![[A GNU head]](/graphics/heckert_gnu.transp.small.png){kind=small}
GNU ![[Search www.gnu.org]](/graphics/icons/search.png){kind=icon}
![[Other languages]](/graphics/icons/translations.png){kind=icon}
Proprietary Software Is Often Malware
Proprietary software, also called nonfree software, means software that doesn't respect users' freedom and community. A proprietary program puts its developer or owner in a position of power over its users. This power is in itself an injustice.
The point of this directory is to show by examples that the initial injustice of proprietary software often leads to further injustices: malicious functionalities.
Power corrupts; the proprietary program's developer is tempted to design the program to mistreat its users. (Software designed to function in a way that mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users' expense. That does not make it any less nasty or more legitimate.
Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically an opportunity to be tricked, harmed, bullied or swindled.
Online services are not released software, but in regard to all the bad aspects, using a service is equivalent to using a copy of released software. In particular, a service can be designed to mistreat the user, and many services do that. However, we do not list instances of malicious dis-services here, for two reasons. First, a service (whether malicious or not) is not a program that one could install a copy of, and there is no way at all for users to change it. Second, it is so obvious that a service can mistreat users if the owner wishes that we hardly need to prove it.
However, most online services require the user to run a nonfree app. The app is released software, so we do list malicious functionalities of these apps. Mistreatment by the service itself is imposed by use of the app, so sometimes we mention those mistreatments too—but we try to state explicitly what is done by the app and what is done by the dis-service.
When a web site provides access to a service, it very likely sends nonfree JavaScript software to execute in the user's browser. Such JavaScript code is released software, and it's morally equivalent to other nonfree apps. If it does malicious things, we want to mention them here.
When talking about mobile phones, we do list one other malicious characteristic, location tracking which is caused by the underlying radio system rather than by the specific software in them.
As of March 2025, the pages in this directory list around 600 instances of malicious functionalities (with more than 730 references to back them up), but there are surely thousands more we don't know about.
Ideally we would list every instance. If you come across an instance which we do not list, please write to webmasters@gnu.org to tell us about it. Please include a reference to a reputable article that describes the malicious behavior clearly; we won't list an item without documentation to point to.
If you want to be notified when we add new items or make other changes, subscribe to the mailing list <www-malware-commits@gnu.org>.
| Injustices or techniques | Products or companies |
|---|---|
|
|
Users of proprietary software are defenseless against these forms of mistreatment. The way to avoid them is by insisting on free (freedom-respecting) software. Since free software is controlled by its users, they have a pretty good defense against malicious software functionality.
Latest additions
-
2024-12
Windows Defender deletes downloaded files that it considers malware as soon as they are saved to disk, without requesting permission to do so. Many angry users have complained about this unacceptable behavior over the last few years, and even suggested fixes, but Microsoft has ignored them. It is high time for Windows users to escape Microsoft's tyranny by migrating to a free/libre system.
-
2024-11
As of 2021, preinstallation of Russian-made proprietary software has been mandatory on new computers and “smart” devices sold in Russia, under threat of a fine for the retailer, and the list of mandatory applications keeps growing. This gives the government a convenient way to censor information, spy on people's online activity, and restrict free speech.
-
2024-06
In its terms of service, Adobe gives itself permission to spy on material that people upload to its servers, supposedly for moderation purposes. In spite of Adobe's denial, we can expect that sooner or later it will use this material to train its so-called “artificial intelligence,” and will claim that by agreeing to the terms of service users gave it the right to do so.
-
2024-04
Microsoft has started to show ads in the “Recommended” section of the Windows 11 Start menu. Previously, this section only included recently used documents and images. Now it also contains the icons of apps Microsoft wants to advertise, in the hope that the user will click on one of them, and buy the app. So far, the user can disable the ads, but this doesn't make them more legitimate.
-
2024-11
Windows Recall is a feature of Microsoft's Copilot tool that comes preinstalled on AI-specialized computers. Recall records everything users do on their computer and allows them to search the recordings, but it has numerous security flaws and poses a risk to privacy. As Recall cannot be completely uninstalled, disabling it doesn't eliminate the risk because it can be reactivated by malware or misconfiguration.
Microsoft says that Recall will not take screenshots of digitally restricted media. Meanwhile, it stores sensitive user information such as passwords and bank account numbers, showing that whereas Microsoft worries somewhat about corporate interests, it couldn't care less about user privacy.
![[FSF logo]](/graphics/fsf-logo-notext-small.png){kind=logo}