<!--#include virtual="/server/html5-header.html" -->
<!-- Parent-Version: 1.96 -->
<!-- This page is derived from /server/standards/boilerplate.html -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Software
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/proprietary.translist" -->
<style type="text/css" media="print,screen">
<!--
#skiplinks .button { float: left; margin: .5em; }
#skiplinks .button a { display: inline-block; }
#about-section { font-size: 1.1em; 1.06em; font-style: italic; margin: 2em 0; }
table#TOC {
display: block;
max-width: 100%; width: max-content;
overflow: auto;
border: .2em solid #e0dfda;
margin: 2.5em auto;
}
#TOC th, #TOC td {
text-align: center;
padding: .7em;
border-collapse: collapse;
}
#TOC th {
vertical-align: middle;
font-size: 1.1em;
font-weight: bold;
background: #fffae0;
}
#TOC td {
vertical-align: top;
}
#TOC ul { padding-top: .5em; margin: 0; }
#TOC ul li { padding-bottom: .5em; margin: 0; list-style: none; }
#TOC ol { text-align: left; margin: 0; }
#TOC ol li { margin: .5em 5%; }
#TOC a, #TOC a:visited,
#skiplinks a, #skiplinks a:visited {
color: #004caa;
text-decoration: none;
}
#TOC a { text-decoration: none; }
#TOC a:hover { text-decoration: underline; }
-->
</style>
<style type="text/css" media="print,screen">
.reduced-width { width: 55em; }
</style>
<!--#include virtual="/server/banner.html" -->
<div class="reduced-width">
<h2>Proprietary Software Is Often Malware</h2>
<div id="skiplinks">
<p class="button"><a href="#TOC">Table of contents</a></p>
<p class="button"><a href="#latest">Latest additions</a></p>
</div>
<div style="clear: both"></div>
<div id="about-section">
<p>Proprietary software, also called nonfree software,
means software that doesn't
<a href="/philosophy/free-sw.html">respect users' freedom and
community</a>. A proprietary program puts its developer or owner
<a href="/philosophy/free-software-even-more-important.html">
in a position of power over its users.</a>
This power is in itself an injustice.</p>
<p>The point of this directory is to show by examples that the initial
injustice of proprietary software often leads to further injustices:
malicious functionalities.</p>
<p>Power corrupts; the proprietary program's developer is tempted to
design the program to mistreat its users. (Software designed to
function in a way that mistreats the user is called <em>malware</em>.)
Of course, the developer usually does not do this out of malice, but
rather to profit more at the users' expense. That does not make it
any less nasty or more legitimate.</p>
<p>Yielding to that temptation has become ever more frequent; nowadays
it is standard practice. Modern proprietary software is typically
an opportunity to be tricked, harmed, bullied or swindled.</p>
<p>Online services are not released software, but in regard to all the
bad aspects, using a service is equivalent to using a copy of released
software. In particular, a service can be designed to mistreat the
user, and many services do that. However, we do not list instances of
malicious dis-services here, for two reasons. First, a service
(whether malicious or not) is not a program that one could install a
copy of, and there is no way at all for users to change it. Second,
it is so obvious that a service can mistreat users if the owner wishes
that we hardly need to prove it.</p>
<p>However, most online services require the user to run a nonfree
app. The app <em>is</em> released software, so we do list malicious
functionalities of these apps. Mistreatment by the service itself is
imposed by use of the app, so sometimes we mention those mistreatments
too—but we try to state explicitly what is done by the app and
what is done by the dis-service.</p>
<p>When a web site provides access to a service, it very likely sends
nonfree JavaScript software to execute in the user's browser. Such
JavaScript code is released software, and it's morally equivalent to
other nonfree apps. If it does malicious things, we want to mention
them here.</p>
<p>When talking about mobile phones, we do
list <a href="/proprietary/malware-mobiles.html#phone-communications">one
other malicious characteristic, location tracking</a> which is caused
by the underlying radio system rather than by the specific software in
them.</p>
</div>
<p>As of December 2023, May 2025, the pages in this directory list around 600 650
instances of malicious functionalities (with more than 710 760 references to
back them up), but there are surely thousands more we don't know about.</p>
<p>Ideally we would list every instance. If you come across an
instance which we do not list, please write to webmasters@gnu.org to
tell us about it. Please include a reference to a reputable article
that describes the malicious behavior clearly; we won't list an item
without documentation to point to.</p>
<p>If you want to be notified when we add new items or make other changes,
subscribe to the <a
href="https://lists.gnu.org/mailman/listinfo/www-malware-commits">mailing list
<www-malware-commits@gnu.org></a>.</p>
<table id="TOC">
<tr>
<th>Injustices or techniques</th>
<th>Products or companies</th>
</tr>
<tr>
<td>
<ul class="columns">
<li><a href="/proprietary/proprietary-addictions.html">Addictions</a></li>
<li><a href="/proprietary/proprietary-back-doors.html">Back doors</a> (<a href="#f1">1</a>)</li>
<li><a href="/proprietary/proprietary-censorship.html">Censorship</a></li>
<li><a href="/proprietary/proprietary-coercion.html">Coercion</a></li>
<li><a href="/proprietary/proprietary-coverups.html">Coverups</a></li>
<li><a href="/proprietary/proprietary-deception.html">Deception</a></li>
<li><a href="/proprietary/proprietary-drm.html">DRM</a> (<a href="#f2">2</a>)</li>
<li><a href="/proprietary/proprietary-fraud.html">Fraud</a></li>
<li><a href="/proprietary/proprietary-incompatibility.html">Incompatibility</a></li>
<li><a href="/proprietary/proprietary-insecurity.html">Insecurity</a></li>
<li><a href="/proprietary/proprietary-interference.html">Interference</a></li>
<li><a href="/proprietary/proprietary-jails.html">Jails</a> (<a href="#f3">3</a>)</li>
<li><a href="/proprietary/proprietary-manipulation.html">Manipulation</a></li>
<li><a href="/proprietary/proprietary-obsolescence.html">Obsolescence</a></li>
<li><a href="/proprietary/proprietary-sabotage.html">Sabotage</a></li>
<li><a href="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li>
<li><a href="/proprietary/proprietary-surveillance.html">Surveillance</a></li>
<li><a href="/proprietary/proprietary-tethers.html">Tethers</a> (<a href="#f4">4</a>)</li>
<li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a> (<a href="#f5">5</a>)</li>
<li><a href="/proprietary/potential-malware.html">In the pipe</a></li>
</ul>
</td>
<td>
<ul>
<li><a href="/proprietary/malware-appliances.html">Appliances</a></li>
<li><a href="/proprietary/malware-cars.html">Cars</a></li>
<li><a href="/proprietary/malware-in-online-conferencing.html">Conferencing</a></li>
<li><a href="/proprietary/malware-edtech.html">EdTech</a></li>
<li><a href="/proprietary/malware-games.html">Games</a></li>
<li><a href="/proprietary/malware-mobiles.html">Mobiles</a></li>
<li><a href="/proprietary/malware-webpages.html">Webpages</a></li>
</ul>
<ul>
<li><a href="/proprietary/malware-adobe.html">Adobe</a></li>
<li><a href="/proprietary/malware-amazon.html">Amazon</a></li>
<li><a href="/proprietary/malware-apple.html">Apple</a></li>
<li><a href="/proprietary/malware-google.html">Google</a></li>
<li><a href="/proprietary/malware-microsoft.html">Microsoft</a></li>
</ul>
</td>
</tr>
<tr>
<td colspan="2">
<ol>
<li id="f1"><em>Back door:</em> any feature of a program
that enables someone who is not supposed to be in control of the
computer where it is installed to send it commands.</li>
<li id="f2"><em>Digital restrictions management, or
“DRM”:</em> functionalities designed to restrict
what users can do with the data in their computers.</li>
<li id="f3"><em>Jail:</em> system that imposes censorship on
application programs.</li>
<li id="f4"><em>Tether:</em> functionality that requires
permanent (or very frequent) connection to a server.</li>
<li id="f5"><em>Tyrant:</em> system that rejects any operating
system not “authorized” by the manufacturer.</li>
</ol>
</td>
</tr>
</table>
<p>Users of proprietary software are defenseless against these forms
of mistreatment. The way to avoid them is by insisting on
<a href="/philosophy/free-software-even-more-important.html">free
(freedom-respecting) software</a>. Since free software is controlled
by its users, they have a pretty good defense against malicious
software functionality.</p>
<h3 id="latest">Latest additions</h3>
<p style="margin-bottom: .5em">
<!--#set var="DATE" value='<small class="date-tag">2024-01</small>'
--><!--#echo encoding="none" var="DATE" --></p>
<p id="uhd" class="important" style="margin-top: 0">
<strong><a href="/proprietary/articles/uhd-bluray-denies-your-freedom.html">
UHD Blu-ray denies your freedom</a> — The anatomy of an Authoritarian
Subjugation System</strong></p>
<p style="margin-bottom: .5em">
<!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
--><!--#echo encoding="none" var="DATE" --></p>
<p id="uefi-rootkit" class="important" style="margin-top: 0">
<strong><a href="/proprietary/proprietary-insecurity.html#uefi-rootkit">
UEFI makes computers vulnerable to advanced persistent threats that are almost impossible
to detect once installed...</a></strong></p>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202405240"> id="M202505101">
<!--#set var="DATE" value='<small class="date-tag">2024-05</small>' class="date-tag">2025-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://arstechnica.com/gadgets/2024/05/pleas-for-open-sourcing-refunds-as-spotify-plans-to-brick-car-thing-devices/">Spotify
sold a music streaming device but they no longer support it</a>. Due to
its proprietary nature, it can no longer be updated or even used. Users
requested Spotify to make the software that runs on the device libre,
and Spotify refused, so these devices are now e-waste. Spotify is
now offering refunds to save the purchasers from
losing money on these products, but this wouldn't prevent the products
from being e-waste, and wouldn't save
<p>With Windows 10 soon reaching
obsolescence, users from being jerked around by
Spotify. This is an example of how software that whose computer is not free controls
the user instead of the user controlling the software. It is also an
important lesson modern enough are <a
href="https://www.zdnet.com/article/cant-upgrade-your-windows-10-pc-here-are-you-options-before-it-all-ends-in-5-months/">
facing unjust choices</a>, such as paying for us updates or buying
a new computer. But their best option is to insist the software in replace Windows with
a device be libre
before we buy it.</p> <a href="/distros/free-distros.html">free operating system</a>,
and enjoy the freedom and justice it brings them.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202403150"> id="M202505190">
<!--#set var="DATE" value='<small class="date-tag">2024-03</small>' class="date-tag">2025-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://www.theverge.com/2024/3/15/24101887/microsoft-bing-popups-windows-11-google-chrome">
Microsoft is using malware tactics to get users
<p>Microsoft Teams has been <a
href="https://www.theguardian.com/australia-news/2025/may/19/nsw-education-department-caught-unaware-after-microsoft-teams-began-collecting-students-biometric-data">
collecting voice and face data</a>
from students of an Australian school, to switch feed the CoPilot
chatbot. It took the school network administrators a
whole month to
their web browser</a>, Microsoft Edge, realize what was happening, and disable this
malfeature. It was obviously beyond their search engine, imagination that
Microsoft
Bing. When users launch could have <a
href="https://learn.microsoft.com/microsoftteams/rooms/voice-and-face-recognition#admin-settings">
made biometric data collection the Google Chrome browser Microsoft injects
a pop up advertisement default</a> in Teams!</p>
<p>Let's hope legislators and regulatory agencies all over the corner of the screen advising users world
will quickly put a stop to
switch this sort of outrageous practice.</p>
<p>In any case people would be better off switching to Bing. Microsoft also imported a free-software
replacement such as Jitsi Meet for medium-size groups, or Big Blue
Button for larger ones. Many public instances are available, and
groups of users Chrome browsing data
without can also set up their knowledge or consent.</p> own servers.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202403110"> id="M202505100">
<!--#set var="DATE" value='<small class="date-tag">2024-03</small>' class="date-tag">2025-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://web.archive.org/web/20240311120515/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html">
GM is spying on drivers</a> who own or rent their cars, and give
away detailed driving data
<p>Nintendo has been known to insurance companies through data
brokers. These companies then analyze the data, and hike up insurance
prices if they think the data denotes “risky driving.”
For <a
href="/proprietary/malware-games.html#M201410130">remotely brick
the car to make this data available Wii</a> until users consented to anyone but new, more restrictive legal
terms. This company is now pushing tyranny even further: in the owner or
renter
2025 update of the car should its User Account Agreement, it warns that <a
href="https://www.eurogamer.net/nintendo-reserves-the-right-to-brick-your-console-following-unauthorised-use-in-bid-to-prevent-piracy">
Switch consoles may be a crime. If the car <em>permanently</em> bricked if they are
not used as authorized</a>.</p>
<p>In addition, Nintendo can record audio and video chats for
moderation purposes. User's consent is owned by a rental
company, required, but there is no
guarantee that company should the recordings will not have access be sent to it either.</p> third parties.
In short, there is no privacy in these chats.</p>
<p>If you ever consider buying a Switch, think twice, because you
will not own it. Nintendo will.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202312230"> id="M202412120">
<!--#set var="DATE" value='<small class="date-tag">2023-12</small>' class="date-tag">2024-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Surveillance cameras put in by government
A to surveil for it may be surveilling for
government B as well. That's because A put in
<p>BeReal, a product nonfree social media app, pressures users into <a
href="https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html">
made
href="https://noyb.eu/en/bereal-app-wont-take-no-answer"> giving their
consent to tracking by B with nonfree software</a>.</p>
<p><small>(Please note that this article misuses the word “<a
href="/philosophy/words-to-avoid.html#Hacker">hack</a>” to
mean “break security.”)</small></p> means of dark patterns and harrassment</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202311101"> id="M202503140">
<!--#set var="DATE" value='<small class="date-tag">2023-11</small>' class="date-tag">2025-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft
<p>Amazon has been annoying people who wanted to
close the proprietary program OneDrive on their computers, <a
href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification">
forcing them to give the reason why they were closing it</a>. This
prompt was
href="https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/">
removed after public pressure.</p>
<p>This is a reminder the “Do Not Send Voice Recordings” option from
Echo devices</a>, including from devices that angry support local processing
of these recordings. All private conversations are now used to train
Alexa's “artificial intelligence.” Moreover, if users still have the power
choose not to make
developers save recordings, they will lose some advanced functions
of proprietary Alexa that they paid for.</p>
<p>This wouldn't happen if software remove small annoyances. Don't
count on public outcry in the Echo were free. Users would
be able to make them remove more profitable malware,
though. Run away from proprietary software!</p> restore the “Do Not Send Voice Recordings”
option.</p>
</li>
</ul>
<p class="button right-align">
<a href="/proprietary/all.html">More items…</a></p>
</div>
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2013-2024 2013-2025 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025/05/30 16:03:53 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>