<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.84 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                  Please do not edit <ul class="blurbs">!
    Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
           See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Amazon's Software Is Malware
- GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
 <!--#include virtual="/proprietary/po/malware-amazon.translist" -->
<style type="text/css" media="print,screen"><!--
div.toc { width: 100%; padding: 1.3em 3%; }
div.toc h3 { display: inline; margin: 0 1.5%; }
div.toc ul { display: inline; margin: 0; }
div.toc li {
   display: inline;
   list-style: none;
   font-size: 1.3em;
   margin: 0 1.5%;
}
--></style>
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
 <img id="side-menu-icon" height="32"
      src="/graphics/icons/side-menu.png"
      title="Section contents"
      alt=" [Section contents] " />
</a>

<p class="breadcrumb">
 <a href="/"><img src="/graphics/icons/home.png" height="24"
    alt="GNU Home" title="GNU Home" /></a> /
 <a href="/proprietary/proprietary.html">Malware</a> /
 By company /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Amazon's Software Is Malware</h2>

<p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p>

<div class="highlight-para">
<p>
Malware and nonfree class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software are two different issues.  Malware means
the program is designed very often malware (designed to
mistreat or harm users when it runs.  The
difference between <a href="/philosophy/free-sw.html">free
software</a> and nonfree the user). Nonfree software is controlled by its developers,
which puts them in
<a href="/philosophy/free-software-even-more-important.html">
whether the users have control of the program or vice versa</a>.  It's
not directly a question position of what power over the program <em>does</em> when it
runs.  However, in practice nonfree software users; <a
href="/philosophy/free-software-even-more-important.html">that is often malware, because the developer's awareness
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users would be powerless they ought to fix any serve.</p>

<p>This typically takes the form of malicious functionalities tempts functionalities.</p>
<hr class="full-width" />
</div>

<div class="article">
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the developer URL of a trustworthy reference or two
to impose some.
</p> serve as specific substantiation.</p>
</div>

<div class="toc c">
  <h3>Type of product:</h3> id="TOC" class="toc-inline">
<ul>
    <li><a href="#swindle">Kindle Swindle</a></li>
    <li><a href="#echo">Echo</a></li>
  <li> <a href="#swindle">Kindle Swindle</a> </li>
  <li> <a href="#echo">Echo</a> </li>
  <li> <a href="#misc">Other products</a> </li>
</ul>
</div>

<h2 id="swindle">Malware in the Kindle Swindle</h2>

<div class="big-section">
  <h3 id="swindle">Kindle Swindle</h3>
</div>
<div style="clear: left;"></div>

<p>We refer to this product as the
<a href="/philosophy/why-call-it-the-swindle.html">Amazon Swindle</a>
because it has <a href="/proprietary/proprietary-drm.html">Digital restrictions
management (DRM)</a>  and <a href="/philosophy/ebooks.html">
other malicious functionalities</a>.</p>

<div class="summary" style="margin-top: 1em">
    <h3>Type of malware</h3>
    <ul>
      <li><a href="#back-doors">Back doors</a></li>
      <!--<li><a href="#censorship">Censorship</a></li>-->
      <!--<li><a href="#insecurity">Insecurity</a></li>-->
      <!--<li><a href="#sabotage">Sabotage</a></li>-->
      <!--<li><a href="#interference">Interference</a></li>-->
      <li><a href="#surveillance">Surveillance</a></li>
      <li><a href="#drm">Digital restrictions
	  management</a> or “DRM” means functionalities designed
	to restrict what users can do with

<h4 id="back-doors">Back Doors</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201503210">
    <!--#set var="DATE" value='<small class="date-tag">2015-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon <a
    href="https://www.techdirt.com/2015/03/24/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices/">
    downgraded the data software in their computers.</li>
      <!--<li><a href="#jails">Jails</a>—systems
	  that impose censorship on application programs.</li>-->
      <!--<li><a href="#tyrants">Tyrants</a>—systems users' Swindles</a> so that reject any operating system those already
    rooted would cease to function at all.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not “authorized” by the
	  manufacturer.</li>-->
    </ul>
</div>

<h3 id="back-doors">Amazon Kindle Swindle Back Doors</h3>
<ul>
  <li> edit in malware-amazon.html. -->
  <li id="M201210220.1">
    <!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon Kindle-Swindle has a back door that has been used to <a href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
    href="https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
    remotely erase books</a>.  One of the books erased was 1984,
    <cite>1984</cite>, by George Orwell.
    </p> Orwell.</p>

    <p>Amazon responded to criticism by saying it
    would delete books only following orders from the
    state.  However, that policy didn't last.  In 2012 it <a href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">wiped
    href="https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
    wiped a user's Kindle-Swindle and deleted her account</a>, then
    offered her kafkaesque “explanations.”</p>
  </li>
  
  <li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201207150">
    <!--#set var="DATE" value='<small class="date-tag">2012-07</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Kindle also has a <a href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
    href="https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090">
    universal back door</a>.</p>
    
    <p>Amazon
  </li>
</ul>


<h4 id="surveillance">Surveillance</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M202001290">
    <!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon Ring app does <a href="https://www.techdirt.com/articles/20150321/13350230396/while-bricking-jailbroken-fire-tvs-last-year-amazon-did-same-to-kindle-devices.shtml">
	downgraded the software
    href="https://www.theguardian.com/technology/2020/jan/29/ring-smart-doorbell-company-surveillance-eff-report">
    surveillance for other companies as well as for Amazon</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in users' Swindles</a> malware-amazon.html. -->
  <li id="M201902270">
    <!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Ring doorbell camera is designed so that those already rooted would cease the
    manufacturer (now Amazon) can watch all the time. Now it turns out
    that <a
    href="https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/">
    anyone else can also watch, and fake videos too</a>.</p>

    <p>The third party vulnerability is presumably
    unintentional and Amazon will probably fix it. However, we
    do not expect Amazon to function change the design that <a
    href="/proprietary/proprietary-surveillance.html#M201901100">allows
    Amazon to watch</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201901100">
    <!--#set var="DATE" value='<small class="date-tag">2019-01</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon Ring “security” devices <a
    href="https://www.engadget.com/2019-01-10-ring-gave-employees-access-customer-video-feeds.html">
    send the video they capture to Amazon servers</a>, which save it
    long-term.</p>

    <p>In many cases, the video shows everyone that comes near, or merely
    passes by, the user's front door.</p>

    <p>The article focuses on how Ring used to let individual employees look
    at all.</p></li>
</ul>

<h3 id="surveillance">Amazon Kindle Swindle Surveillance</h3>
<ul>
  <li><p>The the videos freely.  It appears Amazon has tried to prevent that
    secondary abuse, but the primary abuse—that Amazon gets the
    video—Amazon expects society to surrender to.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201411090">
    <!--#set var="DATE" value='<small class="date-tag">2014-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon “Smart” TV is <a
    href="https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance">
    snooping all the time</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201212030.1">
    <!--#set var="DATE" value='<small class="date-tag">2012-12</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Electronic Frontier Foundation has examined and found <a
    href="https://www.eff.org/pages/reader-privacy-chart-2012">various
    kinds of surveillance in the Swindle and other e-readers</a>.</p></li> e-readers</a>.</p>
  </li>
</ul>

<h3 id="drm">Amazon Kindle Swindle DRM</h3>
<ul>
  <li><p><a href="http://techin.oureverydaylife.com/kindle-drm-17841.html">


<h4 id="drm">DRM</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M202103100">
    <!--#set var="DATE" value='<small class="date-tag">2021-03</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon's monopoly and DRM is <a
    href="https://www.washingtonpost.com/technology/2021/03/10/amazon-library-ebook-monopoly/">stopping
    public libraries from lending e-books and
    audiobooks</a>. Amazon became powerful in e-book world by <a
    href="/philosophy/why-call-it-the-swindle.html">Swindle</a>,
    and is now misusing its power and violates people's rights using
    <a href="https://www.defectivebydesign.org">Digital Restrictions
    Management</a>.</p>

    <p>The article is written in a way that endorses DRM in general, which
    is unacceptable. <a href="/proprietary/proprietary-drm.html">DRM is
    an injustice to people</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201704130.1">
    <!--#set var="DATE" value='<small class="date-tag">2017-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p><a href="https://itstillworks.com/kindle-drm-17841.html">
    The Amazon Kindle has DRM</a>.  That article is flawed in that it
    fails to treat DRM as an ethical question; it takes for granted that
    whatever Amazon might do to its users is legitimate.  It refers to
    DRM as digital “rights” management, which is the spin
    term used to promote DRM.  Nonetheless it serves as a reference for
    the
      facts.</p></li> facts.</p>
  </li>
</ul>

<h2 id="echo">Malware


<div class="big-section">
  <h3 id="echo">Echo</h3>
</div>
<div style="clear: left;"></div>

<h4 id="echo-back-doors">Back Doors</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in the Echo</h2>

<h3>Amazon Echo Back Doors</h3>
<ul>
    <li><p>The malware-amazon.html. -->
  <li id="M201606060">
    <!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>The Amazon Echo appears to have a universal back door, since <a
    href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
    it installs “updates” automatically</a>.</p>

    <p>We have found nothing explicitly documenting the lack of any way
    to disable remote changes to the software, so we are not completely
    sure there isn't one, but it this seems pretty clear.</p>
  </li>
</ul>

</div><!--


<h4 id="echo-surveillance">Surveillance</h4>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201905061">
    <!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon Alexa collects a lot more information from users
    than is necessary for id="content", starts correct functioning (time, location,
    recordings made without a legitimate prompt), and sends
    it to Amazon's servers, which store it indefinitely. Even
    worse, Amazon forwards it to third-party companies. Thus,
    even if users request deletion of their data from Amazon's servers, <a
    href="https://web.archive.org/web/20190507014804/https://www.ctpost.com/business/article/Alexa-has-been-eavesdropping-on-you-this-whole-13822095.php">
    the data remain on other servers</a>, where they can be accessed by
    advertising companies and government agencies. In other words,
    deleting the collected information doesn't cancel the wrong of
    collecting it.</p>

    <p>Data collected by devices such as the Nest thermostat, the Philips
    Hue-connected lights, the Chamberlain MyQ garage opener and the Sonos
    speakers are likewise stored longer than necessary on the servers
    the devices are tethered to. Moreover, they are made available to
    Alexa. As a result, Amazon has a very precise picture of users' life
    at home, not only in the include above present, but in the past (and, who knows,
    in the future too?)</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201904240">
    <!--#set var="DATE" value='<small class="date-tag">2019-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Some of users' commands to the Alexa service are <a
    href="https://www.smh.com.au/technology/alexa-is-someone-else-listening-to-us-sometimes-someone-is-20190411-p51d4g.html">
    recorded for Amazon employees to listen to</a>. The Google and Apple
    voice assistants do similar things.</p>

    <p>A fraction of the Alexa service staff even has access to <a
    href="https://news.bloomberglaw.com/tech-and-telecom-law/amazons-alexa-reviewers-can-access-customers-home-addresses">
    location and other personal data</a>.</p>

    <p>Since the client program is nonfree, and data processing is done
    “<a href="/philosophy/words-to-avoid.html#CloudComputing">in
    the cloud</a>” (a soothing way of saying “We won't
    tell you how and where it's done”), users have no way
    to know what happens to the recordings unless human eavesdroppers <a
    href="https://web.archive.org/web/20240416214211/https://www.bnnbloomberg.ca/three-cheers-for-amazon-s-human-eavesdroppers-1.1243033">
    break their non-disclosure agreements</a>.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201808120">
    <!--#set var="DATE" value='<small class="date-tag">2018-08</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Crackers found a way to break the security of an Amazon device,
    and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html">
    turn it into a listening device</a> for them.</p>

    <p>It was very difficult for them to do this. The job would be much
    easier for Amazon. And if some government such as China or the US
    told Amazon to do this, or cease to sell the product in that country,
    do you think Amazon would have the moral fiber to say no?</p>

    <p><small>(These crackers are probably hackers too, but please <a
    href="https://stallman.org/articles/on-hacking.html"> don't use
    “hacking” to mean “breaking security”</a>.)</small></p>
  </li>
</ul>


<div class="big-section">
  <h3 id="misc">Other products</h3>
</div>
<div style="clear: left;"></div>

<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M202204040">
    <!--#set var="DATE" value='<small class="date-tag">2022-04</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>New Amazon worker chat app <a
    href="https://theintercept.com/2022/04/04/amazon-union-living-wage-restrooms-chat-app/">would
    ban specific words Amazon doesn't like</a>, such as
    “union”, “restrooms”, and “pay
    raise”. If the app was free, workers could modify the program
    so it acts as they wish, not how Amazon wants it.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201911190">
    <!--#set var="DATE" value='<small class="date-tag">2019-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Internet-tethered Amazon Ring had
    a security vulnerability that enabled attackers to <a
    href="https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password">
    access the user's wifi password</a>, and snoop on the household
    through connected surveillance devices.</p>

    <p>Knowledge of the wifi password would not be sufficient to carry
    out any significant surveillance if the devices implemented proper
    security, including encryption. But many devices with proprietary
    software lack this. Of course, they are also used by their
    manufacturers for snooping.</p>
  </li>

<!-- Copied from workshop/mal.rec. Do not edit in malware-amazon.html. -->
  <li id="M201711200">
    <!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
    --><!--#echo encoding="none" var="DATE" -->
    <p>Amazon recently invited consumers to be suckers and <a
    href="https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/">
    allow delivery staff to open their front doors</a>. Wouldn't you know
    it, the system has a grave security flaw.</p>
  </li>
</ul>
</div>

</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer"> id="footer" role="contentinfo">
<div class="unprintable">

<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF.  Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>

<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
        replace it with the translation of these two:

        We work hard and do our best to provide accurate, good quality
        translations.  However, we are not exempt from imperfection.
        Please send your comments and general suggestions in this regard
        to <a href="mailto:web-translators@gnu.org">
        <web-translators@gnu.org></a>.</p>

        <p>For information on coordinating and submitting contributing translations of
        our web pages, see <a
        href="/server/standards/README.translations.html">Translations
        README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and submitting contributing translations
of this article.</p>
</div>

<!-- Regarding copyright, in general, standalone pages (as opposed to
     files generated as part of manuals) on the GNU web server should
     be under CC BY-ND 4.0.  Please do NOT change or remove this
     without talking with the webmasters or licensing team first.
     Please make sure the copyright date is consistent with the
     document.  For web pages, it is ok to list just the latest year the
     document was modified, or published.

     If you wish to list earlier years, that is ok too.
     Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
     years, as long as each year in the range is in fact a copyrightable
     year, i.e., a year in which the document was published (including
     being publicly visible on the web or in a revision control system).

     There is more detail about copyright years in the GNU Maintainers
     Information document, www.gnu.org/prep/maintain. -->

<p>Copyright © 2014, 2015, 2016, 2017 2014-2024 Free Software Foundation, Inc.</p>

<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p>

<!--#include virtual="/server/bottom-notes.html" -->

<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024/10/05 16:35:16 $
<!-- timestamp end -->
</p>
</div>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>