/proprietary/malware-amazon.html-diff
<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Amazon's Software Is Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<!--#include virtual="/proprietary/po/malware-amazon.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="32"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="24"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
By company /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Amazon's Software Is Malware</h2>
<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>
<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>
<div id="TOC" class="toc-inline">
<ul>
<li> <a href="#swindle">Kindle Swindle</a> </li>
<li> <a href="#echo">Echo</a> </li>
<li> <a href="#misc">Other products</a> </li>
</ul>
</div>
<div class="big-section">
<h3 id="swindle">Kindle Swindle</h3>
</div>
<div style="clear: left;"></div>
<p>We refer to this product as the
<a href="/philosophy/why-call-it-the-swindle.html">Amazon Swindle</a>
because it has <a href="/proprietary/proprietary-drm.html">Digital restrictions
management (DRM)</a> and <a href="/philosophy/ebooks.html">
other malicious functionalities</a>.</p>
<h4 id="back-doors">Back Doors</h4>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201503210">
<!--#set var="DATE" value='<small class="date-tag">2015-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon <a
(削除) href="https://www.techdirt.com/articles/20150321/13350230396/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices.shtml"> (削除ここまで)
(追記) href="https://www.techdirt.com/2015/03/24/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices/"> (追記ここまで)
downgraded the software in users' Swindles</a> so that those already
rooted would cease to function at all.</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201210220.1">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Kindle-Swindle has a back door that has been used to <a
(削除) href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/"> (削除ここまで)
(追記) href="https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/"> (追記ここまで)
remotely erase books</a>. One of the books erased was
<cite>1984</cite>, by George Orwell.</p>
<p>Amazon responded to criticism by saying it
would delete books only following orders from the
state. However, that policy didn't last. In 2012 it <a
(削除) href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html"> (削除ここまで)
(追記) href="https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html"> (追記ここまで)
wiped a user's Kindle-Swindle and deleted her account</a>, then
offered her kafkaesque “explanations.”</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li (削除) id="M200700000"> (削除ここまで) (追記) id="M201207150"> (追記ここまで)
<!--#set var="DATE" value='<small (削除) class="date-tag">[2007]</small>' (削除ここまで) (追記) class="date-tag">2012-07</small>' (追記ここまで)
--><!--#echo encoding="none" var="DATE" -->
<p>The Kindle also has a <a
(削除) href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090"> (削除ここまで)
(追記) href="https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090"> (追記ここまで)
universal back door</a>.</p>
</li>
</ul>
<h4 id="surveillance">Surveillance</h4>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M202001290">
<!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Ring app does <a
href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
surveillance for other companies as well as for Amazon</a>.</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201902270">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Ring doorbell camera is designed so that the
manufacturer (now Amazon) can watch all the time. Now it turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do not expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows
Amazon to watch</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201901100">
<!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html">
send the video they capture to Amazon servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone that comes near, or merely
passes by, the user's front door.</p>
<p>The article focuses on how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but the primary abuse—that Amazon gets the
video—Amazon expects society to surrender to.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M201411090">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon “Smart” TV is <a
href="https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201212030.1">
<!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Electronic Frontier Foundation has examined and found <a
href="https://www.eff.org/pages/reader-privacy-chart-2012">various
kinds of surveillance in the Swindle and other e-readers</a>.</p>
</li>
</ul>
<h4 id="drm">DRM</h4>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M202103100">
<!--#set var="DATE" value='<small class="date-tag">2021-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon's monopoly and DRM is <a
href="https://www.washingtonpost.com/technology/2021/03/10/amazon-library-ebook-monopoly/">stopping
public libraries from lending e-books and
audiobooks</a>. Amazon became powerful in e-book world by <a
href="/philosophy/why-call-it-the-swindle.html">Swindle</a>,
and is now misusing its power and violates people's rights using
<a href="https://www.defectivebydesign.org">Digital Restrictions
Management</a>.</p>
<p>The article is written in a way that endorses DRM in general, which
is unacceptable. <a href="/proprietary/proprietary-drm.html">DRM is
an injustice to people</a>.</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201704130.1">
<!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="https://itstillworks.com/kindle-drm-17841.html">
The Amazon Kindle has DRM</a>. That article is flawed in that it
fails to treat DRM as an ethical question; it takes for granted that
whatever Amazon might do to its users is legitimate. It refers to
DRM as digital “rights” management, which is the spin
term used to promote DRM. Nonetheless it serves as a reference for
the facts.</p>
</li>
</ul>
<div class="big-section">
<h3 id="echo">Echo</h3>
</div>
<div style="clear: left;"></div>
<h4 id="echo-back-doors">Back Doors</h4>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201606060">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Echo appears to have a universal back door, since <a
href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
it installs “updates” automatically</a>.</p>
<p>We have found nothing explicitly documenting the lack of any way
to disable remote changes to the software, so we are not completely
sure there isn't one, but this seems pretty clear.</p>
</li>
</ul>
<h4 id="echo-surveillance">Surveillance</h4>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
<li id="M202503150">
<!--#set var="DATE" value='<small class="date-tag">2025-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon arbitrarily decided to <a
href="https://pluralistic.net/2025/03/15/altering-the-deal/#telescreen">
make all Echo devices send all the audio they hear to Amazon
servers</a>, even if the “owner” of the device specified
local processing.</p>
<p>The server will figure out what (if anything) someone asked it
to do.</p>
<p>What else will it do with that recording? There are no limits
except management's will. It might save some of the utterances it
hears, and present them years later to the political police.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201905061">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon Alexa collects a lot more information from users
than is necessary for correct functioning (time, location,
recordings made without a legitimate prompt), and sends
it to Amazon's servers, which store it indefinitely. Even
worse, Amazon forwards it to third-party companies. Thus,
even if users request deletion of their data from Amazon's servers, <a
(削除) href="https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php"> (削除ここまで)
(追記) href="https://web.archive.org/web/20190507014804/https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php"> (追記ここまで)
the data remain on other servers</a>, where they can be accessed by
advertising companies and government agencies. In other words,
deleting the collected information doesn't cancel the wrong of
collecting it.</p>
<p>Data collected by devices such as the Nest thermostat, the Philips
Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
speakers are likewise stored longer than necessary on the servers
the devices are tethered to. Moreover, they are made available to
Alexa. As a result, Amazon has a very precise picture of users' life
at home, not only in the present, but in the past (and, who knows,
in the future too?)</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201904240">
<!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some of users' commands to the Alexa service are <a
href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
recorded for Amazon employees to listen to</a>. The Google and Apple
voice assistants do similar things.</p>
<p>A fraction of the Alexa service staff even has access to <a
(削除) href="https://www.bnnbloomberg.ca/amazon-s-alexa-reviewers-can-access-customers-home-addresses-1.1248788"> (削除ここまで)
(追記) href="https://news.bloomberglaw.com/tech-and-telecom-law/amazons-alexa-reviewers-can-access-customers-home-addresses"> (追記ここまで)
location and other personal data</a>.</p>
<p>Since the client program is nonfree, and data processing is done
“<a href="/philosophy/words-to-avoid.html#CloudComputing">in
the cloud</a>” (a soothing way of saying “We won't
tell you how and where it's done”), users have no way
to know what happens to the recordings unless human eavesdroppers <a
(削除) href="https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033"> (削除ここまで)
(追記) href="https://web.archive.org/web/20240416214211/https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033"> (追記ここまで)
break their non-disclosure agreements</a>.</p>
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201808120">
<!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Crackers found a way to break the security of an Amazon device,
and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
turn it into a listening device</a> for them.</p>
<p>It was very difficult for them to do this. The job would be much
easier for Amazon. And if some government such as China or the US
told Amazon to do this, or cease to sell the product in that country,
do you think Amazon would have the moral fiber to say no?</p>
<p><small>(These crackers are probably hackers too, but please <a
href="https://stallman.org/articles/on-hacking.html"> don't use
“hacking” to mean “breaking security”</a>.)</small></p>
</li>
</ul>
<div class="big-section">
<h3 id="misc">Other products</h3>
</div>
<div style="clear: left;"></div>
<ul class="blurbs">
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li (削除) id="M201912170"> (削除ここまで) (追記) id="M202204040"> (追記ここまで)
<!--#set var="DATE" value='<small (削除) class="date-tag">2019-12</small>' (削除ここまで) (追記) class="date-tag">2022-04</small>' (追記ここまで)
--><!--#echo encoding="none" var="DATE" -->
(削除) <p>Some security breakers (wrongly referred in this article as <a
href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a>)
managed to interfere the (削除ここまで)
(追記) <p>New (追記ここまで) Amazon (削除) Ring proprietary system, and (削除ここまで) (追記) worker chat app (追記ここまで) <a
(削除) href="https://www.theguardian.com/technology/2019/dec/13/ring-hackers-reportedly-watching-talking-strangers-in-home-cameras">access
its camera, speakers (削除ここまで)
(追記) href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would
ban specific words Amazon doesn't like</a>, such as
“union”, “restrooms”, (追記ここまで) and (削除) microphones</a>.</p>
</li>
<li id="M201902270">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Ring (now Amazon) doorbell camera is designed so that (削除ここまで) (追記) “pay
raise”. If (追記ここまで) the
(削除) manufacturer (now Amazon) can watch all (削除ここまで) (追記) app was free, workers could modify (追記ここまで) the (削除) time. Now (削除ここまで) (追記) program
so (追記ここまで) it (削除) turns out
that <a
href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
anyone else can also watch, and fake videos too</a>.</p>
<p>The third party vulnerability is presumably
unintentional and Amazon will probably fix it. However, we
do (削除ここまで) (追記) acts as they wish, (追記ここまで) not (削除) expect Amazon to change the design that <a
href="/proprietary/proprietary-surveillance.html#M201901100">allows (削除ここまで) (追記) how (追記ここまで) Amazon (削除) to watch</a>.</p> (削除ここまで) (追記) wants it.</p> (追記ここまで)
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li (削除) id="M201901100"> (削除ここまで) (追記) id="M201911190"> (追記ここまで)
<!--#set var="DATE" value='<small (削除) class="date-tag">2019-01</small>' (削除ここまで) (追記) class="date-tag">2019-11</small>' (追記ここまで)
--><!--#echo encoding="none" var="DATE" -->
(削除) <p>Amazon Ring “security” devices <a
href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/">
send the video they capture to (削除ここまで)
(追記) <p>Internet-tethered (追記ここまで) Amazon (削除) servers</a>, which save it
long-term.</p>
<p>In many cases, the video shows everyone (削除ここまで) (追記) Ring had
a security vulnerability (追記ここまで) that (削除) comes near, or merely
passes by, (削除ここまで) (追記) enabled attackers to <a
href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
access (追記ここまで) the user's (削除) front door.</p>
<p>The article focuses (削除ここまで) (追記) wifi password</a>, and snoop (追記ここまで) on (削除) how Ring used to let individual employees look
at the videos freely. It appears Amazon has tried to prevent that
secondary abuse, but (削除ここまで) the (削除) primary abuse—that Amazon gets (削除ここまで) (追記) household
through connected surveillance devices.</p>
<p>Knowledge of (追記ここまで) the
(削除) video—Amazon expects society (削除ここまで) (追記) wifi password would not be sufficient (追記ここまで) to (削除) surrender to.</p> (削除ここまで) (追記) carry
out any significant surveillance if the devices implemented proper
security, including encryption. But many devices with proprietary
software lack this. Of course, they are also used by their
manufacturers for snooping.</p> (追記ここまで)
</li>
(追記) <!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. --> (追記ここまで)
<li id="M201711200">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Amazon recently invited consumers to be suckers and <a
(削除) href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo"> (削除ここまで)
(追記) href="https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/"> (追記ここまで)
allow delivery staff to open their front doors</a>. Wouldn't you know
it, the system has a grave security flaw.</p>
</li>
(削除) <li id="M201411090">
<!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon “Smart” TV is <a
href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
snooping all the time</a>.</p>
</li> (削除ここまで)
</ul>
</div>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © (削除) 2014-2022 (削除ここまで) (追記) 2014-2025 (追記ここまで) Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025年06月04日 09:35:19 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>