<!--#includevirtual="/server/header.html"virtual="/server/html5-header.html" --> <!-- Parent-Version:1.841.96 --> <!-- This page is derived from /server/standards/boilerplate.html --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Software - GNU Project - Free Software Foundation</title> <!--#include virtual="/proprietary/po/proprietary.translist" --> <style type="text/css" media="print,screen">div.companies<!-- #skiplinks .button { float:right; margin-bottom:left; margin: .5em; }div.malfunctions#skiplinks .button a { display: inline-block; } #about-section { font-size: 1.1em; font-style: italic; } table#TOC { display: block; max-width:27em;100%; width: max-content; overflow: auto; border: .2em solid #e0dfda; margin: 2.5em auto; }<!-- div.toc h3#TOC th, #TOC td { text-align:left; font-size: 1.2em;center; padding:0 .83em;.7em; border-collapse: collapse; } #TOC th { vertical-align: middle; font-size: 1.1em; font-weight: bold; background: #fffae0; } #TOC td { vertical-align: top; } #TOC ul { padding-top: .5em; margin:.5em 1.5% 1em;0; }div.toc#TOC ul li { padding-bottom: .5em; margin: 0; list-style: none;margin-bottom: 1em;}div.toc#TOC ol {margin-top: 1em;text-align: left; margin: 0; } #TOC ol li { margin: .5em 5%; } #TOC a, #TOC a:visited, #skiplinks a, #skiplinks a:visited { color: #004caa; text-decoration: none; } #TOC a { text-decoration: none; } #TOC a:hover { text-decoration: underline; } --> </style> <style type="text/css" media="print,screen"> .reduced-width { width: 55em; }--></style></style> <!--#include virtual="/server/banner.html" --> <div class="reduced-width"> <h2>Proprietary Software Is Often Malware</h2> <div id="skiplinks"> <p class="button"><a href="#TOC">Table of contents</a></p> <p class="button"><a href="#latest">Latest additions</a></p> </div> <div style="clear: both"></div> <div id="about-section"> <p>Proprietary software, also called nonfree software, means software that doesn't <a href="/philosophy/free-sw.html">respect users' freedom and community</a>. A proprietary program puts its developer or owner <a href="/philosophy/free-software-even-more-important.html"> in a position of power over its users.</a> This power is in itself an injustice.</p> <p>The point of thispagedirectory is to show by examples that the initial injustice of proprietary software often leads to further injustices: malicious functionalities.</p> <p>Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Softwarewhose functioningdesigned to function in a way that mistreats the user is called <em>malware</em>.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate.</p> <p>Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically an opportunity to be tricked, harmed, bullied or swindled.</p> <p>Online services are not released software, but in regard to all the bad aspects, using awayservice is equivalent to using a copy of released software. In particular, a service can behad.</p>designed to mistreat the user, and many services do that. However, we do not list instances of malicious dis-services here, for two reasons. First, a service (whether malicious or not) is not a program that one could install a copy of, and there is no way at all for users to change it. Second, it is so obvious that a service can mistreat users if the owner wishes that we hardly need to prove it.</p> <p>However, most online services require the user to run a nonfree app. The app <em>is</em> released software, so we do list malicious functionalities of these apps. Mistreatment by the service itself is imposed by use of the app, so sometimes we mention those mistreatments too—but we try to state explicitly what is done by the app and what is done by the dis-service.</p> <p>When a web site provides access to a service, it very likely sends nonfree JavaScript software to execute in the user's browser. Such JavaScript code is released software, and it's morally equivalent to other nonfree apps. If it does malicious things, we want to mention them here.</p> <p>When talking about mobile phones, we do list <a href="/proprietary/malware-mobiles.html#phone-communications">one other malicious characteristic, location tracking</a> which is caused by the underlying radio system rather than by the specific software in them.</p> </div> <p>As ofApril, 2017,December 2023, thefilespages in this directory list around300600 instances of maliciousfunctionalities,functionalities (with more than 710 references to back them up), but there are surely thousands more we don't know about.</p><div class="toc"> <div class="companies"> <h3>Company<p>Ideally we would list every instance. If you come across an instance which we do not list, please write to webmasters@gnu.org to tell us about it. Please include a reference to a reputable article that describes the malicious behavior clearly; we won't list an item without documentation to point to.</p> <p>If you want to be notified when we add new items ortype of product</h3> <ul>make other changes, subscribe to the <a href="https://lists.gnu.org/mailman/listinfo/www-malware-commits">mailing list <www-malware-commits@gnu.org></a>.</p> <table id="TOC"> <tr> <th>Injustices or techniques</th> <th>Products or companies</th> </tr> <tr> <td> <ul class="columns"> <li><ahref="/proprietary/malware-apple.html">Apple Malware</a></li>href="/proprietary/proprietary-addictions.html">Addictions</a></li> <li><ahref="/proprietary/malware-microsoft.html">Microsoft Malware</a></li>href="/proprietary/proprietary-back-doors.html">Back doors</a> (<a href="#f1">1</a>)</li> <li><ahref="/proprietary/malware-google.html">Google Malware</a></li>href="/proprietary/proprietary-censorship.html">Censorship</a></li> <li><ahref="/proprietary/malware-adobe.html">Adobe Malware</a></li>href="/proprietary/proprietary-coercion.html">Coercion</a></li> <li><ahref="/proprietary/malware-amazon.html">Amazon Malware</a></li>href="/proprietary/proprietary-coverups.html">Coverups</a></li> <li><ahref="/proprietary/malware-webpages.html">Malware in webpages</a></li>href="/proprietary/proprietary-deception.html">Deception</a></li> <li><ahref="/proprietary/malware-mobiles.html">Malware in mobile devices</a></li>href="/proprietary/proprietary-drm.html">DRM</a> (<a href="#f2">2</a>)</li> <li><ahref="/proprietary/malware-games.html">Malware in games</a></li>href="/proprietary/proprietary-fraud.html">Fraud</a></li> <li><ahref="/proprietary/malware-appliances.html">Malware in appliances</a></li>href="/proprietary/proprietary-incompatibility.html">Incompatibility</a></li> <li><ahref="/proprietary/malware-cars.html">Malware in cars</a></li>href="/proprietary/proprietary-insecurity.html">Insecurity</a></li> <li><a href="/proprietary/proprietary-interference.html">Interference</a></li> <li><a href="/proprietary/proprietary-jails.html">Jails</a> (<a href="#f3">3</a>)</li> <li><a href="/proprietary/proprietary-manipulation.html">Manipulation</a></li> <li><a href="/proprietary/proprietary-obsolescence.html">Obsolescence</a></li> <li><a href="/proprietary/proprietary-sabotage.html">Sabotage</a></li> <li><a href="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li> <li><a href="/proprietary/proprietary-surveillance.html">Surveillance</a></li> <li><a href="/proprietary/proprietary-tethers.html">Tethers</a> (<a href="#f4">4</a>)</li> <li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a> (<a href="#f5">5</a>)</li> <li><a href="/proprietary/potential-malware.html">In the pipe</a></li> </ul></div> <div class="malfunctions"> <h3>Type of malware</h3></td> <td> <ul> <li><ahref="/proprietary/proprietary-back-doors.html">Back doors</a></li>href="/proprietary/malware-appliances.html">Appliances</a></li> <li><ahref="/proprietary/proprietary-censorship.html">Censorship</a></li>href="/proprietary/malware-cars.html">Cars</a></li> <li><ahref="/proprietary/proprietary-coverups.html">Coverups</a></li>href="/proprietary/malware-in-online-conferencing.html">Conferencing</a></li> <li><ahref="/proprietary/proprietary-deception.html">Deception</a></li>href="/proprietary/malware-edtech.html">EdTech</a></li> <li><ahref="/proprietary/proprietary-insecurity.html">Insecurity</a></li>href="/proprietary/malware-games.html">Games</a></li> <li><ahref="/proprietary/proprietary-sabotage.html">Sabotage</a></li>href="/proprietary/malware-mobiles.html">Mobiles</a></li> <li><ahref="/proprietary/proprietary-interference.html">Interference</a></li>href="/proprietary/malware-webpages.html">Webpages</a></li> </ul> <ul> <li><ahref="/proprietary/proprietary-surveillance.html">Surveillance</a></li>href="/proprietary/malware-adobe.html">Adobe</a></li> <li><ahref="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li>href="/proprietary/malware-amazon.html">Amazon</a></li> <li><ahref="/proprietary/proprietary-tethers.html">Tethers</a> to servers</li>href="/proprietary/malware-apple.html">Apple</a></li> <li><a href="/proprietary/malware-google.html">Google</a></li> <li><ahref="/proprietary/proprietary-drm.html">Digitalhref="/proprietary/malware-microsoft.html">Microsoft</a></li> </ul> </td> </tr> <tr> <td colspan="2"> <ol> <li id="f1"><em>Back door:</em> any feature of a program that enables someone who is not supposed to be in control of the computer where it is installed to send it commands.</li> <li id="f2"><em>Digital restrictionsmanagement</a>management, or“DRM” means“DRM”:</em> functionalities designed to restrict what users can do with the data in their computers.</li><li><a href="/proprietary/proprietary-jails.html">Jails</a>—systems<li id="f3"><em>Jail:</em> system thatimposeimposes censorship on application programs.</li><li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a>—systems<li id="f4"><em>Tether:</em> functionality that requires permanent (or very frequent) connection to a server.</li> <li id="f5"><em>Tyrant:</em> system thatrejectrejects any operating system not “authorized” by the manufacturer.</li><li><a href="/proprietary/potential-malware.html">Potential Malware</a></li> </ul> </div> </div></ol> </td> </tr> </table> <p>Users of proprietary software are defenseless against these forms of mistreatment. The way to avoid them is by insisting on <a href="/philosophy/free-software-even-more-important.html">free (freedom-respecting)software.</a>software</a>. Since free software is controlled by its users, they have a pretty good defense against malicious software functionality.</p> <h3 id="latest">Latest additions</h3> <p style="margin-bottom: .5em"> <!--#set var="DATE" value='<small class="date-tag">2024-01</small>' --><!--#echo encoding="none" var="DATE" --></p> <p id="uhd" class="important" style="margin-top: 0"> <strong><a href="/proprietary/articles/uhd-bluray-denies-your-freedom.html"> UHD Blu-ray denies your freedom</a> — The anatomy of an Authoritarian Subjugation System</strong></p> <p style="margin-bottom: .5em"> <!--#set var="DATE" value='<small class="date-tag">2022-07</small>' --><!--#echo encoding="none" var="DATE" --></p> <p id="uefi-rootkit" class="important" style="margin-top: 0"> <strong><a href="/proprietary/proprietary-insecurity.html#uefi-rootkit"> UEFI makes computers vulnerable to advanced persistent threats that are almost impossible to detect once installed...</a></strong></p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. --> <li id="M202405240"> <!--#set var="DATE" value='<small class="date-tag">2024-05</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://arstechnica.com/gadgets/2024/05/pleas-for-open-sourcing-refunds-as-spotify-plans-to-brick-car-thing-devices/">Spotify sold a music streaming device but they no longer support it</a>. Due to its proprietary nature, it can no longer be updated or even used. Users requested Spotify to make the software that runs on the device libre, and Spotify refused, so these devices are now e-waste. Spotify is now offering refunds to save the purchasers from losing money on these products, but this wouldn't prevent the products from being e-waste, and wouldn't save users from being jerked around by Spotify. This is an example of how software that is not free controls the user instead of the user controlling the software. It is also an important lesson for us to insist the software in a device be libre before we buy it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. --> <li id="M202403150"> <!--#set var="DATE" value='<small class="date-tag">2024-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theverge.com/2024/3/15/24101887/microsoft-bing-popups-windows-11-google-chrome"> Microsoft is using malware tactics to get users to switch to their web browser</a>, Microsoft Edge, and their search engine, Microsoft Bing. When users launch the Google Chrome browser Microsoft injects a pop up advertisement in the corner of the screen advising users to switch to Bing. Microsoft also imported users Chrome browsing data without their knowledge or consent.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. --> <li id="M202403110"> <!--#set var="DATE" value='<small class="date-tag">2024-03</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20240311120515/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html"> GM is spying on drivers</a> who own or rent their cars, and give away detailed driving data to insurance companies through data brokers. These companies then analyze the data, and hike up insurance prices if they think the data denotes “risky driving.” For the car to make this data available to anyone but the owner or renter of the car should be a crime. If the car is owned by a rental company, that company should not have access to it either.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. --> <li id="M202312230"> <!--#set var="DATE" value='<small class="date-tag">2023-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Surveillance cameras put in by government A to surveil for it may be surveilling for government B as well. That's because A put in a product <a href="https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html"> made by B with nonfree software</a>.</p> <p><small>(Please note that this article misuses the word “<a href="/philosophy/words-to-avoid.html#Hacker">hack</a>” to mean “break security.”)</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. --> <li id="M202311101"> <!--#set var="DATE" value='<small class="date-tag">2023-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, <a href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification"> forcing them to give the reason why they were closing it</a>. This prompt was removed after public pressure.</p> <p>This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!</p> </li> </ul> <p class="button right-align"> <a href="/proprietary/all.html">More items…</a></p> </div> </div><!-- for id="content", starts in the include above --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright ©2013, 2014, 2015, 2016, 2017, 20182013-2024 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license"href="http://creativecommons.org/licenses/by-nd/4.0/">Creativehref="http://creativecommons.org/licenses/by/4.0/">Creative CommonsAttribution-NoDerivativesAttribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2024/07/31 08:34:46 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>