Proprietary Software - GNU Project - Free Software Foundation

Proprietary Software Is Often Malware

Proprietary software, also called nonfree software, means software that doesn't respect users' freedom and community. A proprietary program puts its developer or owner in a position of power over its users. This power is in itself an injustice.

The point of this directory is to show by examples that the initial injustice of proprietary software often leads to further injustices: malicious functionalities.

Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Software designed to function in a way that mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate.

Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically an opportunity to be tricked, harmed, bullied or swindled.

Online services are not released software, but in regard to all the bad aspects, using a service is equivalent to using a copy of released software. In particular, a service can be designed to mistreat the user, and many services do that. However, we do not list instances of malicious dis-services here, for two reasons. First, a service (whether malicious or not) is not a program that one could install a copy of, and there is no way at all for users to change it. Second, it is so obvious that a service can mistreat users if the owner wishes that we hardly need to prove it.

However, most online services require the user to run a nonfree app. The app is released software, so we do list malicious functionalities of these apps. Mistreatment by the service itself is imposed by use of the app, so sometimes we mention those mistreatments too—but we try to state explicitly what is done by the app and what is done by the dis-service.

When a web site provides access to a service, it very likely sends nonfree JavaScript software to execute in the user's browser. Such JavaScript code is released software, and it's morally equivalent to other nonfree apps. If it does malicious things, we want to mention them here.

When talking about mobile phones, we do list one other malicious characteristic, location tracking which is caused by the underlying radio system rather than by the specific software in them.

As of March 2025, the pages in this directory list around 600 instances of malicious functionalities (with more than 750 references to back them up), but there are surely thousands more we don't know about.

Ideally we would list every instance. If you come across an instance which we do not list, please write to webmasters@gnu.org to tell us about it. Please include a reference to a reputable article that describes the malicious behavior clearly; we won't list an item without documentation to point to.

If you want to be notified when we add new items or make other changes, subscribe to the mailing list <www-malware-commits@gnu.org>.

Injustices or techniques	Products or companies
Addictions Back doors (1) Censorship Coercion Coverups Deception DRM (2) Fraud Incompatibility Insecurity Interference Jails (3) Manipulation Obsolescence Sabotage Subscriptions Surveillance Tethers (4) Tyrants (5) In the pipe	Appliances Cars Conferencing EdTech Games Mobiles Webpages Adobe Amazon Apple Google Microsoft
Back door: any feature of a program that enables someone who is not supposed to be in control of the computer where it is installed to send it commands. Digital restrictions management, or “DRM”: functionalities designed to restrict what users can do with the data in their computers. Jail: system that imposes censorship on application programs. Tether: functionality that requires permanent (or very frequent) connection to a server. Tyrant: system that rejects any operating system not “authorized” by the manufacturer.

Injustices or techniques

Products or companies

Back door: any feature of a program that enables someone who is not supposed to be in control of the computer where it is installed to send it commands.
Digital restrictions management, or “DRM”: functionalities designed to restrict what users can do with the data in their computers.
Jail: system that imposes censorship on application programs.
Tether: functionality that requires permanent (or very frequent) connection to a server.
Tyrant: system that rejects any operating system not “authorized” by the manufacturer.

Users of proprietary software are defenseless against these forms of mistreatment. The way to avoid them is by insisting on free (freedom-respecting) software. Since free software is controlled by its users, they have a pretty good defense against malicious software functionality.

Latest additions

2024-08
A critical vulnerability in Windows systems that support IPv6 was discovered in 2024, 16 years after the first affected system was released. Unless the relevant patch is applied, an attacker can remotely execute arbitrary code on these systems. Microsoft considers exploits “likely.”

The same sort of vulnerability in a free/libre operating system would probably be discovered sooner, since many more people would be able to look at the source code.
2024-11
The Pixel 9 “smart”phone frequently updates Google servers with its location and current configuration along with personally identifiable data, raising concerns about user privacy. Moreover, it communicates with services that are not in use, and periodically attempts to download experimental, possibly insecure software. The system does not inform the user that it is doing all this.

There is hope, however: it is possible to replace the original Android operating system with a deGoogled version in Pixel phones up to 8a, and in phones from many other brands. No doubt that the Pixel 9 will be supported soon.
2023-12
Bungie's Destiny 2 is plagued with two major flaws:
- Like all proprietary tethered games, it can't be played when the company's servers are offline.
- Ever since Bungie chose BattlEye as an anti-cheat program, Destiny 2 has been incompatible with GNU/Linux [this page can't be viewed without JavaScript]. Bungie forces Steam Deck users to replace SteamOS with Windows, or play from Edge browser. This doesn't have to be so, as several other games that use BattlEye do support GNU/Linux systems. Rather than doing the necessary adjustments, Bungie forces users to run nonfree software in order to keep an absolute control over them.
2018-01
Google's ad platform enabled advertisers to run cryptocurrency miner code on the computers of YouTube users through proprietary JavaScript. Some people noticed this, and the outrage made Google remove the miners, but the number of affected users was probably very high.
2025-02
Microsoft is shutting down Skype on May 5th, 2025. As with other tethered proprietary programs, users have to rely on servers that are controlled by the developer. When these servers shut down, the service disappears. Instead of migrating to the service that Microsoft suggests as a replacement, Skype users should regain control of their communications by switching to one that is based on free software. Jitsi Meet, for example, is appropriate for small video meetings. Anyone can set up a Jitsi server and let other people use it, and indeed many of these are available around the world.

More items…