configuration app. The back door is a surreptitious addition to a program whose stated purpose is to be a universal back door for firmware.

In other words, a program whose raison d'être is malicious has a secret secondary malicious purpose. All this is in addition to the malware of Android itself.
Added: 2019年10月31日 — Latest reference: 2019年10月13日
Safari occasionally sends browsing data from Apple devices in China to the Tencent Safe Browsing service, to check URLs that possibly correspond to “fraudulent” websites. Since Tencent collaborates with the Chinese government, its Safe Browsing black list most certainly contains the websites of political opponents. By linking the requests originating from single IP addresses, the government can identify dissenters in China and Hong Kong, thus endangering their lives.
Added: 2019年10月20日 — Latest reference: 2019年04月08日
Apple plans to require that all application software for MacOS be approved by Apple first.

Offering a checking service as an option could be useful and would not be wrong. Requiring users to get Apple's approval is tyranny. Apple says the check will only look for malware (not counting the malware that is part of the operating system), but Apple could change that policy step by step. Or perhaps Apple will define malware to include any app that the Chinese government does not like.

For free software, this means users will need to get Apple's approval after compilation. This amounts to a system of surveilling the use of free programs.
Added: 2019年10月19日 — Latest reference: 2019年10月13日
The Chinese Communist Party's “Study the Great Nation” app requires users to grant it access to the phone's microphone, photos, text messages, contacts, and internet history, and the Android version was found to contain a back-door allowing developers to run any code they wish in the users' phone, as “superusers.” Downloading and using this app is mandatory at some workplaces.

Note: The Washington Post version of the article (partly obfuscated, but readable after copy-pasting in a text editor) includes a clarification saying that the tests were only performed on the Android version of the app, and that, according to Apple, “this kind of ‘superuser’ surveillance could not be conducted on Apple's operating system.”
Added: 2019年10月16日 — Latest reference: 2019年10月07日
Apple censors the Taiwan flag in iOS on behalf of the Chinese government. When the region is set to Hong Kong, this flag is not visible in the emoji selection widget but is still accessible. When the region is set to mainland China, all attempts to display it will result in the “empty emoji” icon as if the flag never existed.

Thus, not only does Apple use the App Store as an instrument of censorship, it also uses the iThing operating system for that purpose.
Added: 2019年10月15日 — Latest reference: 2019年10月10日
Apple has banned the app that Hong Kong protesters use to communicate.

Obeying the “local laws” about what people can do with software is no excuse for censoring what software people can use.
Added: 2019年10月15日 — Latest reference: 2019年10月07日
Adobe has cancelled the software subscriptions of all users in Venezuela. This demonstrates how a requirement for subscription can be turned into a tool for sabotage.
Added: 2019年10月04日 — Latest reference: 2019年08月27日
A very popular app found in the Google Play store contained a module that was designed to secretly install malware on the user's computer. The app developers regularly used it to make the computer download and execute any code they wanted.

This is a concrete example of what users are exposed to when they run nonfree apps. They can never be completely sure that a nonfree app is safe.
Added: 2019年10月03日 — Latest reference: 2019年09月09日
The Facebook app tracks users even when it is turned off, after tricking them into giving the app broad permissions in order to use one of its functionalities.
Added: 2019年10月03日 — Latest reference: 2017年08月31日
The recent versions of Microsoft Office require the user to connect to Microsoft servers at least every thirty-one days. Otherwise, the software will refuse to edit any documents or create new ones. It will be restricted to viewing and printing.
Added: 2019年09月18日 — Latest reference: 2019年09月09日
Some nonfree period-tracking apps including MIA Fem and Maya send intimate details of users' lives to Facebook.
Added: 2019年09月16日 — Latest reference: 2019年09月16日
Tesla users claim Tesla force-installed software to cut down on battery range, rather than replace the defective batteries. Tesla did this to avoid having to run their warranty.

This means that proprietary software can potentially be a way to commit perjury with impunity.
Added: 2019年09月11日 — Latest reference: 2019年08月22日
ChromeBooks are programmed for obsolescence: ChromeOS has a universal back door that is used for updates and ceases to operate at a predefined date. From then on, there appears to be no support whatsoever for the computer.

In other words, when you stop getting screwed by the back door, you start getting screwed by the obsolescence.
Added: 2019年09月11日 — Latest reference: 2019年08月21日
Microsoft recorded users of Xboxes and had human workers listen to the recordings.

Morally, we see no difference between having human workers listen and having speech-recognition systems listen. Both intrude on privacy.
Added: 2019年09月10日 — Latest reference: 2019年09月06日
Keeping track of who downloads a proprietary program is a form of surveillance. There is a proprietary program for adjusting a certain telescopic rifle sight. A US prosecutor has demanded the list of all the 10,000 or more people who have installed it.

With a free program there would not be a list of who has installed it.
Added: 2019年09月10日 — Latest reference: 2019年08月31日
A series of vulnerabilities found in iOS allowed attackers to gain access to sensitive information including private messages, passwords, photos and contacts stored on the user's iMonster.

The deep insecurity of iMonsters is even more pertinent given that Apple's proprietary software makes users totally dependent on Apple for even a modicum of security. It also means that the devices do not even try to offer security against Apple itself.
Added: 2019年08月31日 — Latest reference: 2019年08月16日
A game published on Facebook aimed at leading children to spend large amounts of their parents' money without explaining it to them.
Added: 2019年08月23日 — Latest reference: 2019年08月13日
When Apple suspects a user of fraud, it judges the case secretly and presents the verdict as a fait accompli. The punishment to a user found guilty is being cut off for life, which more-or-less cripples the user's Apple devices forever. There is no appeal.
Added: 2019年08月15日 — Latest reference: 2019年08月15日
Skype refuses to say whether it can eavesdrop on calls.

That almost certainly means it can do so.
Added: 2019年08月15日 — Latest reference: 2019年08月15日
Apple is putting DRM on iPhone batteries, and the system proprietary software turns off certain features when batteries are replaced other than by Apple.
Added: 2019年08月06日 — Latest reference: 2019年08月02日
Out of 21 gratis Android antivirus apps that were tested by security researchers, eight failed to detect a test virus. All of them asked for dangerous permissions or contained advertising trackers, with seven being more risky than the average of the 100 most popular Android apps.

(Note that the article refers to these proprietary apps as “free”. It should have said “gratis” instead.)
Added: 2019年08月03日 — Latest reference: 2019年07月08日
Many unscrupulous mobile-app developers keep finding ways to bypass user's settings, regulations, and privacy-enhancing features of the operating system, in order to gather as much private data as they possibly can.

Thus, we can't trust rules against spying. What we can trust is having control over the software we run.
Added: 2019年07月21日 — Latest reference: 2019年07月21日
Google “Assistant” records users' conversations even when it is not supposed to listen. Thus, when one of Google's subcontractors discloses a thousand confidential voice recordings, users were easily identified from these recordings.

Since Google “Assistant” uses proprietary software, there is no way to see or control what it records or sends.

Rather than trying to better control the use of recordings, Google should not record or listen to the person's voice. It should only get commands that the user wants to send to some Google service.
Added: 2019年07月17日 — Latest reference: 2019年07月09日
Resourceful children figured out how to empty their parents' bank account buying packs of special players for an Electronic Arts soccer game.

The random element of these packs (also called “loot boxes”) makes the game strongly addictive, but the fact that players are pressured to spend more in order to get ahead of their competitors further qualifies it as predatory. Note that Belgium made these loot boxes illegal in 2018.

The only good reason to have a copy of such a proprietary game is to study it for free software development.
Added: 2019年07月16日 — Latest reference: 2019年07月10日
Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps.

The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.
Added: 2019年07月15日 — Latest reference: 2019年07月08日
Many Android apps can track users' movements even when the user says not to allow them access to locations.

This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps.
Added: 2019年07月15日 — Latest reference: 2018年09月21日
Clash of Clans is a good example of a gratis mobile game that its developers made very addictive for a large proportion of its users—and turned into a cash machine for themselves—by using psychological manipulation techniques.

(The article uses “free” to mean “zero price,” which is a usage we should avoid. We recommend saying “gratis” instead.)
Added: 2019年06月27日 — Latest reference: 2019年06月22日
Google Chrome is an instrument of surveillance. It lets thousands of trackers invade users' computers and report the sites they visit to advertising and data companies, first of all to Google. Moreover, if users have a Gmail account, Chrome automatically logs them in to the browser for more convenient profiling. On Android, Chrome also reports their location to Google.

The best way to escape surveillance is to switch to IceCat, a modified version of Firefox with several changes to protect users' privacy.
Added: 2019年06月10日 — Latest reference: 2019年05月28日
In spite of Apple's supposed commitment to privacy, iPhone apps contain trackers that are busy at night sending users' personal information to third parties.

The article mentions specific examples: Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post, The Weather Channel (owned by IBM), the crime-alert service Citizen, Yelp and DoorDash. But it is likely that most nonfree apps contain trackers. Some of these send personally identifying data such as phone fingerprint, exact location, email address, phone number or even delivery address (in the case of DoorDash). Once this information is collected by the company, there is no telling what it will be used for.
Added: 2019年06月01日 — Latest reference: 2019年05月30日
The Femm “fertility” app is secretly a tool for propaganda by natalist Christians. It spreads distrust for contraception.

It snoops on users, too, as you must expect from nonfree programs.
Added: 2019年05月29日 — Latest reference: 2019年05月06日
Amazon Alexa collects a lot more information from users than is necessary for correct functioning (time, location, recordings made without a legitimate prompt), and sends it to Amazon's servers, which store it indefinitely. Even worse, Amazon forwards it to third-party companies. Thus, even if users request deletion of their data from Amazon's servers, the data remain on other servers, where they can be accessed by advertising companies and government agencies. In other words, deleting the collected information doesn't cancel the wrong of collecting it.

Data collected by devices such as the Nest thermostat, the Philips Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos speakers are likewise stored longer than necessary on the servers the devices are tethered to. Moreover, they are made available to Alexa. As a result, Amazon has a very precise picture of users' life at home, not only in the present, but in the past (and, who knows, in the future too?)
Added: 2019年05月18日 — Latest reference: 2019年05月15日
Users caught in the jail of an iMonster are sitting ducks for other attackers, and the app censorship prevents security companies from figuring out how those attacks work.

Apple's censorship of apps is fundamentally unjust, and would be inexcusable even if it didn't lead to security threats as well.
Added: 2019年05月10日 — Latest reference: 2019年05月06日
BlizzCon 2019 imposed a requirement to run a proprietary phone app to be allowed into the event.

This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has near-complete control over the phone.
Added: 2019年05月08日 — Latest reference: 2019年04月26日
The Jibo robot toys were tethered to the manufacturer's server, and the company made them all cease to work by shutting down that server.

The shutdown might ironically be good for their users, since the product was designed to manipulate people by presenting a phony semblance of emotions, and was most certainly spying on them.
Added: 2019年05月08日 — Latest reference: 2019年02月01日
The FordPass Connect feature of some Ford vehicles has near-complete access to the internal car network. It is constantly connected to the cellular phone network and sends Ford a lot of data, including car location. This feature operates even when the ignition key is removed, and users report that they can't disable it.

If you own one of these cars, have you succeeded in breaking the connectivity by disconnecting the cellular modem, or wrapping the antenna in aluminum foil?
Added: 2019年04月27日 — Latest reference: 2019年04月24日
Some of users' commands to the Alexa service are recorded for Amazon employees to listen to. The Google and Apple voice assistants do similar things.

A fraction of the Alexa service staff even has access to location and other personal data.

Since the client program is nonfree, and data processing is done “in the cloud” (a soothing way of saying “We won't tell you how and where it's done”), users have no way to know what happens to the recordings unless human eavesdroppers break their non-disclosure agreements.
Added: 2019年04月22日 — Latest reference: 2019年04月21日
As of April 2019, it is no longer possible to disable an unscrupulous tracking anti-feature that reports users when they follow ping links in Apple Safari, Google Chrome, Opera, Microsoft Edge and also in the upcoming Microsoft Edge that is going to be based on Chromium.
Added: 2019年04月22日 — Latest reference: 2019年04月13日
Data collected by menstrual and pregnancy monitoring apps is often available to employers and insurance companies. Even though the data is “anonymized and aggregated,” it can easily be traced back to the woman who uses the app.

This has harmful implications for women's rights to equal employment and freedom to make their own pregnancy choices. Don't use these apps, even if someone offers you a reward to do so. A free-software app that does more or less the same thing without spying on you is available from F-Droid, and a new one is being developed.
Added: 2019年04月21日 — Latest reference: 2019年04月04日
Microsoft has been force-installing a “remediation” program on computers running certain versions of Windows 10. Remediation, in Microsoft's view, means tampering with users' settings and files, notably to “repair” any components of the updating system that users may have intentionally disabled, and thus regain full power over them. Microsoft repeatedly pushed faulty versions of this program to users' machines, causing numerous problems, some of which critical.

This exemplifies the arrogant and manipulative attitude that proprietary software developers have learned to adopt toward the people they are supposedly serving. Migrate to a free operating system if you can!

If your employer makes you run Windows, tell the financial department how this wastes your time dealing with endless connections and premature hardware failures.
Added: 2019年04月20日 — Latest reference: 2019年04月15日
Volkswagen programmed its car engine computers to detect the Environmental Protection Agency's emission tests, and run dirty the rest of the time. In real driving, the cars exceeded emissions standards by a factor of up to 35.

Using free software would not have stopped Volkswagen from programming it this way, but would have made it harder to conceal, and given the users the possibility of correcting the deception.

Former executives of Volkswagen are being sued over this fraud.
Added: 2019年04月18日 — Latest reference: 2019年04月13日
Google tracks the movements of Android phones and iPhones running Google apps, and sometimes saves the data for years.

Nonfree software in the phone has to be responsible for sending the location data to Google.
Added: 2019年04月18日 — Latest reference: 2018年11月23日
An Android phone was observed to track location even while in airplane mode. It didn't send the location data while in airplane mode. Instead, it saved up the data, and sent them all later.
Added: 2019年04月17日 — Latest reference: 2019年04月04日
Ebooks “bought” from Microsoft's store check that their DRM is valid by connecting to the store every time their “owner” wants to read them. Microsoft is going to close this store, bricking all DRM'ed ebooks it has ever “sold”. (The article additionally highlights the pitfalls of DRM.)

This is another proof that a DRM-encumbered product doesn't belong to the person who bought it. Microsoft said it will refund customers, but this is no excuse for selling them restricted books.
Added: 2019年04月15日 — Latest reference: 2019年03月28日
OfficeMax cheated customers by using proprietary “PC Health Check” software rigged to give false results, deceiving the customer into thinking per computer was infected and buy unneeded support services from the company.
Added: 2019年04月11日 — Latest reference: 2019年03月21日
The Medtronics Conexus Telemetry Protocol has two vulnerabilities that affect several models of implantable defibrillators and the devices they connect to.

This protocol has been around since 2006, and similar vulnerabilities were discovered in an earlier Medtronics communication protocol in 2008. Apparently, nothing was done by the company to correct them. This means you can't rely on proprietary software developers to fix bugs in their products.
Added: 2019年04月09日 — Latest reference: 2019年03月28日
Car companies are coming up with a list of clever reasons why they “have to” put cameras and microphones in the car.

BMW says its software does not store any driver-monitoring information. If this means none of the data that come out of the cameras and microphones can be seen by anyone else, the cameras and microphones are not dangerous. But should we trust this claim? The only way it can deserve rational trust is if the software is free.
Added: 2019年04月09日 — Latest reference: 2019年03月25日
Many Android phones come with a huge number of preinstalled nonfree apps that have access to sensitive data without users' knowledge. These hidden apps may either call home with the data, or pass it on to user-installed apps that have access to the network but no direct access to the data. This results in massive surveillance on which the user has absolutely no control.
Added: 2019年04月05日 — Latest reference: 2019年03月29日
Tesla cars collect lots of personal data, and when they go to a junkyard the driver's personal data goes with them.
Added: 2019年04月01日 — Latest reference: 2019年03月25日
The British supermarket Tesco sold tablets which were tethered to Tesco's server for reinstalling default settings. Tesco turned off the server for old models, so now if you try to reinstall the default settings, it bricks them instead.
Added: 2019年03月28日 — Latest reference: 2019年03月20日
A study of 24 “health” apps found that 19 of them send sensitive personal data to third parties, which can use it for invasive advertising or discriminating against people in poor medical condition.

Whenever user “consent” is sought, it is buried in lengthy terms of service that are difficult to understand. In any case, “consent” is not sufficient to legitimize snooping.
Added: 2019年03月28日 — Latest reference: 2019年03月20日
Volvo plans to install cameras inside cars to monitor the driver for signs of impairment that could cause an accident.

However, there is nothing to prevent these cameras from doing other things, such as biometrically identifying the driver or passengers, other than proprietary software which Volvo—or various governments and criminals—could change at any time.
Added: 2019年03月26日 — Latest reference: 2017年04月13日
Low-priced Chromebooks for schools are collecting far more data on students than is necessary, and store it indefinitely. Parents and students complain about the lack of transparency on the part of both the educational services and the schools, the difficulty of opting out of these services, and the lack of proper privacy policies, among other things.

But complaining is not sufficient. Parents, students and teachers should realize that the software Google uses to spy on students is nonfree, so they can't verify what it really does. The only remedy is to persuade school officials to exclusively use free software for both education and school administration. If the school is run locally, parents and teachers can mandate their representatives at the School Board to refuse the budget unless the school initiates a switch to free software. If education is run nation-wide, they need to persuade legislators (e.g., through free software organizations, political parties, etc.) to migrate the public schools to free software.
Added: 2019年03月23日 — Latest reference: 2017年01月27日
A cracker would be able to turn the Oculus Rift sensors into spy cameras after breaking into the computer they are connected to.

(Unfortunately, the article improperly refers to crackers as “hackers”.)
Added: 2019年03月13日 — Latest reference: 2018年11月30日
In China, it is mandatory for electric cars to be equipped with a terminal that transfers technical data, including car location, to a government-run platform. In practice, manufacturers collect this data as part of their own spying, then forward it to the government-run platform.
Added: 2019年03月11日 — Latest reference: 2019年03月08日
Malware installed into the processor in a hard drive could use the disk itself as a microphone to detect speech.

The article refers to the “Linux operating system” but seems to mean GNU/Linux. That hack would not require changing Linux itself.
Added: 2019年03月10日 — Latest reference: 2015年07月29日
Game Of War: Fire Age is an iPhone game with addictive features which are based on behavioral manipulation techniques, compounded with group emulation. After a fairly easy start, the game slows down and becomes more difficult, so gamers are led to spend more and more money in order to keep up with their group. And if they stop playing for a while, the equipment they invested in gets destroyed by the “enemy” unless they buy an expensive “shield” to protect it. This game is also deceptive, as it uses confusing menus and complex stats to obfuscate true monetary costs.
Added: 2019年03月04日 — Latest reference: 2019年02月27日
The Ring doorbell camera is designed so that the manufacturer (now Amazon) can watch all the time. Now it turns out that anyone else can also watch, and fake videos too.

The third party vulnerability is presumably unintentional and Amazon will probably fix it. However, we do not expect Amazon to change the design that allows Amazon to watch.
Added: 2019年03月04日 — Latest reference: 2019年02月14日
The AppCensus database gives information on how Android apps use and misuse users' personal data. As of March 2019, nearly 78,000 have been analyzed, of which 24,000 (31%) transmit the Advertising ID to other companies, and 18,000 (23% of the total) link this ID to hardware identifiers, so that users cannot escape tracking by resetting it.

Collecting hardware identifiers is in apparent violation of Google's policies. But it seems that Google wasn't aware of it, and, once informed, was in no hurry to take action. This proves that the policies of a development platform are ineffective at preventing nonfree software developers from including malware in their programs.
Added: 2019年02月28日 — Latest reference: 2019年02月23日
Facebook offered a convenient proprietary library for building mobile apps, which also sent personal data to Facebook. Lots of companies built apps that way and released them, apparently not realizing that all the personal data they collected would go to Facebook as well.

It shows that no one can trust a nonfree program, not even the developers of other nonfree programs.
Added: 2019年02月28日 — Latest reference: 2019年02月08日
The HP “ink subscription” cartridges have DRM that constantly communicates with HP servers to make sure the user is still paying for the subscription, and hasn't printed more pages than were paid for.

Even though the ink subscription program may be cheaper in some specific cases, it spies on users, and involves totally unacceptable restrictions in the use of ink cartridges that would otherwise be in working order.
Added: 2019年02月22日 — Latest reference: 2019年01月07日
Vizio TVs collect “whatever the TV sees,” in the own words of the company's CTO, and this data is sold to third parties. This is in return for “better service” (meaning more intrusive ads?) and slightly lower retail prices.

What is supposed to make this spying acceptable, according to him, is that it is opt-in in newer models. But since the Vizio software is nonfree, we don't know what is actually happening behind the scenes, and there is no guarantee that all future updates will leave the settings unchanged.

If you already own a Vizio “smart” TV (or any “smart” TV, for that matter), the easiest way to make sure it isn't spying on you is to disconnect it from the Internet, and use a terrestrial antenna instead. Unfortunately, this is not always possible. Another option, if you are technically oriented, is to get your own router (which can be an old computer running completely free software), and set up a firewall to block connections to Vizio's servers. Or, as a last resort, you can replace your TV with another model.
Added: 2019年02月21日 — Latest reference: 2019年02月20日
Some portable surveillance devices (“phones”) now have fingerprint sensors in the display. Does that imply they could take the fingerprint of anyone who operates the touch screen?
Added: 2019年02月20日 — Latest reference: 2019年02月04日
Twenty nine “beauty camera” apps that used to be on Google Play had one or more malicious functionalities, such as stealing users' photos instead of “beautifying” them, pushing unwanted and often malicious ads on users, and redirecting them to phishing sites that stole their credentials. Furthermore, the user interface of most of them was designed to make uninstallation difficult.

Users should of course uninstall these dangerous apps if they haven't yet, but they should also stay away from nonfree apps in general. All nonfree apps carry a potential risk because there is no easy way of knowing what they really do.
Added: 2019年02月13日 — Latest reference: 2019年02月06日
Many nonfree apps have a surveillance feature for recording all the users' actions in interacting with the app.
Added: 2019年02月08日 — Latest reference: 2019年02月01日
An investigation of the 150 most popular gratis VPN apps in Google Play found that 25% fail to protect their users' privacy due to DNS leaks. In addition, 85% feature intrusive permissions or functions in their source code—often used for invasive advertising—that could potentially also be used to spy on users. Other technical flaws were found as well.

Moreover, a previous investigation had found that half of the top 10 gratis VPN apps have lousy privacy policies.

(It is unfortunate that these articles talk about “free apps.” These apps are gratis, but they are not free software.)
Added: 2019年02月07日 — Latest reference: 2019年02月04日
Google invites people to let Google monitor their phone use, and all internet use in their homes, for an extravagant payment of 20ドル.

This is not a malicious functionality of a program with some other purpose; this is the software's sole purpose, and Google says so. But Google says it in a way that encourages most people to ignore the details. That, we believe, makes it fitting to list here.
Added: 2019年02月03日 — Latest reference: 2019年01月23日
Google is modifying Chromium so that extensions won't be able to alter or block whatever the page contains. Users could conceivably reverse the change in a fork of Chromium, but surely Chrome (nonfree) will have the same change, and users can't fix it there.
Added: 2019年02月02日 — Latest reference: 2018年12月29日
Around 40% of gratis Android apps report on the user's actions to Facebook.

Often they send the machine's “advertising ID,” so that Facebook can correlate the data it obtains from the same machine via various apps. Some of them send Facebook detailed information about the user's activities in the app; others only say that the user is using that app, but that alone is often quite informative.

This spying occurs regardless of whether the user has a Facebook account.
Added: 2019年02月02日 — Latest reference: 2018年11月02日
Foundry's graphics software reports information to identify who is running it. The result is often a legal threat demanding a lot of money.

The fact that this is used for repression of forbidden sharing makes it even more vicious.

This illustrates that making unauthorized copies of nonfree software is not a cure for the injustice of nonfree software. It may avoid paying for the nasty thing, but cannot make it less nasty.
Added: 2019年01月28日 — Latest reference: 2019年01月11日
Samsung phones come preloaded with a version of the Facebook app that can't be deleted. Facebook claims this is a stub which doesn't do anything, but we have to take their word for it, and there is the permanent risk that the app will be activated by an automatic update.

Preloading crapware along with a nonfree operating system is common practice, but by making the crapware undeletable, Facebook and Samsung (among others) are going one step further in their hijacking of users' devices.
Added: 2019年01月21日 — Latest reference: 2019年01月10日
Until 2015, any tweet that listed a geographical tag sent the precise GPS location to Twitter's server. It still contains these GPS locations.
Added: 2019年01月15日 — Latest reference: 2016年12月29日
In the game Fruit Pop, the player buys boosts with coins to get a high score. The player gets coins at the end of each game, and can buy more coins with real money.

Getting a higher score once leads the player to desire higher score again later. But the higher score resulting from the boost does not give the player more coins, and does not help the player get a higher score in subsequent games. To get that, the player will need a boost frequently, and usually has to pay real money for that. Since boosts are exciting and entertaining, the player is subtly pushed to purchase more coins with real money to get boosts, and it can develop into a costly habit.
Added: 2019年01月14日 — Latest reference: 2016年12月14日
The Microsoft Telemetry Compatibility service drastically reduces the performances of machines running Windows 10, and can't be disabled easily.
Added: 2019年01月13日 — Latest reference: 2019年01月10日
Amazon Ring “security” devices send the video they capture to Amazon servers, which save it long-term.

In many cases, the video shows everyone that comes near, or merely passes by, the user's front door.

The article focuses on how Ring used to let individual employees look at the videos freely. It appears Amazon has tried to prevent that secondary abuse, but the primary abuse—that Amazon gets the video—Amazon expects society to surrender to.
Added: 2019年01月06日 — Latest reference: 2019年01月05日
The Weather Channel app stored users' locations to the company's server. The company is being sued, demanding that it notify the users of what it will do with the data.

We think that lawsuit is about a side issue. What the company does with the data is a secondary issue. The principal wrong here is that the company gets that data at all.

Other weather apps, including Accuweather and WeatherBug, are tracking people's locations.
Added: 2019年01月01日 — Latest reference: 2018年12月30日
New GM cars offer the feature of a universal back door.

Every nonfree program offers the user zero security against its developer. With this malfeature, GM has explicitly made things even worse.
Added: 2018年12月11日 — Latest reference: 2018年12月06日
Facebook's app got “consent” to upload call logs automatically from Android phones while disguising what the “consent” was for.
Added: 2018年12月04日 — Latest reference: 2018年11月27日
Many web sites use JavaScript code to snoop on information that users have typed into a form but not sent, in order to learn their identity. Some are getting sued for this.

The chat facilities of some customer services use the same sort of malware to read what the user is typing before it is posted.
Added: 2018年11月13日 — Latest reference: 2018年11月10日
Corel Paintshop Pro has a back door that can make it cease to function.

The article is full of confusions, errors and biases that we have an obligation to expose, given that we are making a link to them.
- Getting a patent does not “enable” a company to do any particular thing in its products. What it does enable the company to do is sue other companies if they do some particular thing in their products.
- A company's policies about when to attack users through a back door are beside the point. Inserting the back door is wrong in the first place, and using the back door is always wrong too. No software developer should have that power over users.
- “Piracy” means attacking ships. Using that word to refer to sharing copies is a smear; please don't smear sharing.
- The idea of “protecting our IP” is total confusion. The term “IP” itself is a bogus generalization about things that have nothing in common.
  
  In addition, to speak of “protecting” that bogus generalization is a separate absurdity. It's like calling the cops because neighbors' kids are playing on your front yard, and saying that you're “protecting the boundary line”. The kids can't do harm to the boundary line, not even with a jackhammer, because it is an abstraction and can't be affected by physical action.
Added: 2018年11月04日 — Latest reference: 2018年10月30日
Nearly all “home security cameras” give the manufacturer an unencrypted copy of everything they see. “Home insecurity camera” would be a better name!

When Consumer Reports tested them, it suggested that these manufacturers promise not to look at what's in the videos. That's not security for your home. Security means making sure they don't get to see through your camera.
Added: 2018年10月30日 — Latest reference: 2018年10月24日
Some Android apps track the phones of users that have deleted them.
Added: 2018年10月29日 — Latest reference: 2018年10月24日
Apple and Samsung deliberately degrade the performance of older phones to force users to buy their newer phones.
Added: 2018年10月26日 — Latest reference: 2018年10月23日
GM tracked the choices of radio programs in its “connected” cars, minute by minute.

GM did not get users' consent, but it could have got that easily by sneaking it into the contract that users sign for some digital service or other. A requirement for consent is effectively no protection.

The cars can also collect lots of other data: listening to you, watching you, following your movements, tracking passengers' cell phones. All such data collection should be forbidden.

But if you really want to be safe, we must make sure the car's hardware cannot collect any of that data, or that the software is free so we know it won't collect any of that data.
Added: 2018年10月22日 — Latest reference: 2018年10月15日
Printer manufacturers are very innovative—at blocking the use of independent replacement ink cartridges. Their “security upgrades” occasionally impose new forms of cartridge DRM. HP and Epson have done this.
Added: 2018年10月11日 — Latest reference: 2018年07月31日
A nonfree video game, available through the nonfree Steam client, included a “miner”, i.e. an executable that hijacks the CPU in users' computers to mine a cryptocurrency.
Added: 2018年10月11日 — Latest reference: 2018年05月08日
A cracker used an exploit in outdated software to inject a “miner” in web pages served to visitors. This type of malware hijacks the computer's processor to mine a cryptocurrency.

(Note that the article refers to the infected software as “content management system”. A better term would be “website revision system”.)

Since the miner was a nonfree JavaScript program, visitors wouldn't have been affected if they had used LibreJS. Some browser extensions that specifically block JavaScript miners are also available.
Added: 2018年10月01日 — Latest reference: 2018年09月26日
Honeywell's “smart” thermostats communicate only through the company's server. They have all the nasty characteristics of such devices: surveillance, and danger of sabotage (of a specific user, or of all users at once), as well as the risk of an outage (which is what just happened).

In addition, setting the desired temperature requires running nonfree software. With an old-fashioned thermostat, you can do it using controls right on the thermostat.
Added: 2018年09月25日 — Latest reference: 2018年09月24日
Researchers have discovered how to hide voice commands in other audio, so that people cannot hear them, but Alexa and Siri can.
Added: 2018年09月22日 — Latest reference: 2018年09月14日
Android has a back door for remotely changing “user” settings.

The article suggests it might be a universal back door, but this isn't clear.
Added: 2018年09月18日 — Latest reference: 2018年09月12日
One version of Windows 10 harangues users if they try to install Firefox (or Chrome).
Added: 2018年09月15日 — Latest reference: 2017年12月06日
Learn how gratis-to-play-and-not-win-much games manipulate their useds psychologically.

These manipulative behaviors are malicious functionalities, and they are possible because the game is proprietary. If it were free, people could publish a non-manipulative version and play that instead.
Added: 2018年08月24日 — Latest reference: 2018年06月24日
Red Shell is a spyware that is found in many proprietary games. It tracks data on users' computers and sends it to third parties.
Added: 2018年08月24日 — Latest reference: 2005年10月20日
Blizzard Warden is a hidden “cheating-prevention” program that spies on every process running on a gamer's computer and sniffs a good deal of personal data, including lots of activities which have nothing to do with cheating.
Added: 2018年07月15日 — Latest reference: 2018年06月25日
The game Metal Gear Rising for MacOS was tethered to a server. The company shut down the server, and all copies stopped working.
Added: 2018年02月10日 — Latest reference: 2018年03月30日
In MacOS and iOS, the procedure for converting images from the Photos format to a free format is so tedious and time-consuming that users just give up if they have a lot of them.

Proprietary malware

= All items added since 2018 =

By type

By product

By company

Articles

UHD Blu-ray Denies Your Freedom