<!--#include virtual="/server/html5-header.html" -->
<!-- Parent-Version: 1.96 -->
<!-- This page is derived from /server/standards/boilerplate.html -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Software
- GNU Project - Free Software Foundation</title>
<!--#include virtual="/proprietary/po/proprietary.translist" -->
<style type="text/css" media="print,screen">
<!--
#skiplinks .button { float: left; margin: .5em; }
#skiplinks .button a { display: inline-block; }
#about-section { font-size: 1.1em; 1.06em; font-style: italic; margin: 2em 0; }
table#TOC {
display: block;
max-width: 100%; width: max-content;
overflow: auto;
border: .2em solid #e0dfda;
margin: 2.5em auto;
}
#TOC th, #TOC td {
text-align: center;
padding: .7em;
border-collapse: collapse;
}
#TOC th {
vertical-align: middle;
font-size: 1.1em;
font-weight: bold;
background: #fffae0;
}
#TOC td {
vertical-align: top;
}
#TOC ul { padding-top: .5em; margin: 0; }
#TOC ul li { padding-bottom: .5em; margin: 0; list-style: none; }
#TOC ol { text-align: left; margin: 0; }
#TOC ol li { margin: .5em 5%; }
#TOC a, #TOC a:visited,
#skiplinks a, #skiplinks a:visited {
color: #004caa;
text-decoration: none;
}
#TOC a { text-decoration: none; }
#TOC a:hover { text-decoration: underline; }
-->
</style>
<style type="text/css" media="print,screen">
.reduced-width { width: 55em; }
</style>
<!--#include virtual="/server/banner.html" -->
<div class="reduced-width">
<h2>Proprietary Software Is Often Malware</h2>
<div id="skiplinks">
<p class="button"><a href="#TOC">Table of contents</a></p>
<p class="button"><a href="#latest">Latest additions</a></p>
</div>
<div style="clear: both"></div>
<div id="about-section">
<p>Proprietary software, also called nonfree software,
means software that doesn't
<a href="/philosophy/free-sw.html">respect users' freedom and
community</a>. A proprietary program puts its developer or owner
<a href="/philosophy/free-software-even-more-important.html">
in a position of power over its users.</a>
This power is in itself an injustice.</p>
<p>The point of this page directory is to show by examples that the initial
injustice of proprietary software often leads to further injustices:
malicious functionalities.</p>
<p>In this section, we also list <a
href="/proprietary/malware-mobiles.html#phone-communications">one
other malicious characteristic of mobile phones, location tracking</a>
which is caused by the underlying radio system rather than by the
specific software in them.</p>
<p>Power corrupts; the proprietary program's developer is tempted to
design the program to mistreat its users. (Software whose functioning designed to
function in a way that mistreats the user is called <em>malware</em>.)
Of course, the developer usually does not do this out of malice, but
rather to profit more at the users' expense. That does not make it
any less nasty or more legitimate.</p>
<p>Yielding to that temptation has become ever more frequent; nowadays
it is standard practice. Modern proprietary software is typically
an opportunity to be tricked, harmed, bullied or swindled.</p>
<p>Online services are not released software, but in regard to all the
bad aspects, using a way service is equivalent to using a copy of released
software. In particular, a service can be had.</p>
<hr class="thin" /> designed to mistreat the
user, and many services do that. However, we do not list instances of
malicious dis-services here, for two reasons. First, a service
(whether malicious or not) is not a program that one could install a
copy of, and there is no way at all for users to change it. Second,
it is so obvious that a service can mistreat users if the owner wishes
that we hardly need to prove it.</p>
<p>However, most online services require the user to run a nonfree
app. The app <em>is</em> released software, so we do list malicious
functionalities of these apps. Mistreatment by the service itself is
imposed by use of the app, so sometimes we mention those mistreatments
too—but we try to state explicitly what is done by the app and
what is done by the dis-service.</p>
<p>When a web site provides access to a service, it very likely sends
nonfree JavaScript software to execute in the user's browser. Such
JavaScript code is released software, and it's morally equivalent to
other nonfree apps. If it does malicious things, we want to mention
them here.</p>
<p>When talking about mobile phones, we do
list <a href="/proprietary/malware-mobiles.html#phone-communications">one
other malicious characteristic, location tracking</a> which is caused
by the underlying radio system rather than by the specific software in
them.</p>
</div>
<p>As of December, 2021, March 2025, the pages in this directory list around 550 650
instances of malicious functionalities (with more than 630 750 references to
back them up), but there are surely thousands more we don't know about.</p>
<p>Ideally we would list every instance. If you come across an
instance which we do not list, please write to webmasters@gnu.org to
tell us about it. Please include a reference to a reputable article
that describes the malicious behavior clearly; we won't list an item
without documentation to point to.</p>
<p>If you want to be notified when we add new items or make other changes,
subscribe to the <a
href="https://lists.gnu.org/mailman/listinfo/www-malware-commits">mailing list
<www-malware-commits@gnu.org></a>.</p>
<table id="TOC">
<tr>
<th>Injustices or techniques</th>
<th>Products or companies</th>
</tr>
<tr>
<td>
<ul class="columns">
<li><a href="/proprietary/proprietary-addictions.html">Addictions</a></li>
<li><a href="/proprietary/proprietary-back-doors.html">Back doors</a> (<a href="#f1">1</a>)</li>
<li><a href="/proprietary/proprietary-censorship.html">Censorship</a></li>
<li><a href="/proprietary/proprietary-coercion.html">Coercion</a></li>
<li><a href="/proprietary/proprietary-coverups.html">Coverups</a></li>
<li><a href="/proprietary/proprietary-deception.html">Deception</a></li>
<li><a href="/proprietary/proprietary-drm.html">DRM</a> (<a href="#f2">2</a>)</li>
<li><a href="/proprietary/proprietary-fraud.html">Fraud</a></li>
<li><a href="/proprietary/proprietary-incompatibility.html">Incompatibility</a></li>
<li><a href="/proprietary/proprietary-insecurity.html">Insecurity</a></li>
<li><a href="/proprietary/proprietary-interference.html">Interference</a></li>
<li><a href="/proprietary/proprietary-jails.html">Jails</a> (<a href="#f3">3</a>)</li>
<li><a href="/proprietary/proprietary-manipulation.html">Manipulation</a></li>
<li><a href="/proprietary/proprietary-obsolescence.html">Obsolescence</a></li>
<li><a href="/proprietary/proprietary-sabotage.html">Sabotage</a></li>
<li><a href="/proprietary/proprietary-subscriptions.html">Subscriptions</a></li>
<li><a href="/proprietary/proprietary-surveillance.html">Surveillance</a></li>
<li><a href="/proprietary/proprietary-tethers.html">Tethers</a> (<a href="#f4">4</a>)</li>
<li><a href="/proprietary/proprietary-tyrants.html">Tyrants</a> (<a href="#f5">5</a>)</li>
<li><a href="/proprietary/potential-malware.html">In the pipe</a></li>
</ul>
</td>
<td>
<ul>
<li><a href="/proprietary/malware-appliances.html">Appliances</a></li>
<li><a href="/proprietary/malware-cars.html">Cars</a></li>
<li><a href="/proprietary/malware-in-online-conferencing.html">Conferencing</a></li>
<li><a href="/proprietary/malware-edtech.html">Ed Tech</a></li> href="/proprietary/malware-edtech.html">EdTech</a></li>
<li><a href="/proprietary/malware-games.html">Games</a></li>
<li><a href="/proprietary/malware-mobiles.html">Mobiles</a></li>
<li><a href="/proprietary/malware-webpages.html">Webpages</a></li>
</ul>
<ul>
<li><a href="/proprietary/malware-adobe.html">Adobe</a></li>
<li><a href="/proprietary/malware-amazon.html">Amazon</a></li>
<li><a href="/proprietary/malware-apple.html">Apple</a></li>
<li><a href="/proprietary/malware-google.html">Google</a></li>
<li><a href="/proprietary/malware-microsoft.html">Microsoft</a></li>
</ul>
</td>
</tr>
<tr>
<td colspan="2">
<ol>
<li id="f1"><em>Back door:</em> any feature of a program
that enables someone who is not supposed to be in control of the
computer where it is installed to send it commands.</li>
<li id="f2"><em>Digital restrictions management, or
“DRM”:</em> functionalities designed to restrict
what users can do with the data in their computers.</li>
<li id="f3"><em>Jail:</em> system that imposes censorship on
application programs.</li>
<li id="f4"><em>Tether:</em> functionality that requires
permanent (or very frequent) connection to a server.</li>
<li id="f5"><em>Tyrant:</em> system that rejects any operating
system not “authorized” by the manufacturer.</li>
</ol>
</td>
</tr>
</table>
<p>Users of proprietary software are defenseless against these forms
of mistreatment. The way to avoid them is by insisting on
<a href="/philosophy/free-software-even-more-important.html">free
(freedom-respecting) software</a>. Since free software is controlled
by its users, they have a pretty good defense against malicious
software functionality.</p>
<h3 id="latest">Latest additions</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202111201"> id="M202407200">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>' class="date-tag">2024-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>NordicTrack, a
<p>The company that sells
exercise machines with ability to show videos making a “smart” bassinet called Snoo has <a
href="https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/">limits
what people can watch, and recently disabled
href="https://www.theverge.com/2024/7/20/24202166/snoo-premium-subscription-happiest-baby">
locked the most advanced functionalities of the Snoo behind a feature</a> that was
originally functional.
paywall</a>. This happened through automatic update and
probably involved unexpected change mainly affects users who received
the appliance as a universal back door.</p> gift, or bought it second-hand on the assumption
that all these functionalities would be available to them, as they
used to be. This is another example of the deceptive behavior of
proprietary software developers who take advantage of their power
over users to change rules at will.</p>
<p>Another malicious feature of the Snoo is the fact that users
need to create an account with the company, which thus has access
to personal data, location (SSID), appliance log, etc., as well as
manual notes about baby history.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202111200"> id="M201807110">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>' class="date-tag">2018-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Hundreds of Tesla drivers <a
href="https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises">were
locked out of their cars as
<p>Nintendo has devoted a result lot of Tesla's app suffering from an
outage</a>, which happened because the app is tethered effort to company's
servers.</p> <a
href="https://arstechnica.com/gaming/2018/07/nintendo-reportedly-rolling-out-new-more-hack-proof-switch-hardware/">
preventing users from installing third-party software on its Switch
consoles</a>. These are now full-blown jails.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202111110"> id="M202502210">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>' class="date-tag">2025-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some researchers at Google
<p>Apple <a href="https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users">found
a zero-day vulnerability on MacOS,
which crackers used to target people visiting the websites</a> of
a media outlet and a pro-democracy labor and political group
href="https://www.bleepingcomputer.com/news/security/apple-pulls-icloud-end-to-end-encryption-feature-in-the-uk/">
stopped offering iCloud end-to-end encryption in Hong
Kong.</p>
<p><small>Please note that the article wrongly refers UK</a>
after the UK government demanded <a
href="https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/">
worldwide access to crackers as “<a href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p> encrypted user data</a>. This is one more proof
that storing your own data “in the cloud” puts it at
risk.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202110250"> id="M202501170">
<!--#set var="DATE" value='<small class="date-tag">2021-10</small>' class="date-tag">2025-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Ed Tech companies use their surveillance power to
manipulate students, and direct them into tracks towards various
levels of knowledge, power and prestige. The article argues that
<p>Canon is <a
href="https://blogs.lse.ac.uk/medialse/2021/10/25/algorithmic-injustice-in-education-why-tech-companies-should-require-a-license-to-operate-in-childrens-education/">these
companies should obtain licenses to operate</a>. That wouldn't hurt,
but it doesn't address the root
href="https://arstechnica.com/gadgets/2025/01/canon-charges-50-per-year-to-use-a-900-camera-as-a-functional-webcam/">
preventing customers from using one of the problem. All data acquired
in its cameras as a school about any student, teacher, or employee must not leave webcam</a>
unless they create an account on the school, company's server, and must pay an
additional subscription. This unjust practice could be kept in computers that belong to eliminated if
the school
and run camera firmware were free (as in freedom) software. That way, the school district
and/or parents can control what is done with those data.</p> freedom).</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary.html. -->
<li id="M202111090"> id="M202408140">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>' class="date-tag">2024-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A building
<p><a
href="https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/">
A critical vulnerability in LA, with a supermarket Windows systems
that support IPv6</a> was discovered in it, 2024, <a
href="https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app">demands
customers load a particular app to pay for parking in
href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063">
16 years after the parking
lot</a>, and accept pervasive surveillance. They also have first affected system</a> was released. Unless
the
option relevant patch is applied, an attacker can remotely execute
arbitrary code on these systems. Microsoft considers exploits
“likely.”</p>
<p>The same sort of entering their license plate numbers vulnerability in a kiosk. That is
an injustice, too.</p> free/libre operating system
would probably be discovered sooner, since many more people would be
able to look at the source code.</p>
</li>
</ul>
<p class="button right-align">
<a href="/proprietary/all.html">More items…</a></p>
</div>
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2013-2021 2013-2025 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2025/04/03 11:14:14 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>