Proprietary Software Is Often Malware

Proprietary software, also called nonfree software, means software that doesn't respect users' freedom and community. A proprietary program puts its developer or owner in a position of power over its users. This power is in itself an injustice.

The point of this directory is to show by examples that the initial injustice of proprietary software often leads to further injustices: malicious functionalities.

Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Software designed to function in a way that mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate.

Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically an opportunity to be tricked, harmed, bullied or swindled.

Online services are not released software, but in regard to all the bad aspects, using a service is equivalent to using a copy of released software. In particular, a service can be designed to mistreat the user, and many services do that. However, we do not list instances of malicious dis-services here, for two reasons. First, a service (whether malicious or not) is not a program that one could install a copy of, and there is no way at all for users to change it. Second, it is so obvious that a service can mistreat users if the owner wishes that we hardly need to prove it.

However, most online services require the user to run a nonfree app. The app is released software, so we do list malicious functionalities of these apps. Mistreatment by the service itself is imposed by use of the app, so sometimes we mention those mistreatments too—but we try to state explicitly what is done by the app and what is done by the dis-service.

When a web site provides access to a service, it very likely sends nonfree JavaScript software to execute in the user's browser. Such JavaScript code is released software, and it's morally equivalent to other nonfree apps. If it does malicious things, we want to mention them here.

When talking about mobile phones, we do list one other malicious characteristic, location tracking which is caused by the underlying radio system rather than by the specific software in them.

As of March 2025, the pages in this directory list around 600 instances of malicious functionalities (with more than 740 references to back them up), but there are surely thousands more we don't know about.

Ideally we would list every instance. If you come across an instance which we do not list, please write to webmasters@gnu.org to tell us about it. Please include a reference to a reputable article that describes the malicious behavior clearly; we won't list an item without documentation to point to.

If you want to be notified when we add new items or make other changes, subscribe to the mailing list <www-malware-commits@gnu.org>.

Injustices or techniques Products or companies
  1. Back door:  any feature of a program that enables someone who is not supposed to be in control of the computer where it is installed to send it commands.
  2. Digital restrictions management, or “DRM”:  functionalities designed to restrict what users can do with the data in their computers.
  3. Jail:  system that imposes censorship on application programs.
  4. Tether:  functionality that requires permanent (or very frequent) connection to a server.
  5. Tyrant:  system that rejects any operating system not “authorized” by the manufacturer.

Users of proprietary software are defenseless against these forms of mistreatment. The way to avoid them is by insisting on free (freedom-respecting) software. Since free software is controlled by its users, they have a pretty good defense against malicious software functionality.

Latest additions

  • 2025-02

    Microsoft is shutting down Skype on May 5th, 2025. As with other tethered proprietary programs, users have to rely on servers that are controlled by the developer. When these servers shut down, the service disappears. Instead of migrating to the service that Microsoft suggests as a replacement, Skype users should regain control of their communications by switching to one that is based on free software. Jitsi Meet, for example, is appropriate for small video meetings. Anyone can set up a Jitsi server and let other people use it, and indeed many of these are available around the world.

  • 2025-02

    Outlook has become a “data collection and ad delivery service”. Since Outlook is now integrated with Microsoft “cloud” services, and doesn't support end-to-end encryption, the company has full access to users' emails, contacts, and calendar events. Microsoft may also retrieve credentials associated with any third-party services that are synchronized with Outlook. This trove of personal data enables Microsoft, as well as its commercial partners, to flood users with targeted ads, and possibly to train “artificial intelligences.” Even worse, this data is available to any government that can force Microsoft to hand it over.

  • 2024-11

    Ubisoft is facing a fraud lawsuit for shutting down the proprietary video game The Crew, which was tethered to its servers. As this game can't be played offline, people who used to think they owned a copy of it are now realizing they only bought a license that could be revoked at will by the developer.

    This is one more example of what tethering of a proprietary program leads to. If The Crew were free software, its users would be able to set up another server, and keep on playing.

  • 2024-07

    In its default configuration, Windows 11 now uploads users' files and personal information to Microsoft's “cloud” without asking permission to do so. This is presented as a convenient backup method, but if the allotted storage capacity is exceeded, the user will need to buy more space, increasing Microsoft's profit.

    However, this small profit is probably not the company's major reason for making cloud storage the default. Here is an excerpt from the Microsoft Services agreement (Section 2b):

    To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant to Microsoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services.

    We strongly suspect that the backed-up material is used to feed Microsoft's greedy “AI.” In addition, it is most likely analysed to better profile users in order to flood them with targeted ads, thereby generating more profit.

    Users, on the other hand, are at the mercy of any entity that demands their data, let alone of any cracker that breaks into Microsoft's servers. They must escape from this sick environment, and install a sane free/libre system.

  • 2024-12

    Windows Defender deletes downloaded files that it considers malware as soon as they are saved to disk, without requesting permission to do so. Many angry users have complained about this unacceptable behavior over the last few years, and even suggested fixes, but Microsoft has ignored them. It is high time for Windows users to escape Microsoft's tyranny by migrating to a free/libre system.

More items…