neko
/
SpywareWatchdog
mirror of https://codeberg.org/shadow/SpywareWatchdog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

thy first commit

This commit is contained in:
anonymous 2020-02-07 02:12:15 -05:00
commit 2cbcfc7786
213 changed files with 6514 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
articles/1password.html Normal file
View File

@ -0,0 +1,42 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>1Password</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/1pw_logo.png" alt="1password Logo">
<p>
1password is a password management service
</p>
<h2>Spyware Level: <font color=red>Not Rated</font></h2>
<p>
This article is a stub and sitll needs to be written. If you want to write it, email me so I dont duplicate effort.
</p>
<p>
https://1password.com/legal/privacy/
https://www.macworld.com/article/2996213/security/1password-is-still-secure-but-you-can-reduce-a-potential-risk.html
https://paul.reviews/privacy-password-managers-a-reality-check/
</p>
<p>
>Third-Party Data Processors
>Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us.
>Data needed to process payments is collected by our payment processor, Stripe, Inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://stripe.com/privacy-shield-policy
</p>
<hr>
<p><b>
This article was created on 6/16/2018
</b></p>
<p><b>
This article was last edited on 6/16/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

68
articles/amd.html Normal file
View File

@ -0,0 +1,68 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>AMD CPU Family</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/amd_logo.png" alt="One of the logos AMD uses for its CPU's">
<h1>UNFINISHED ARTICLE - UNDER CONSTRUCTION - BAD FORMATTING</h1>
<p>
Advanced Micro Devices, Inc. is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. This article is specifically about the CPU's that are produced by AMD and nothing else. The logo is one of many logos used by AMD, but the
article is not about any one specific CPU. <b>No rating is given</b> because this is not an article about any specific product, and the rating system is difficult to fit into this
article.
</p>
<p>
Modern CPU models produced by AMD contain an embedded ARM co-processor called the Platform Security Processor (PSP). Nearly all AMD CPU's produced since 2013 operate under the supervision of this separate, more privileged, environment consisting of an integrated ARM processor with access to isolated resources as well as main system memory and I/O.
<sup><a href="#1">[1]</a></sup>
</p>
<p>
This article isn't complete. This is a work-in-progress and so this article is not formatted properly..
</p>
<p>http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf (page 11)</p>
<p>While ARM and AMD tout the “Trusted Execution Environment” as useful for secure payment, anti-theft and malware protection, they also discuss content protection or DRM as a use case. https://www.owasp.org/images/c/c8/OWASP_Security_Tapas_-_TrustZone%2C_TEE_and_Mobile_Security_final.pdf</p>
<p>Possible uses … DRM</p>
<p>
Researchers have already been able to identify exploits in AMDs Platform Security Processor. In 2018 researchers published a vulnerability in which a specially crafted certificate could lead to a stack overflow in the PSPs TPM firmware allowing for remote code execution. (https://seclists.org/fulldisclosure/2018/Jan/12) Another group goes on to detail how an attacker might leverage exploits RYZENFALL or FALLOUT to gain foothold in networks with Ryzen based systems. (https://www.techpowerup.com/242386/cts-labs-responds-to-a-techpowerup-technical-questionnaire)
</p>
<hr>
<p>Please note that Family 16h and
Family 15h-Models60h and later contain a PSP</p>
<h2><font color=red>NOT TRUSTED:</font></h2>
<ul>
<li>Kaveri (Steamroller “BDv3”) https://www.amd.com/system/files/TechDocs/51590_15h_Models_30h-3Fh_A-Series_PDS.pdf (page 6)
https://arstechnica.com/information-technology/2012/06/amd-to-add-arm-processors-to-boost-chip-security/</li>
<li>Carrizo/Bristol Ridge (Excavator “BDv4”) https://www.anandtech.com/show/8995/amd-at-isscc-2015-carrizo-and-excavator-details</li>
<li>All Zen based CPUs (17h family)</li>
</ul>
<h2><font color=yellow>POTENTIALLY TRUSTED:</font></h2>
<ul>
<li>Jaguar (the only 16h family CPU that does NOT have PSP): http://support.amd.com/TechDocs/52128_16h_Software_Opt_Guide.zip (page 8) https://en.wikipedia.org/wiki/Puma_(microarchitecture)#Improvements_over_Jaguar</li>
<li>All K5-K10, Bobcat, Bulldozer (“BDv1”) and Piledriver (“BDv2”)</li>
<li>All K5-K10, Bobcat, Bulldozer (“BDv1”) and Piledriver (“BDv2”)</li>
</ul>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf">AMD Security and Server innovation</a>
<a href="http://web.archive.org/web/20180422100442/http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf">[web.archive.org]</a>
<a href="http://archive.vn/7dYOZ">[archive.vn]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 1/10/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

89
articles/bing.html Normal file
View File

@ -0,0 +1,89 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Bing</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/bing_logo.png" alt="Bing logo">
<p>
Bing is a search engine created and owned by Microsoft.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Bing is yet another spyware search engine that collects your information and sells it to advertisers. It's strongly recommended that you
do not use Bing.
</p>
<p>
At some point Bing had a privacy policy, but Microsoft doesnt seem to be hosting it anymore. So, this article will look at the
Microsoft Privacy Statement<sup><a href="#1">[1]</a></sup> to help us understand what information Bing collects.
Similarly to the privacy policies of Google and Apple, the Microsoft privacy statement eclipses the entire spyware platform and does not help you understand
in great detail what kind of information one single program could be collecting. (although this policy is more specific)
</p>
<h3>Bing collects your search history</h3>
<p>From the Microsoft Privacy Statement<sup><a href="#1">[1]</a></sup>:</p>
<p><i>
"Microsoft collects data from you, through our interactions with you and through our products for a variety of purposes described
below...You provide some of this data directly, such as when you...submit a search query to Bing"
</i></p>
<p>Later in the Interactions -> Device and usage data section of this statement, it is clarified again that Microsoft collects your:
<i>"Browse History. Data about the web pages you visit."</i>, as well as your: <i>"Images. Images and related information, such as
picture metadata. For example, we collect the image you provide when you use a Bing image-enabled service."</i></p>
<p>Microsoft claims to store this information for an unlimited amount of time, but it claims that it will eventually anonymize this information
in a process that takes 18 months to complete.<p>
<p><i>
"Has Microsoft adopted and announced a specific retention period for a certain data type? For example, for Bing search queries, we de-identify
stored queries by removing the entirety of the IP address after 6 months, and cookie IDs and other cross-session identifiers after 18 months. "
</i></p>
<h3>Bing uses your search history to profile you for advertising</h3>
<p>From the Microsoft Privacy Statement<sup><a href="#1">[1]</a></sup>:</p>
<p><i>
"Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as Microsoft.com, MSN and Bing."
</i></p>
<p>
So since your search history is part of the "data we collect", the natrual conclusion is that, your search queiries are being used to profile you for
advertising. And of course, this is confirmed in this section:
</p>
<p><i>
"The ads that you see may be selected based on data we process about you, such as your interests and favorites, your location, your transactions, how
you use our products,<b><font color=red> your search queries </font></b>, or the content you view. For example, if you view content on MSN about automobiles, we may show advertisements
about cars; if you search “pizza places in Seattle” on Bing, you may see advertisements in your search results for restaurants in Seattle."
</i></p>
<h3>Bing sells your search history to other spyware platforms</h3>
<p>From the Microsoft Privacy Statement<sup><a href="#1">[1]</a></sup>:</p>
<p><i>
"We may share data we collect with third parties, such as Oath, AppNexus, or Facebook (see below), so that the ads you see in our products,
their products, or other sites and apps serviced by these partners are more relevant and valuable to you. "
</i></p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://privacy.microsoft.com/en-us/privacystatement">Microsoft Privacy Statement</a>
<a href="http://web.archive.org/web/20180528165116/https://privacy.microsoft.com/en-us/privacystatement">[web.archive.org]</a>
<a href="https://archive.li/u7eZJ">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/30/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

117
articles/brave.html Normal file
View File

@ -0,0 +1,117 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Brave Browser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/brave_logo.png" alt="Brave logo">
<p>
Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, cleaner Preferences menu than other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as</P><p><i>"A browser with your interests at heart."</i><sup><a href="#1">[1]</a></sup></p><p>, and the built-in privacy protections would seem to agree with that, but let's see how it stacks up when we take everything into account.
</p>
<h2>Spyware Level: <font color=orange>High</font></h2>
<p>
Auto-updates that can be turned off only by hacky workarounds. <a href="/articles/google.html">Google</a> as default search engine. Analytics on Brave's home page. Two other requests made at each start of Brave. Whitelisting spyware from Facebook and Twitter.<sup><a href="#5">[5]</a></sup> Has some decent privacy protections built in, but uMatrix is still better. Some privacy features are there by default, but, it's still trying to work with advertisers (same as Mozilla did with their Sponsored Tiles). Despite claiming to be <i>"A browser with your interests at heart."</i><sup><a href="#1">[1]</a></sup>, it has <a href="/articles/google.html">Google</a> as default search engine, as well as shitty forced updates. Anyway, despite the privacy protections, you should stay away from this browser - it seems to have a "mission" to switch the internet to its version of "user-respecting" ads, (we know how that turned out for Mozilla), and that's slimy and suspicious. Beyond that it has repeatedly shown itself to be dishonest and disingenuous about what it's mission and goals and operations are.
</p>
<h3>Whitelisting spyware from Facebook and Twitter</h3>
<p>
On it's website, Brave claims that <i>"Brave fights malware and prevents tracking, keeping your information safe and secure. Its our top priority."</i><sup><a href="#6">[6]</a></sup>. Yet despite this claim, Brave actually <b><font color=red>disables</font></b> its tracking protections for Facebook and Twitter's spyware
scripts that allow them to track people across the web.<sup><a href="#5">[5]</a></sup> Brave's spyware protections, and any claims that it makes to work in the interests of
it's users, <b><font color=orange>cannot be taken seriously.</font></b> Brave is actively working <b><font color=red>against its users</font></b> while lying to them about
supposed privacy protections that it offers. This problem becomes even more serious when you take into account Brave's response to this situation:
</p>
<p><i>
"Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat."
</i><sup><a href="#7">[7]</a></sup></p>
<p>
This statement is just, <b><font color=red>completely wrong</font></b>. Just because a website isn't able to store cookies, does not mean that it cannot uniquely identify you. Executing JavaScript spyware from Facebook and Twitter is <b>more than enough.</b> Blocking cookies is not going to stop them from tracking you. This isn't even information that is difficult to verify. There are many websites that you can visit, right now, to see just how much information a JavaScript program designed to track you can get. Here are a few:
<br>
<a href="https://browserleaks.com/">https://browserleaks.com/</a><br>
<a href="https://panopticlick.eff.org/">https://panopticlick.eff.org/</a>
</p>
<h3>Auto-updates</h3>
<p>
Brave will check for updates every time you run it, and you CANNOT turn it off (except through fiddling with DNS and such) ! What is the devs' answer? From their GitHub page<sup><a href="#2">[2]</a></sup>: </p>
<p><i>"We don't plan on adding in UI to disable updates, but users can easily adjust environment variables if they really want to put themselves at risk."</i></p>
<p>and</p>
<p><i>"i feel that being able to figure out how to do this is a sufficiently high bar for users who want to turn off autoupdating (to prove they know what they're doing and understand the security implications)"</i></p>
<P>So according to the devs, you have to hunt down random internet comments to be able to disable auto-updating. Brave will also update what looks like the list of its "partners" every time you run it. <img src="/images/brave_partners.png">Extensions are also updated often.
</p>
<h3>Anti-privacy search engine by default</h3>
<p>
<a href="/articles/google.html">Google</a> is the default search engine of Brave, and the issues with it are well known and would take a book to describe them all.
</p>
<h3>Brave's start page contains analytics</h3>
<p>
Brave will connect to its home page, https://brave.com, automatically on the first run of Brave, and that page contains Piwik's analytics scripts. This is the full request: <img src="/images/brave_piwik.png">It will also make a connection to Google to download some fonts. You can disable these on subsequent runs by changing the start page.
</p>
<h3>Crash reports</h3>
<p>Enabled by default, but can be disabled from the preferences menu.</p>
<h3>Other requests</h3>
<p>Brave will make a connection to <img src="/images/brave_bat.png"> every time it is started up. It probably has something to do with their project of working with advertisers to provide more relevant targeted ads, which sounds pretty disgusting, but can be turned off ("Notify me about token promotions"). You can read more about it here<sup><a href="#3">[3]</a></sup>.It will also make this request: <img src="/images/brave_httpse.png">, which downloads the rulesets for HTTPS Everywhere.</p>
<h3>Brave's privacy protections</h3>
<p>Brave Browser also contains in-built privacy protections such as HTTPS Everywhere, AdBlock, cookie blocking, script blocking, and fingerprinting protections - that are configurable site by site. This is commendable of course, but in the end, uMatrix outclasses them. Trackers, for example, easily avoid pure AdBlock (so you will be tracked by Facebook and such), and binary script blocking breaks sites. Nice effort on Brave's part though, and the fingerprinting protection I don't think is found in any other browser (but I didn't confirm if it actually works).
</p>
<hr>
<h2>Credits</h2>
<p>
This article was written by <a href="https://digdeeper.neocities.org/">digdeeper.neocities.org</a><br>
Formatting changes were done by the site maintainer.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://brave.com">Brave's website</a>
<a href="https://web.archive.org/web/20180609070708/https://brave.com">[web.archive.org]</a>
<br>
<a name="2">2.</a>
<a href="https://github.com/brave/browser-laptop/issues/1877">How to stop autoupdate of brave?</a>
<a href="http://web.archive.org/web/20180530053311/https://github.com/brave/browser-laptop/issues/1877">[web.archive.org]</a>
<a href="https://archive.li/AJZr5">[archive.li]</a><br>
<a name="3">3.</a>
<a href="https://basicattentiontoken.org">Basic Attention Token</a>
<a href="https://web.archive.org/web/20180528161328/https://www.basicattentiontoken.org">[web.archive.org]</a>
<a href="http://wayback.archive-it.org/all/20180528161328/https://www.basicattentiontoken.org">[wayback.archive-it.org]</a><br>
<a name="4">4.</a>
<a href="https://laptop-updates.brave.com/promo/custom-headers">Laptop Headers</a>
<a href="http://web.archive.org/web/20190213015206/https://laptop-updates.brave.com/promo/custom-headers">[web.archive.org]</a>
<a href="https://archive.fo/ecx6L">[archive.fo]</a><br>
<a name="5">5.</a>
<a href="https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/">Facebook, Twitter Trackers Whitelisted by Brave Browser</a>
<a href="http://web.archive.org/web/20190213055618/https://www.bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/">[web.archive.org]</a>
<a href="https://archive.fo/X98Xz">[archive.fo]</a><br>
<a name="6">6.</a>
<a href="https://brave.com/features/">Brave Browser Features</a>
<a href="http://web.archive.org/web/20190124134301/https://brave.com/features/">[web.archive.org]</a><br>
<a name="7">7.</a>
<a href="https://brave.com/script-blocking-exceptions-update/">Script Blocking Exceptions Update</a>
<a href="http://web.archive.org/web/20190214034944/https://brave.com/script-blocking-exceptions-update/">[web.archive.org]</a>
<a href="http://archive.fo/Qopen">[archive.fo]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 2/13/2019
</b></p>
<p><b>
This article was created on 5/7/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

142
articles/browsers.html Normal file
View File

@ -0,0 +1,142 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Comparison between web browsers</h1>
<p><a href="/articles">Back to catalog</a></p>
<p>
It's important to notice that because web browsers and the services they access are built on top of using the spyware protocol HTTP, they CANNOT respect your privacy.
But beyond that, because we have to use web browsers, it's useful to list them by how much spyware they have in them. This purpose of this article is
not to rate each web browser in a vaccum, like articles on this website that focus on one specific web browser, but rather to compare all of the
web browsers that have been rated on this website against each other. This is a ranking that is based on how much Pirvacy a browser offers by default, as well as, how
much privacy can be gained by configuring it.
</p>
<h2><font color=lime>Top Tier - Best Privacy</font></h2>
<p>
These are all browsers that require a minimal amount of configuration and can achive the required level of privacy needed to browse the modern web- compatibility with a
comperhensive suite of content-blocking extensions that can block spyware providers correctly and fully. Iridium and Pale Moon both are configured in a way that leaks
user information and thus require additional configuration.
</p>
<table>
<tr>
<td><center><img src="/images/tor_logo.png" alt="TOR Logo"></center></td>
<td><center><img src="/images/icecat_logo.png" alt="GNU IceCat Logo"></center></td>
<td><center><img src="/images/ungoogled_chromium_logo.png" alt="Ungoogled Chromium Logo"></center></td>
<td><center><img src="/images/iridium_logo.jpg" alt="Iridium Logo"></center></td>
<td><center><img src="/images/palemoon_logo.png" alt="Pale Moon Logo"></center></td>
</tr>
<tr>
<td><center><b><a href="/articles/tor.html">TOR Browser</a></b></center></td>
<td><center><b><a href="/articles/icecat.html">GNU IceCat</a></b></center></td>
<td><center><b><a href="/articles/ungoogled_chromium.html">Ungoogled Chromium</a></b></center></td>
<td><center><b><a href="/articles/iridium.html">Iridium Browser</a></b><br><small><a href="/guides/iridium.html">Configuration Guide</a></small></center></td>
<td><center><b><a href="/articles/palemoon.html">Pale Moon</a></b><br><small><a href="/guides/palemoon.html">Configuration Guide</a></small></center></td>
</tr>
</table>
<h2><font color=lime>High Tier - Good Privacy</font></h2>
<p>
These browsers do not have privacy issues, but they also do not have enough privacy features to make it to the highest tier. These browsers both have simple ad-blockers, and
do not have any privacy issues, however, these tools are not as good as the comperhensive privacy tools that Top Tier browsers offer.
</p>
<table>
<tr>
<td><center><img src="/images/otter_browser_logo.png" alt="Otter Browser Logo"></center></td>
<td><center><img src="/images/falkon_logo.png" alt="Falkon Logo"></center></td>
</tr>
<tr>
<td><center><b><a href="/articles/otter.html">Otter Browser</a></b></center></td>
<td><center><b><a href="/articles/falkon.html">Falkon</a></b></center></td>
</tr>
</table>
<h2><font color=yellow>Mid Tier - Ok Privacy</font></h2>
<p>
These browsers do not have any big privacy flaws, but they also do not have sufficent privacy protections. Qutebrowser has a very basic adblocker in it. Both browsers don't
have access to extensions either. So, it's just not enough to be able to browse the modern web privately, despite the developers not putting spyware into their browsers.
</p>
<table>
<tr>
<td><center><img src="/images/qutebrowser_logo.png" alt="Qutebrowser Logo"></center></td>
<td><center><img src="/images/sphere_logo.png" alt="SphereLogo"></center></td>
</tr>
<tr>
<td><center><b><a href="/articles/qutebrowser.html">Qutebrowser</a></b></center></td>
<td><center><b><a href="/articles/sphere.html">Sphere Browser</a></b></center></td>
</tr>
</table>
<h2><font color=orange>Low Tier - Poor Privacy</font></h2>
<p>
These browsers do not protect your privacy, but they are not in the lowest tier since they still have something to offer, although, they should not be used in general.
Vivaldi does not let you disable all of the spyware features, Brave whitelists trackers and has forced updates, and Firefox and Waterfox are loaded with spyware, to the point
where configuring them is so <a href="https://github.com/intika/Librefox">non-trivial</a> that you might as well use a version of Firefox that respects your privacy
<b>by default</b>, rather than diving into the uncertainty of digging out all of the spyware features (and repeating the process every time the browser is updated). It's awalys
going to be better to pick a browser higher on this list.
<table>
<tr>
<td><center><img src="/images/waterfox logo.png" alt="Waterfox Logo"></center></td>
<td><img src="/images/brave_logo.png" alt="Brave logo"></td>
<td><img src="/images/firefox_logo.png" alt="firefox Logo"></td>
<td><img src="/images/vivaldi_logo.png" alt="vivaldi Logo"></td>
<td><img src="/images/dissenter_logo.png" alt="Dissenter Logo"></td>
</tr>
<tr>
<td><center><b><a href="/articles/waterfox.html">Waterfox</a></b></center></td>
<td><center><b><a href="/articles/brave.html">Brave</a></b></center></td>
<td><center><b><a href="/articles/firefox.html">Firefox</a></b></center></td>
<td><center><b><a href="/articles/vivaldi.html">Vivaldi</a></b></center></td>
<td><center><b><a href="/articles/dissenter.html">Dissenter</a></b></center></td>
</tr>
</table>
<h2><font color=red>Shit tier - No Privacy</font></h2>
<p>
These browsers are unashamedly designed to collect as much information about the user as possible (all are rated EXTREMELY HIGH by the site). Only SRWare Iron has it's source code availible, and all the developers have mistreated their users (complete disregard for privacy and / or false advertising) for a long time. These browsers are actively hostile against their users and thus should not be used at all.
</p>
<table>
<tr>
<td> <img src="/images/chrome_logo.png" alt="chrome logo"></td>
<td> <img src="/images/opera_logo.png" alt="opera logo"></td>
<td> <img src="/images/slimjet_logo.png" alt="SlimJet logo"></td>
<td> <img src="/images/webdiscover_logo.png" alt="WebDiscover logo"></td>
<td> <img src="/images/srware_logo.png" alt="Iron logo"></td>
</tr>
<tr>
<td><center><b><a href="/articles/chrome.html">Google Chrome</a></b></center></td>
<td><center><b><a href="/articles/opera.html">Opera</a></b></center></td>
<td><center><b><a href="/articles/slimjet.html">SlimJet</a></b></center></td>
<td><center><b><a href="/articles/webdiscover.html">WebDiscover</a></b></center></td>
<td><center><b><a href="/articles/iron.html">SRWare Iron</a></b></center></td>
</tr>
</table>
<hr>
<h2>Further Reading</h2>
<p>
This isn't the only guide on what web browser to pick, with an emphasis on privacy, to exist, and many other people,
with their own knowlege and prespectives, have written their own guides. It would be a waste to only read one guide
to make your decision, so, you should probably read a few more, these are some good ones.
</p>
<a href="https://digdeeper.neocities.org/ghost/browsers.html">Digdeeper - How to choose a browser for everyday use?</a><br>
<a href="https://clarkycat.neocities.org/browser.html">Clarkycat - Browser Recommendation and Addons</a><br>
<hr>
<p><b>
This article was last edited on 2/20/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

98
articles/ccleaner.html Normal file
View File

@ -0,0 +1,98 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>CCleaner</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/ccleaner_logo.png" alt="ccleaner logo">
<p>
CCleaner, developed by Piriform, is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
CCleaner is spyware that collects your personal information to advertise to you. It also sells your information to third parties so that they can advertise to you.
It collects a huge amount of very personal information, like your <b><font color=red>physical location.</font></b> CCleaner uses the technique of privacy policy obfusication
where it provides one privacy policy for every single product its company offers, making it more difficult to know what parts of the privacy policy apply to which program.
</p>
<h3>CCleaner collects and sells user information to advertisers</h3>
<p>
CCleaner clearly shows in its privacy settings that it is collecting information about your comptuer and selling that information to
advertisers:
</p>
<img src="/images/ccleaner_privacy.png" alt ="Ccleaner privacy settings">
<p>Image Source: <sup><a href="#2">[2]</a></sup></p>
<h3>CCleaner tracks a huge amount of personal information</h3>
<p>
If we look at the privacy policy, we can see that CCleaner reports the following<sup><a href="#3">[3]</a></sup>:
</p>
<ul>
<li>IP Address
<li>Unique User ID
<li>Operating System
<li>Other Avast Products installed
<li><b><font color=red>physical location</font></b>
</ul>
<p>
Beyond this, CCleaner is integrated with the following spyware platforms, which all collect their own sets of information:
</p>
<ul>
<li>Google Analytics
<li>Logentries
</ul>
<p>
It would be very time consuming to go through all of those privacy policies (especially because many of these are obfusicated), but it should be
enough to understand that CCleaner is full of third party spyware, as well as first party spyware.
</p>
<h3>CCleaner sends you spam email</h3>
<p>From the privacy policy<sup><a href="#3">[3]</a></sup>:</p>
<p><i>
"When we collect your email address, we may market our other products and services to you. You may choose to unsubscribe from future email marketing by following the instructions in the email."
</i></p>
</p>
<h3>CCleaner tracks your physical location</h3>
<p>
According to the privacy policy, the ccleaner website tries to track your physical location.<sup><a href="#3">[3]</a></sup>
</p>
<p><i>
"Our websites use cookies to acquire data that may be used to determine your physical location via your Internet Protocol address (“IP Address”) and automated geolocation techniques, or to acquire basic information about the computer, tablet, or mobile phone that you use to visit us."
</i></p>
<p>
<i>"location data"</i> is also mentioned when talking about the information that ccleaner itself collects about it's users.
</p>
<h3>Past Security Flaws</h3>
<p>
In the past, CCleaner has been compromised and backdoors have been added to it.<sup><a href="#1">[1]</a></sup>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.ccleaner.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users">
Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
</a>
<a href="https://web.archive.org/web/20180816103218/https://www.ccleaner.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users">[web.archive.org]</a><br>
<a name="2">2.</a>
<a href="https://misdirectedrequest.wordpress.com/2018/06/04/ccleaner-privacy-issue/">CCleaner Privacy Issue </a>
<a href="http://web.archive.org/web/20180821215956/https://misdirectedrequest.wordpress.com/2018/06/04/ccleaner-privacy-issue/">[web.archive.org]</a>
<a href="http://archive.is/HJFBP">[archive.is]</a><br>
<a name="3">3.</a>
<a href="http://www.ccleaner.com/about/privacy-policy">What Happens to Your Data</a>
<a href="https://web.archive.org/web/20180816025428/https://www.ccleaner.com/about/privacy-policy">[web.archive.org]</a>
<a href="http://archive.is/HJFBP">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/21/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

46
articles/cdex.html Normal file
View File

@ -0,0 +1,46 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>CDex</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/cdex_logo.png" alt="cdex logo">
<p>
CDex is an Open Source Digital Audio CD Extractor.
</p>
<h2>Spyware Level: <font color=yellowgreen>Low</font></h2>
<p>
CDex's installer bundles it with spyware, and it will randomly suggest a spyware program to the user, with a chance to opt-out.
Usually it attempts to bundle itself with the webdiscover browser and one time I got it to try and offer me an antivirus program, but
I wasn't able to reproduce this. The program was tested on Windows 7 32-bit with Microsoft Network Monitor 3.4 and Wireshark 2.6.2.
The version of the program tested was 2.06. <b><font color="lime">It did not make any connections to the internet</font></b> that my
tests were able to find. To test the program I ripped the audio files out of a CD with both network monitoring programs open.
</p>
<h3>Bundling with spyware</h3>
<p>
CDex attempts to bundle it self with the <a href="/articles/webdiscover.html">WebDiscover</a> web browser. This is an Opt-out and not an Opt-in like it should be.
This program is spyware, because according to it's privacy policy<sup><a href="#1">[1]</a></sup>, it collects information about it's users.
</p>
<img src="/images/cdex_bundling.png" alt="CDex installer spyware opt-out screen">
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://getwebdiscover.com/privacy/">WebDiscover Privacy Policy</a>
<a href="http://web.archive.org/web/20171224213336/https://getwebdiscover.com/privacy/">[web.archive.org]</a>
<a href="http://archive.is/Orpq6">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 7/29/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

116
articles/chrome.html Normal file
View File

@ -0,0 +1,116 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Google Chrome</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/articles/chrome_es.html">Spanish Translation</a>
<a href="https://qorg.xyz/spyware/chrome.html">[qorg.xyz]</a>
<a href="https://qorglaofrwqdj4is.onion/spyware/chrome.cgi">[4knomcor76uif5na.onion]</a>
<a href="http://archive.is/JB6Pm">[archive.is]</a>
</p>
<img src="/images/chrome_logo.png" alt="chrome logo">
<p>
Google Chrome is a web browser developed and distributed by <a href="/articles/google.html">Google</a>.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
This program is spyware because...
</p>
<h3>Google Chrome is not fully open source</h3>
<p>
Large parts of Google Chrome are open source, however not all of them are, and this prevents people from checking the entire software for potential spyware features that are not disclosed.
</p>
<h3>Google Chrome tracks the user's search history</h3>
<p>
Google Chrome contains several spyware features that reply on the user's search history being uploaded to Google servers. This is confirmed by the language in the privacy policy<sup><a href="#1">[1]</a></sup>, clarifying the spyware features that rely on this.
</p><p>
The first spyware feature is Google Chrome's integration with the "Google Account" spyware platform. <i>" If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account. "</i>
</p><p>
Google Chrome also contains a spyware feature called "Search prediction service". It is explained that: <i>"When you search using the address bar in Chrome, the characters you type (even if you havent hit "enter" yet) are sent to your default search engine. If Google is your default search engine, predictions are based on your own search history, topics related to what youre typing and what other people are searching for."</i>
</p><p>
There is also the spyware feature "Navigation Assistance" which states that: <i>"When you cant connect to a web page, you can get suggestions for alternative pages similar to the one you're trying to reach. In order to offer you suggestions, Chrome sends Google the URL of the page you're trying to reach. "</i>
</p>
<h3>Google Chrome profiles your computer usage</h3>
<p>
In the privacy policy<sup><a href="#1">[1]</a></sup>, Google details the extreme spyware feature it labels "Usage Statistics and Crash Reports". What it does, is it sends very detailed information about your hardware and computer usage, which confirms that it definitely contains the following spyware features: </p>
<ul>
<li>A tracker that records mouse input over time</li>
<li>A tracker that profiles memory usage</li>
</ul>
<p>
But, it can also be extrapolated from the vauge language that Chrome could and probably does monitor what other programs you have open. Either way, it is an extreme amount of information being collected, since it can be used to recreate what the user is doing on their desktop at all times. Chrome clarifies that this information is being sent whenver a website is being "slow" or whenever Google Chrome crashes.
</p>
<h3>Google Chrome is integrated with Google Payments</h3>
<p>
Google Payments is a spyware service that records your banking information and sends it to Google.<sup><a href="#2">[2]</a></sup> This service is integrated into the Google Chrome browser, which makes it another opt-in spyware feature in the software.
</p>
<h3>Google Chrome contains a keylogger</h3>
<p>
This was confirmed in multiple places<sup><a href="#3">[3]</a></sup><sup><a href="#4">[4]</a></sup>. Basically, whenever you type into the search bar, that information is sent to Google. You can apparently turn it off by opting out of the "suggestion service".
</p>
<h3>Google Chrome records your voice</h3>
<p>
Google Chrome is confirmed to be constantly listening to any open microphones on your computer. This can be found in this statement<sup><a href="#5">[5]</a></sup> in a privacy publication. <i>"Voice & audio information may be collected. For example, if your child uses audio activation commands (e.g., "OK, Google" or touching the microphone icon), a recording of the following speech/audio, <b> plus a few seconds before, </b> will be stored to their account…"</i> This feature is opt-in if you are using the "Google Accounts" spyware platform and specifically tell Google to build a profile of your child. It's unverified wether or not Google uploads information it listens too to its servers outside of this feature.
</p>
<h3>Google Chrome saves user passwords on Google Servers</h3>
<p>
Any password stored in Google Chrome's "password management" feature is uploaded to Google if you sign into the "Google Accounts" spyware platform.
</p>
<h3>Google Chrome profiles users in other various ways</h3>
<p>
According to the privacy policy<sup><a href="#1">[1]</a></sup>, Google Chrome profiles what kinds of web forms you fill out, as well as what kind of language the content you consume is primiarily in. Google Chrome also creates a unique identifier for each install you do. This unqiue identifier is sent to Google whenever you start the browser, so that Google can create a consistent user identity for you, unermining anonymity. Google also stores all of your settings on it's offical servers when using the "Google Accounts" feature.
</p>
<h3>Google Chrome is self-updating software</h3>
<p>
Google Chrome has an updater which is constantly running in the background and syncing with Google servers to check for updates. The updater will download and run unverified binaries from Google when it updates Google Chrome. It is impossible for an automatic updater service such as this to verify that the updates are not spyware and/or do not contain additional spyware features.
<p>
<hr>
<h2>Further Reading</h2>
<p>
<a href="https://stallman.org/google.html">Reasons not to use Google</a>
<a href="https://web.archive.org/web/20180512214729/http://stallman.org/google.html">[web.archive.org]</a>
<a href="http://archive.is/20170929072403/https://stallman.org/google.html">[archive.is]</a><br>
<a href="https://8ch.net/tech/chrome.html">Welcome to the Botnet. Or, The Case Against Google Chrome</a>
<a href="https://web.archive.org/web/20150501010435/https://8ch.net/tech/chrome.html">[web.archive.org]</a>
<a href="http://archive.is/OR4dz">[archive.is]</a><br>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.google.com/chrome/browser/privacy/index.html">Google Chrome Privacy Notice</a>
<a href="https://archive.is/GJIKw">[archive.is]</a>
<a href="http://web.archive.org/web/20180427041202/https://www.google.com/chrome/browser/privacy/index.html">[web.archive.org]</a><br>
<a name="2">2.</a>
<a href="https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice">Google Payments Privacy Notice</a>
<a href="https://web.archive.org/web/20180514095832/https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">Google Chrome Spyware? Confirmed?</a>
<a href="https://web.archive.org/web/20180410043922/http://www.favbrowser.com/google-chrome-spyware-confirmed/">[web.archive.org]</a>
<a href="https://archive.li/jxCPf">[archive.li]</a><br>
<a name="4">4.</a>
<a href="https://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/">Google Chrome a Keylogger Privacy Concerns</a>
<a href="https://web.archive.org/web/20180410043922/https://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/">[web.archive.org]</a>
<a href="https://archive.li/HclxK">[archive.li]</a><br>
<a name="5">5.</a>
<a href="https://families.google.com/familylink/privacy/child-policy/">Privacy Notice for Google Accounts Managed with Family Link (“Privacy Notice”)</a>
<a href="https://web.archive.org/web/20180524142231/https://families.google.com/familylink/privacy/child-policy/">[web.archive.org]</a>
<a href="https://archive.li/3ncnz">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 12/12/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

107
articles/chrome_es.html Normal file
View File

@ -0,0 +1,107 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Google Chrome</h1>
<p><a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/chrome.html">English Translation</a><br>
Mirrors:
<a href="https://qorg.xyz/spyware/chrome.html">[qorg.xyz]</a>
<a href="https://qorglaofrwqdj4is.onion/spyware/chrome.cgi">[qorglaofrwqdj4is.onion]</a>
<a href="http://archive.is/JB6Pm">[archive.is]</a></p>
<img src="/images/chrome_logo.png" alt="chrome logo">
<p>Google Chrome es un navegador web desarollado y distribuido por Google</p>
<h2>Nivel de spyware: <font color=red>EXTREMADAMENTE ALTO</font></h2>
<p>Este programa es spyware porque...</p>
<h3>Google Chrome no es completamente libre</h3>
<p>Muchas partes de Google Chrome son libres, pero no todas de estas lo son. y esto no permite que se compruebe que no es spyware</p>
<h3>Google Chrome rastrea el historial</h3>
Google Chrome contiene mucho spyware que responden en el historial de la busqueda de usuario. Esto es confirmado en la política de privacidad de Google Chrome<sup><a href="#1">[1]</a></sup><br>
<p>La primera caracteristia de spyware de Chrome es la integración con la "Cuenta de Google" (Que es spyware en si). Explica que: "<i>Cuando buscas usando la barra de direccion de google, los caracteres que has escrito (incluso si no has pulsado enter todavia) son enviados a tu motor de busqueda. Si Google es tu motor de busqueda por defecto, las predicciones estan basadas en tus busquedas</i>
</p>
<br>
<p>
Encima tiene otro spyware llamado "Asistencia de naveegacion" que dice que "Cuando no puedes conectarte a una página web, puedes obtener sugerencias para páginas alternativas (Vamos, que Google Chrome envía la dirección a la que has intentado entrar para darte otra</p>
<b>Google Chrome recopila el uso de tu ordenador</b>
<p>En la política de privacidad <sup><a href="#1"[1]></a></sup> Google admite el estupidamente alto spyware llamado "Estadisticas de uso y reportes de errores fatales" Lo que hace es recopilar (y enviar) informacion de tu ordenador extremadamente especifica sobre tu hardware y el uso de tu ordenador, y obviamente, tiene esto
<ul>
<li>Un rastreador que graba el cursor</li>
<li>Un rastrador que graba el uso de memoría (RAM)</li>
</ul>
</p>
<h3>Google Chrome está integrado con Google Payments</h3>
<p>Google Payments es un spyware que graba tus datos bancarios y los envía a Google<sup><a href="#2">[2]</a></sup> Este servicio esta integrado en Google Chrome, lo que hace un spyware opt-in en el programa.
</p>
<h3>Google Chrome contiene un keylogger</h3>
<p>Esto fue confirmado en muchos sitios <sup><a href="#3">[3]</a><a href="#4">[4]</a></sup> Basicamente, cualquier cosa que escribas en la barra de busqueda será enviada a Google. se puede, aparentemente, desactivar.
</p>
<h3> Google Chroome graba tu voz</h3>
<p>Está confirmado que Google Chrome esta constantemente grabando micros en tu ordenador. Esto se puede ver en esta referencia <sup><a href="#5">[5]</a></sup> dice: "<i>Audio y voz puede ser recolectada, por ejemplo, si su hijo usa comandos de activacion (Ejemplo, "Ok, Google" o tocando el icono del microfono) se grabara <b>Tambien unos segundos despues</b> </i>" Esta caracteristica es Opt-in si usas las "Cuentas de Google" y si le dices a Google para hacer un perfil para tu hijo, es imposible saber si Google sube estos audios a sus servidores</p>
<h3>Google Chrome guarda contraseñas en sus servidores</h3>
<p>Cualquier contraseña guardada en el gestor de contraseñas de Chrome es subida a los servidores de Google si inicias sesión en Google Chrome</p>
<h3> Google Chrome recolecta profiles de usuario de otras formas</h3>
<p>Según su política de privacidad<sup><a href="#1">[1]</a></sup> Google Chrome guarda lo que rellenarías en formularios de paginas, tambien el idioma en el que mas consumespaginas web, Google Chrome, encima, crea un identificador unico porcada instalación, esto se envía a Google cada vez que abres el navegador, esto quiere decir que Google crea una identidad tuya propia, Google tambien, como ya lo he dicho, mas de una vez, Google guarda todos tus datos si inicias sesión en Chrome con tu cuenta de Google</p>
<h3>Google Chrome se actualiza automáticamente
</h3>
<p>
Google Chrome tiene un actualizador que constantemente va en segundo plano y sincronizandose con los servidores de Google en busca de actualizaciones. Esto lo que hace es descargar y abrir los binarios no verificados cada vez que Google actualiza Chrome. Es imposible para un software con actualizaciones automaticas verificar si es o no spyware
</p>
<hr>
<h2>Mas cosas</h2>
<p>
<a href="https://stallman.org/google.html">Reasons not to use Google</a>
<a href="https://web.archive.org/web/20180512214729/http://stallman.org/google.html">[web.archive.org]</a>
<a href="http://archive.is/20170929072403/https://stallman.org/google.html">[archive.is]</a><br>
<a href="https://8ch.net/tech/chrome.html">Welcome to the Botnet. Or, The Case Against Google Chrome</a>
<a href="https://web.archive.org/web/20150501010435/https://8ch.net/tech/chrome.html">[web.archive.org]</a>
<a href="http://archive.is/OR4dz">[archive.is]</a><br>
</p>
<hr>
<h2>Referencias</h2>
<p>
<a name="1">1.</a>
<a href="https://www.google.com/chrome/browser/privacy/index.html">Google Chrome Privacy Notice</a>
<a href="https://archive.is/GJIKw">[archive.is]</a>
<a href="http://web.archive.org/web/20180427041202/https://www.google.com/chrome/browser/privacy/index.html">[web.archive.org]</a><br>
<a name="2">2.</a>
<a href="https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice">Google Payments Privacy Notice</a>
<a href="https://web.archive.org/web/20180514095832/https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="http://www.favbrowser.com/google-chrome-spyware-confirmed/">Google Chrome Spyware? Confirmed?</a>
<a href="https://web.archive.org/web/20180410043922/http://www.favbrowser.com/google-chrome-spyware-confirmed/">[web.archive.org]</a>
<a href="https://archive.li/jxCPf">[archive.li]</a><br>
<a name="4">4.</a>
<a href="https://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/">Google Chrome a Keylogger Privacy Concerns</a>
<a href="https://web.archive.org/web/20180410043922/https://jischinger.wordpress.com/2008/11/16/google-chrome-a-keylogger-privacy-concerns/">[web.archive.org]</a>
<a href="https://archive.li/HclxK">[archive.li]</a><br>
<a name="5">5.</a>
<a href="https://families.google.com/familylink/privacy/child-policy/">Privacy Notice for Google Accounts Managed with Family Link (“Privacy Notice”)</a>
<a href="https://web.archive.org/web/20180524142231/https://families.google.com/familylink/privacy/child-policy/">[web.archive.org]</a>
<a href="https://archive.li/3ncnz">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was created on 11/23/2018<br>
This is a translation of the english article. It may become outdated- compare the dates on both articles.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

244
articles/discord.html Normal file
View File

@ -0,0 +1,244 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Discord</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/articles/discord_es.html">Spanish Translation</a>
<a href="https://qorg.xyz/spyware/discord.cgi">[qorg.xyz]</a>
<a href="https://qorglaofrwqdj4is.onion/spyware/discord.cgi">[qorglaofrwqdj4is.onion]</a>
<a href="http://web.archive.org/web/20181118194244/https://qorg.xyz/spyware/discord.cgi">[web.archive.org]</a>
<a href="http://archive.is/7T29F">[archive.is]</a></p>
<img src="/images/discord_logo.png" alt="Discord-Logo">
<p>
Discord is an instant messaging application for MacOS, Windows, Linux,
Android, and iOS. Discord is used to communicate via voice chat and
text chat, and has image-sharing and file-sharing capabilities.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
<font color="lightgreen">
Thanks to Richard Stallman for linking to our article <a href="https://stallman.org/discord.html"> here</a>! The spotlight is very much appreciated.
</font><br>
</p>
<a href="https://spyware.neocities.org/articles/discord.html"><img src="/images/discord-no-way-2.gif" alt="Discord? No Way!"></a>
<p>
Discord is spyware because it collects all information that passes
through its communication platform. As Discord is a centralized
communication platform, all communications have to go through Discord's
official servers, where all of that information can potentially be
recorded. The vast majority of said information has been confirmed
to be recorded, such as all communications between users. Discord has
also been confirmed to use other spyware features such as various forms
of telemetry. Discord's main source of income is from investment, from which
it has received over $279.3 million dollars<sup><a href="#4">[4]</a></sup>. Discord cannot be built from
source and the source code for Discord is unavailable.
</p>
<h3>Discord does not make its source code available</h3>
<p>
It is impossible to download and examine Discord's source code,
which means that it is impossible to prove that Discord is not
spyware. Any program which does not make its source code available is
potential spyware.
</p>
<h3>Discord confirms that it collects large amounts of sensitive user data</h3>
<p>
Discord explicitly confirms in its privacy policy<sup><a href="#1">[1]</a></sup> that it collects the following information:
</p>
<ul>
<li>IP Address</li>
<li>Device UUID</li>
<li>User's e-mail address</li>
<li>All text messages</li>
<li>All images</li>
<li>All VOIP data (voice chat)</li>
<li>Open rates for e-mail sent by Discord</li>
</ul>
<p>
Discord does not explictly confirm that it collects this information, but still collects it by default:
</p>
<ul>
<li>Logs of all of the other programs that are open on your computer</li>
</ul>
<p>
The implications of this information can be broken down like this: By
recording your IP address, Discord can track your general location
(about as precise as which county you are in). Discord can also tell
which devices you use, as it uniquely identifies each device, and how
much you use those devices, as it can record your device usage habits
(since Discord is usually open in the background so that it can receive
messages). Discord also records every single interaction you have with
other users through its service. This means that Discord is confirmed
to log every conversation that you have through Discord, and record
everything that you say on Discord, and view all images that you send
through Discord. Therefore, none of your interactions on Discord are
private. Discord's privacy policy also contains several occurrences of
phrases such as "including but not limited to," which is an explicit
confirmation that Discord contains more spyware features that are not
disclosed to the user.
</p>
<h3>Discord contains features which allow integration with other spyware platforms</h3>
<p>
Discord contains the opt-in spyware feature known as "social media
integration." This allows you to sync your persistent user identity
on Discord with your persistent user identity on other spyware
platforms, such as Facebook and Twitter. In its privacy policy<sup><a href="#1">[1]</a></sup>,
Discord has confirmed that if you opt in to this spyware feature,
Discord will obtain an undisclosed amount of access to information
obtained about you by the spyware platforms that you choose to sync
with.
</p>
<h3>Discord contains a process logger</h3>
<p>
Discord has been confirmed to monitor the open processes on your
operating system. This is a spyware feature known as a "process logger"
that is generally used to record your program usage habits. This was
confirmed by the CTO of Discord in a Reddit thread.<sup><a href="#2">[2]</a></sup>
In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is
mandatory for several features of the platform. The CTO and a Discord engineer go on
to claim that Discord does not use the process logger to send records
of the open processes on the user's computer.
</p>
<p>
The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with
the features: "Use data to customize my Discord Experience" and "Display currently running game as a status message"
turned off. Discord did <font color=lime><b>NOT</b></font> log all of the processes open this way.
However when setting the "Display currently running game as a status message" turned on, the behavior
described in<sup><a href="#2">[2]</a></sup> was replecated. You can see that behavior here:
</p>
<img src="/images/discord_process_logging.png" alt="Discord process logging as described in [2] confirmed with procmon">
<p>
It turns out that this feature <font color=lime><b>can be disabled through the UI.</b></font> Because of the nature of closed-source
software it isn't possible for either this article or the Discord developers to prove how much information is being sent to
Discord's servers when the process logger is turned on. But it's at least possible to turn it off.
</p>
<h3>Discord uses it's process logging for advertising</h3>
<p>
Discord shows this in it's privacy option here:
</p>
<img src="/images/discord_data.png" alt="Discord process logging usefulness">
<p>
That the process logging features of Discord are now being recorded on Discord's servers as a form of telemetry (spyware),
and removes speculation about why this feature exists. It is clarified by Discord that this spyware feature is used for advertising
to it's users.<sup><a href="#8">[8]</a></sup> This means that Discord is <font color=red><b>recording the programs you have open to build
a statistical model of what programs you might buy/lisence in the future.</b></font>
</p>
<img src="/images/discord_2.png" alt="Discord confirms process logging is used for advertising">
<h3>Discord tries to force some users to give their Telephone numbers</h3>
<p>
Discord will lock users out of it's service and will not allow them to continue using it without giving their phone number or contacting Discord
support. This kind of feature is designed to extract very personal information out of it's users (phone numbers). The criteria for locking out
users isn't known.
</p>
<img src="/images/discord_verify.png" alt="discord phone verification">
<h3>Discord receives government requests for your information</h3>
<p>
Discord has confirmed in an email correspondence<sup><a href="#6">[6]</a></sup>
that it does receive government requests for information. So, we know
that the government potentially has access to all of the information
that Discord collects about you. You can read a copy of the email image
posted in the source <a href="https://spyware.neocities.org/images/discord%20government%20requests.png">here</a> in case the link there dies.
</p>
<hr>
<h2>Speculation on Discord's future</h2>
<p>
It's unknown whether Discord currently is or isn't selling user information. Currently Discord has been able
to consistently raise new invesment capital, which is at a level where it could reasonably be covering
all of its operating costs. However, Discord, like any other company, is not going to exist in a
constant state of investment. Discord is going to have to transition away from an investment-financed
business model to a revenue model that exclusively relies on generating revenue from the users of the
platform.
</p>
<p>
Discord has several ways of making money. It can lisence emoji's and other features of the program with
Discord Nitro<sup><a href="#5">[5]</a></sup>, or it can make money lisencing video games through it's
new online store, as a competitor to <a href="/articles/steam.html">Steam</a>. However both of these revenue
sources may not be enough. Discord has raised $279.3 million dollars<sup><a href="#4">[4]</a></sup>
and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back)
</p>
<p>
If Discord is not able to satisfy it's obligation to it's investors, it has a third option- selling user information
to advertisers. Discord is already datamining it's users to produce it's recommendation system,<sup><a href="#8">[8]</a></sup> which means that it
is already turning it's userbase into extremely valueble, sellable, advertising data. Discord has 130 million users<sup><a href="#7">[7]</a></sup>,
and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy.
This is incredibly valueble information that Discord can sell if it cannot reach it's profit obligations with it's current
revenue model. If Discord is a successful games store, then it wont need to do this. But if Discord gets in financial trouble,
it probably will be forced to liquiate this asset.
</p>
<hr>
<h2>Further Reading</h2>
<a href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_dont_let_friends_use_discord_the/">Friends Don't Let Friends Use Discord</a>
<a href="https://archive.is/Q4N9J">[archive.is]</a><br>
<a href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">Help Me, Tom's Guide: Is Discord Tracking Me?</a>
<a href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">[archive.is]</a><br>
<a href="https://www.hooktube.com/watch?v=cn4CENr5NV0">Why Discord is Trash</a><br>
<a href="https://www.hooktube.com/watch?v=QN_6AZT92pU">Why You Shouldn't Use Discord</a><br>
<a href="http://subvert.pw/res/discord.pdf">THE DISCORD SITUATION</a>
<a href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf">[web.archive.org]</a><br>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://discordapp.com/privacy">Discord Privacy Policy</a>
<a href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy">[web.archive.org]</a>
<a href="http://archive.is/20180515102020/https://discordapp.com/privacy">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">Why is Discord recording our open programs and uploading them?</a>
<a href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">[web.archive.org]</a>
<a href="https://archive.li/qFcQA">[archive.is]</a><br>
<a name="3">3.</a>
<a href="https://discordapp.com/company">Discord</a>
<a href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company">[wayback.archive-it.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="4">4.</a>
<a href="https://www.crunchbase.com/organization/discord">Crunchbase</a>
<a href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord">[web.archive.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="5">5.</a>
<a href="https://discordapp.com/nitro">Discord Nitro</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="6">6.</a>
<a href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">Discord receives government requests. No plans on adding E2E Encryption any time soon.</a>
<a href="https://archive.is/JrdJ9">[archive.is]</a>
<a href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">[web.archive.org]</a><br>
<a name="7">7.</a>
<a href=" https://www.statista.com/statistics/746215/discord-user-number/">Number of registered Discord users</a>
<a href="http://web.archive.org/web/20181119040747/https://www.statista.com/statistics/746215/discord-user-number/">[web.archive.org]</a><br>
<a name="8">8.</a>
<a href="https://support.discordapp.com/hc/en-us/articles/360004109911">Data Privacy Controls</a>
<a href="http://web.archive.org/web/20181201004455/https://support.discordapp.com/hc/en-us/articles/360004109911">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 4/11/2019
</b></p>
<p><b>
This article was created on 11/23/17
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body></html>

143
articles/discord_es.html Normal file
View File

@ -0,0 +1,143 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Discord</h1>
<p><a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/discord.html">English Translation</a><br>
Mirrors:
<a href=" https://qorg.xyz/spyware/discord.cgi">[qorg.xyz]</a>
<a href="http://qorglaofrwqdj4is.onion/spyware/discord.cgi">[qorglaofrwqdj4is.onion]</a>
<a href="http://web.archive.org/web/20181118194244/https://qorg.xyz/spyware/discord.cgi">[web.archive.org]</a>
<a href="http://archive.is/7T29F">[archive.is]</a></p>
<img src="/images/discord_logo.png" alt="Discord-Logo">
<p>
Discord es un programa de mensajería instantanea disponible para MacOS, GNU/Linux, Android, Windows, Android e iOS.
Discord puede usarse para comunicarse vía voz y chat de texto, también se puede usar para compartir archivos e imágenes.
</p>
<h2>Nivel de Spyware: <font color="red">EXTREMADAMENTE ALTO</font></h2>
<p>
Discord es spyware por que recolecta toda la información que pasa por su plataforma de comunicacón. Discord es una plataforma de comunicaión centralizada, todas las comunicaciones deben ir por los servidores oficiales de Discord. Donde toda la información puede ser grabada, la gran mayoría de la información dada esta confirmada. Taén se ha confirmado que Discord usa mas spyware como formas de telemetría. La mayor fuente de ingresos de discord, que ha recibido $129 millones de dolares. Discord no puede ser compilado por que no es un programa libre.
<p>
Discord no hace su código fuente disponible.
</p><p>
Es imposible descargar y examinar el código fuente de Discord, lo que hace imposible probar queDiscord no es spyware. Cualquier programa que no haga su código fuente disponible es potencialmente spyware
</p><p>
Discord confirma que recolecta varia información de los usuarios.
</p>
<h3>Discord does not make its source code available</h3>
<p>
It is impossible to download and examine Discord's source code,
which means that it is impossible to prove that Discord is not
spyware. Any program which does not make its source code available is
potential spyware.
</p>
<h3>Discord confirma en su política de privacidad <sup><a href="#1">[1]</a></sup> que recolecta la siguiente información</h3>
<ul>
<li> Direccion IP
<li> UUID del dispositivo
<li> E-Mail del usuario
<li> Todos los mensajes de texto
<li> Todas las imagenes
<li> Todas los mensajes de voz (Las llamadas)
<li> Los E-mails mandados por discord
</ul>
<p>
Discord no confirma que recolecta esta informacion, pero lo hace
</p>
<ul>
<li>Lista de todos los programas que estan abiertos en tu ordenador
</ul>
<p>
La siguiente información puede usarse para:
Saber donde vives (El pais exacto)
Discord puede decir exactamente en que dispositivo estás
Puede saber todo lo que hace (Pues incluso en movil, discord corre en segundo plano, para recibir mensajes)
Discord tambien recolecta la información que le pasas a otros usuarios. Esto significa que Discord puede ver los mensajes, imagenes, y archivos enviados.
En otras palabras, ninguna conversacion mantenida en discord es privada.
</p>
<h3>Discord tambien tiene integración con otras plataformas de Spyware</h3>
<p>
Discord contiene "opt-in" conocido como "Integración con redes sociales" Esto hace que Discord sepa de tu identidad.
Plataformas como Facebook y Twitter, en su politica de privacidad. Discord confirma que si lo vinculas a el mismo, Discord obtendrá datos de tus redes sociales.
</p>
<h3>Discord contiene un listado de procesos.</h3>
<p>
Está confirmado que discord tiene un monitor para ver los procesor que que corren en tu sistema operativo. Este spyware es conocido como "Listador de procesos"
Se usa mas que nada para grabar tus habitos de uso de programas.
</p>
<p>
Esto ha sido confirmado por el CTO de Discord en un hilo de Reddit<sup><a href="#2">[2]</a></sup>
En el mismo hilo, el CTO admite que es obligatorio este spyware y no puede ser removido. El CTO y un ingeniero de Discord dice que no es spyware, pero no puede ser confirmado.
</p>
<h3>La mayoria de ingresos de discord viene de vender datos.</h3>
<p>
Discord esta esclusivamente confiado en la informacion que los usuarios generan. Esto significa que la mayor fuente de ingresos es recolectar datos de usuarios, otras fuentes son secundiaria. Discord tiene 4,2 millones de usuarios en su plataforma<sup><a href="#3">[3]</a></sup> sin otras inversiones, esto es casi toda el dinero generado por la mineria de datos de sus usuarios, discord tiene $129 millones de dolares en inversion <sup><a href="#4">[4]</a></sup> desde 2012. Discord tiene 45 millones de usuario, por lo que pueden recolectar MUCHISIMOS datos. El "Principal" medio de llegada de Ingresos de discord es Nitro<sup><a href="#5">[5]</a></sup> realisticamente, no puede ser la principal
fuente de ingresos de discord, especialmente por que Nitro es relativamente reciente.</p>
<h3>Discord recibe peticiones de gobierno para tu informacion</h3>
<p>
Discord ha confirmado de una de sus correspondencia de E-mail <sup><a href="#6">[6]</a></sup> donde confirma que recibe peticiones del gobierno de informacion, asi que podemos saber que el gobierno tiene toda la informacion que Discord ha recolectado de ti <a href="https://spyware.neocities.org/images/discord%20government%20requests.png">aqui</a>
por si el link muere.
</p>
<hr>
<h2>Mas cosas</h2>
<a href="https://old.reddit.com/r/privacy/comments/8lkb5s/friends_dont_let_friends_use_discord_the/">Friends Don't Let Friends Use Discord</a>
<a href="https://archive.is/Q4N9J">[archive.is]</a><br>
<a href="https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">Help Me, Tom's Guide: Is Discord Tracking Me?</a>
<a href="http://archive.is/20180418204656/https://www.tomsguide.com/us/help-me-toms-guide-discord-permissions,review-5104.html">[archive.is]</a><br>
<a href="https://www.hooktube.com/watch?v=cn4CENr5NV0">Why Discord is Trash</a><br>
<a href="https://www.hooktube.com/watch?v=QN_6AZT92pU">Why You Shouldn't Use Discord</a><br>
<a href="http://subvert.pw/res/discord.pdf">THE DISCORD SITUATION</a>
<a href="https://web.archive.org/web/20180528205030/http://subvert.pw/res/discord.pdf">[web.archive.org]</a><br>
<hr>
<h2>Referencias</h2>
<p>
<a name="1">1.</a>
<a href="https://discordapp.com/privacy">Discord Privacy Policy</a>
<a href="https://web.archive.org/web/20180528052213/https://discordapp.com/privacy">[web.archive.org]</a>
<a href="http://archive.is/20180515102020/https://discordapp.com/privacy">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">Why is Discord recording our open programs and uploading them?</a>
<a href="https://web.archive.org/web/20180410043931/https://www.reddit.com/r/discordapp/comments/43lqyb/why_is_discord_recording_our_open_programs_and/">[web.archive.org]</a>
<a href="https://archive.li/qFcQA">[archive.is]</a><br>
<a name="3">3.</a>
<a href="https://discordapp.com/company">Discord</a>
<a href="http://wayback.archive-it.org/all/20171226205723/https://discordapp.com/company">[wayback.archive-it.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="4">4.</a>
<a href="https://www.crunchbase.com/organization/discord">Crunchbase</a>
<a href="https://web.archive.org/web/20180423015034/https://www.crunchbase.com/organization/discord">[web.archive.org]</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="5">5.</a>
<a href="https://discordapp.com/nitro">Discord Nitro</a>
<a href="http://archive.is/20170724163442/https://discordapp.com/company">[archive.is]</a><br>
<a name="6">6.</a>
<a href="https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">Discord receives government requests. No plans on adding E2E Encryption any time soon.</a>
<a href="https://archive.is/JrdJ9">[archive.is]</a>
<a href="http://web.archive.org/web/20180228033615/https://www.reddit.com/r/privacy/comments/80l8se/discord_receives_government_requests_no_plans_on/">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was created on 11/18/2018<br>
This is a translation of the english article. It may become outdated- compare the dates on both articles.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body></html>

100
articles/dissenter.html Normal file
View File

@ -0,0 +1,100 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Dissenter</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/dissenter_logo.png" alt="Dissenter Logo">
<p>
Dissenter is a web browser and plugin released by the social network company Gab.
</p>
<h2>Spyware Level: <font color="orange">High</font></h2>
<p>
The Dissenter browser is a fork of the <a href="/articles/brave.html">Brave</a> web browser. It phones home to
Brave for autoupdates and safebrowsing, which is hosted by Brave. The default search engine is <a href="/articles/duckduckgo.html">DuckDuckGo</a>.
The browser has two extensions preinstalled. One extension, "Shields", blocks certain advertisment scripts. The other,
"Dissenter" allows you to access the Dissenter social network. This extension phones home to several places whenever you open it,
including Google and Twitter. The Dissenter social network also inherently must collect more information about the user's browsing
habits than the current alternatives that already exist.
</p>
<h3>Phoning home</h3>
<p>
When the Dissenter Browser is started, it will make several connections to Brave's autoupdate services:
</p>
<img src="/images/dissenter_phone_home_1.png" alt="Dissenter Browser phoning home to Brave">
<p>
Every once in a while, the Browser will send a request to Brave's instance of the Google safebrowsing service:
</p>
<img src="/images/dissenter_safebrowsing.png" alt="Dissenter Browser phoning home to Brave">
<p>
<p>
Whenever the Dissenter extension is opened, it will phone home to several companies:
</p>
<img src="/images/dissenter_ext_ph.png" alt="Dissenter Extension phoning home">
<p>
This includes:
</p>
<ul>
<li>Google</li>
<li>Twitter</li>
<li>Doubleclick (Google owned telemetry company)</li>
<li>FontAwesome</li>
<li>Cloudflare</li>
</ul>
<p>
This happens every time the extension is opened.
</p>
<h3>Opt-out telemetry</h3>
<p>
Dissenter will sent crash reports to Gab automatically. This is on by default and you have to opt-out.
</p>
<p><i>
"When Gab crashes, it creates a report that can be sent to us to help us fix whatever caused the problem. This report contains technical information about your computer system which is typically distinctive. You can choose whether to send us these reports. Even if you have chosen to send reports in the past, you can turn off future reports in settings. Crash reports may contain personal information."
</i> <sup><a href="#1">[1]</a></sup>.</p>
<h3>Dissenter bypasses it's own tracker filter</h3>
<p>
Dissenter comes with it's own content blocker called Shields that is meant to block trackers as you browse the web.
This content blocker can block requests made by regular websites, but it does not block content that
is loaded by the Dissenter extension. The Dissenter extension makes requests to trackers that would have been
blocked by it's own filter- by it's <b><font color=yellow>own standards</font></b> Dissenter makes connections to
tracking websites that are not necessary and not private. The spyware site <code>googleads.g.doubleclick.net</code>
is correctly blocked by Shields when a normal website tries to access it, but this connection is not blocked when Dissenter accesses it...
This is an interesting double standard when it comes to privacy.
</p>
<img src="/images/sheilds_blocking.png">
<hr>
<h2>Inherent issues with Dissenter</h2>
<p>
Dissenter has the inherent problem that it associates the web pages you have visited with the discussions you are having or trying to have.
If you want to check an article's comments on Dissenter, you have to tell Gab that you visited that article. This gives Gab a very good profile
of what sites you visit and what articles you read. Currently alternatives exist to this model that are already in place. For example, you can
create a thread on an Imageboard, Reddit-like website, or other web forum format, which sets an archived link to the article as the topic of discussion.
This format is much more private because the parties involved have much less information about what their users did. The news website has no
idea who read it's article, because the traffic went to the archival service. The forum that you can freely comment on also doesn't know what
articles you looked at or what discussions you tried to have. If we only consider privacy, this method is a somewhat better way of acheiving this goal.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://dissenter.com/about/privacy-policy">Dissenter Privacy Policy</a>
<a href="http://web.archive.org/web/20190516235423/https://dissenter.com/about/privacy-policy">[web.archive.org]</a>
<a href="http://archive.fo/A6AgI">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/24/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 license to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

81
articles/duckduckgo.html Normal file
View File

@ -0,0 +1,81 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>DuckDuckGo</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/articles/duckduckgo_es.html">Spanish Translation</a></p>
<img src="/images/ddg_logo.png" alt="DuckDuckGo logo">
<p>
DuckDuckGo is a search engine created by Gabriel Weinberg and owned by Duck Duck Go, Inc.
</p>
<h2>Spyware Level: <font color=greenyellow>Possible Spyware</font></h2>
<p>
DuckDuckGo is a search engine that claims to protect the privacy of its users.<sup><a href="#1">[1]</a></sup> Since this a centeralized service, there is no way to prove that it isnt spyware just by
looking at the technology that it uses. There are some red flags that could cause you to doubt that this service is truly private, and so this article will just list them
here to help you decide on whether or not to use this service. Ultimately there isn't proof that DuckDuckGo is spyware- but a few reasons to suspect it of being spyware. Even though, it's worth noting that
DuckDuckGo <b><font color="lime">offers an onion domain</font></b>... so you don't need to trust it to use it as long as you acess it through TOR.
</p>
<h3>DuckDuckGo is hosted in the USA</h3>
<p>
Since the US Government has been known to compromise services similar to DuckDuckGo, its reasonable to fear that it might compromise DuckDuckGo.<sup><a href="#2">[2]</a></sup><sup><a href="#3">[3]</a></sup> We dont know if DuckDuckGo has
been compromised by the US Government, but we do know that it is not a difficult task for the US Government to do that.
</p>
<h3>DuckDuckGo has violated its privacy policy in the past</h3>
<p>
DuckDuckGo is not consistent with its prviacy policy and has directly violated it before.<sup><a href="#2">[2]</a></sup> If a service cannot follow its own privacy policy, then you can't expect it to protect
your privacy.
</p>
<h3>Tracking pixels and other spyware</h3>
<p>
DuckDuckGo uses clear gifs from the domain <code>improving.duckduckgo.com</code>. This is a tracking technique and can be used to collect analytics about your web browser.
Whenever you use DuckDuckGo, several requests will be sent to this domain.<sup><a href="#4">[4]</a></sup> This is of course not the kind of behavior that you would expect from a privacy concerned website, but there it is. Do you trust DuckDuckGo to collect "anonymous" analytics about you?
</p>
<hr>
<h2>Futher Reading</h2>
<p>
<a href="https://8ch.net/tech/ddg.html">/tech/ FAQs - DuckDuckGo</a>
<a href="https://web.archive.org/web/20180613130204/https://8ch.net/tech/ddg.html">[web.archive.org]</a>
<a href="http://archive.is/20150624075735/https://8ch.net/tech/ddg.html">[archive.is]</a>
<a href="http://www.webcitation.org/6i47Oqe9i">[www.webcitation.org]</a><br>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://duckduckgo.com/privacy">DuckDuckGo Privacy Policy</a>
<a href="http://www.webcitation.org/6HQhjFsqo">[www.webcitation.org]</a>
<a href="http://arquivo.pt/wayback/20150815202623/https://duckduckgo.com//privacy">[arquivo.pt]</a>
<a href="https://archive.is/Pw6og">[archive.is]</a><br>
<a name="2">2.</a>
<a href="http://www.alexanderhanff.com/duckduckgone">Still trust DuckDuckGo? (dead link)</a>
<a href="https://archive.is/qntuk#selection-227.0-243.124">[archive.is]</a>
<a href="http://web.archive.org/web/20160224072914/https://archive.is/qntuk">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="/translations/duckduckgo_article.html">DuckDuckGo: The mistaken belief of the NSA-safe search engine</a>*<br>
<a name="4">4.</a>
<a href="https://duck.co/help/privacy/atb">Site Improvements</a>
<a href="http://web.archive.org/web/20180909162803/https://duck.co/help/privacy/atb">[web.archive.org]</a><br>
</p>
<p>
*This is a machine-translated mirror of an article written in German hosted here. Links to the original article can be found on that page.
</p>
<hr>
<p><b>
This article was last edited on 9/16/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

63
articles/duckduckgo_es.html Normal file
View File

@ -0,0 +1,63 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>DuckDuckGo</h1>
<p><a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/duckduckgo.html">English Translation</a></p>
<img src="/images/ddg_logo.png" alt="">
<p>DuckDuckGo es un motor de busqueda creado por Gabriel Weinberg y mantenido or Duck Duck Go, inc</p>
<h3>Nivel de spyware: <font color=greenyellow>Posiblemente spyware</font></h3>
<p>DuckDuckGo es un motor de busqueda que jura proteger la privacidad de sus usuarios <sup><a href="#1">[1]</a></sup>debido a que es un servicio sentralizado, no es posible saber si es spyware viendo la tecnologia que usa. hay algunos avisos para dudar si es realmente privado. Este artículo es solo para hacerte decidir si usar o no este servicio. Ultimamente no hay prueba de que DuckDuckGo es spyware. Pero hay algunas razones para sospechar de ser spyware, de todas formas, esta bien saber de que DuckDuckGo <b><font color=lime>Ofrece un dominio onion</font></b> asi que no debes dudar en usarlo si estás en TOR</p>
<h3>DuckDuckGo está alojado en Estados Unidos</h3>
<p>Desde que el gobierno de Estados Unidos manipula servicios similares a DuckDuckGo, Es posible que tambien haya manipulado a DuckDuckgo<sup><a href="#2">[2]</a><a href="#3">[3]</a></sup> Nosotros no sabemos si DuckDuckGo ha sido manipulado por el Gobierno de EEUU, pero si sabemos que es fácil para ellos hacerlo</p>
<h3 style="color:red;">DuckDuckGo ha violado su política de privacidad en el pasado</h3>
<p>Se sabe que DuckDuckGo no ha cumplido con su política de privacidad en el pasado <sup><a href="#2">[2]</a></sup>Si un servicio no puede seguir su propia política de privacidad, entonces no puedes esperar que protegan tu privacidad</p><h3>Seguimiento de pixeles y otro spyware</h3>
<p>DuckDuckGo usa gifs en blanco para el dominio improving.duckduckgo.com esta es una técnica de seguimiento que puede ser usada para recolectar estadísticas de tu navegador. En cualquier caso, si usas DuckDuckGo enviara varias peticiones a ese dominio<sup><a href="#4">[4]</a></sup>Esto no es, por supuesto, el tipo de comportamiento que esperas de un servicio que jura proteger tu privacidad</p>
<h2>Mas</h2>
<p>
<a href="https://8ch.net/tech/ddg.html">/tech/ FAQs - DuckDuckGo</a>
<a href="https://web.archive.org/web/20180613130204/https://8ch.net/tech/ddg.html">[web.archive.org]</a>
<a href="http://archive.is/20150624075735/https://8ch.net/tech/ddg.html">[archive.is]</a>
<a href="http://www.webcitation.org/6i47Oqe9i">[www.webcitation.org]</a><br>
</p>
<hr>
<h2>Referencias</h2>
<p>
<a name="1">1.</a>
<a href="https://duckduckgo.com/privacy">DuckDuckGo Privacy Policy</a>
<a href="http://www.webcitation.org/6HQhjFsqo">[www.webcitation.org]</a>
<a href="http://arquivo.pt/wayback/20150815202623/https://duckduckgo.com//privacy">[arquivo.pt]</a>
<a href="https://archive.is/Pw6og">[archive.is]</a><br>
<a name="2">2.</a>
<a href="http://www.alexanderhanff.com/duckduckgone">Still trust DuckDuckGo? (dead link)</a>
<a href="https://archive.is/qntuk#selection-227.0-243.124">[archive.is]</a>
<a href="http://web.archive.org/web/20160224072914/https://archive.is/qntuk">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="/translations/duckduckgo_article.html">DuckDuckGo: The mistaken belief of the NSA-safe search engine</a>*<br>
<a name="4">4.</a>
<a href="https://duck.co/help/privacy/atb">Site Improvements</a>
<a href="http://web.archive.org/web/20180909162803/https://duck.co/help/privacy/atb">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was translated on 1/15/2019<br>
This translation may become out of date. Compare dates with the english article.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

45
articles/example.html Normal file
View File

@ -0,0 +1,45 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Example Article</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/example_logo.png" alt="Images are in the /images folder">
<p>
This part of the article should have the name of the program and what it does, and who develops it.
</p>
<h2>Spyware Level: <font color="lime">Not Rated</font></h2>
<p>
A breif explanation of what the software does, and a summary of the rest of the article, should go here. This paragraph is for readers
who don't want to read the entire article and it should assert all of the things that the rest of the article proves below.
</p>
<h3>Spyware Feature X</h3>
<p>
This program has spyware feature X in it. There should be some kind of proof here. If it doesn't contain original research, the source
should be cited like this: <sup><a href="#1">[1]</a></sup>.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://example.com/">Example Source</a>
<a href="http://web.archive.org/web/20180729230956/http://example.com/">[web.archive.org]</a>
<a href="http://archive.is/tgJjl">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 7/30/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 license to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

57
articles/explorer.html Normal file
View File

@ -0,0 +1,57 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Internet Explorer</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/ie_logo.png" alt="Internet Explorer Logo">
<p>
Internet Explorer is a Web Browser distributed by Microsoft with most versions of the Microsoft Windows Operating system.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Internet Explorer contains many serious spyware features, however all of these features appear to be "opt-out" features. It is not verified whether or not opting out will actually disable all of these features, or if there are other spyware features that are not known which cannot be opted out of. Internet Explorer can record your search history and location, and report that information to Microsoft. Internet Explorer is not the worst spyware, but it is still loaded with spyware features that can mine serious information from users.
</p>
<h3>Internet Explorer does not have available source code</h3>
<p>
Internet Explorer cannot be built from available source code. This means that it is impossible to prove that it is not a spyware program or that it does not have unknown spyware features inside of it.
</p>
<h3>Internet Explorer is self-updating software</h3>
<p>
Internet Explorer can be updated through spyware programs such as Windows Update<sup><a href="#1">[1]</a></sup>. Automatic software updates are a spyware feature becuase they cannot be verified to be non-spyware by the user. Luckily, this spyware feature is opt-out and can be turned off.
</p>
<h3>Internet Explorer sends your search history to Microsoft</h3>
<p>
Internet Explorer contains a spyware feature called "flip ahead"<sup><a href="#1">[1]</a></sup>. Flip ahead will periodically send your browsing history to Microsoft. This spyware feature is opt-out and can be disabled. Microsoft claims that the information it recevies is encrypted to protect user privacy and santized to prevent personal information from being stored. This is unverifiable. Microsoft confirms that it does use the information obtained from flip ahead to build statstical models of your browsing habits. Other spyware features such as "Smartscreen filter", and "Suggested Sites" also confirm that they send your internet history to Microsoft.
</p>
<h3>Internet Explorer can track your location</h3>
<p>
Internet Explorer has the spyware feature commonly referred to as "location services", which is a feature that allows it to track the location of the user. The privacy statement<sup><a href="#1">[1]</a></sup> explains that your location is obtained through a "Microsoft Location Service". Which means that your location is sent to a Microsoft server. Microsoft does not elaborate on what it does with this data or whether it stores this data. This spyware feature is opt-out.
</p>
<h3>Internet Explorer has an anti-privacy search engine by default</h3>
<p>The default search engine is <a href="/articles/bing.html">Bing</a> which datamines its users and sells that information to advertisers.</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://privacy.microsoft.com/en-us/ie10-win8-privacy-statement">Internet Explorer 10 privacy statement</a>
<a href="http://webarchive.loc.gov/all/20160915190335/https://privacy.microsoft.com/en-us/ie10-win8-privacy-statement">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20180509170237/https://privacy.microsoft.com/en-us/ie10-win8-privacy-statement">[web.archive.org]</a>
<a href="https://archive.is/EnsRH">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last updated on 2/18/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

37
articles/falkon.html Normal file
View File

@ -0,0 +1,37 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Falkon</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/falkon_logo.png" alt="falkon Logo">
<p>
Falkon is a KDE web browser using QtWebEngine rendering engine, previously known as QupZilla.
</p>
<h2>Spyware Level: <font color=lightgreen>Probably Not Spyware</font></h2>
<p>
When another contributor tested this browser on linux, it made <font color=lime><b>no unsolicied connections.</b></font> When I ran it on windows, it connected to
a domain unrelated to the homepage (duckduckgo). But, i'm not sure what it was for, and it wasn't reproduced on linux. This browser is probably fine, but
you should run your own tests and email me about what you found or didn't find.
</p>
<h3>Phoning Home?</h3>
<p>
On the first run of Falkon, using the 32-bit windows version, it connected to these addresses, even though I was on it's homepage, which seems to be
locally stored because it does not create any requests when I go to it normally. I don't know what these are for.
Maybe it's a form of phoning home? The first IP is for the domain: github.map.fastly.net which seems to be part of a CDN.
</p>
<img src="/images/falkon_firstrun.png" alt="Is falkon phoning home?">
<hr>
<p><b>
This article was last edited on 8/24/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

268
articles/firefox.html Normal file
View File

@ -0,0 +1,268 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Mozilla Firefox</h1>
<p>
<a href="/articles">Back to catalog</a><br>
<a href="/guides/firefox.html">Mitigation Guide</a>
</p>
<img src="/images/firefox_logo.png" alt="Firefox logo">
<p>
Mozilla Firefox is one of the most popular and longest existing
browsers. Its developers have earned it a reputation for being a "privacy and security-based browser, respecting the user" - but is it justified, or just marketing? In fact, over the years they have made several anti-privacy (and generally anti-user) decisions, but this article will focus exclusively on spying. Version tested: 52.5.0, with the default settings. Program used for testing requests: Mitmproxy.
</p>
<p>
<h2>Spyware Level: <font color=orange>High</font></h2>
After following the <a href="/guides/firefox.html">mitigation guide</a>, this software is <font color=lime><b>Not Spyware</b></font>.
</p>
<p>It sends a lot of different data very often (some of which could
uniquely identify you). All the "services" that it provides, such as
its default search engines and Pocket, are anti-privacy. The rating isn't higher
because at least you can turn off or modify most of it, though
it often requires diving deep into about:config.</p>
<h3>Phoning home</h3>
<p>
Whenever you start Firefox, it makes this request: <br><img src = "/images/request.png"><br> In fact, it makes it every time you go to a website, and even a few times in a row for a single website. So Firefox "phones home" all the time, without your knowledge. <b><font color=orange>Can be disabled ONLY in about:config</font></b>. But, since you've already started Firefox, it will make this request at least once.
</p>
<h3>Automatic connections to some websites you've visited, including their trackers</h3>
<p>
Websites you visit most often are added to the New Tab panel. When you then open a new tab, Firefox will sometimes make requests to the sites in there, including some of their trackers. I haven't determined how it works yet. Sometimes it doesn't make the requests at all; other times you end up with hundreds of images, scripts, trackers, etc. loaded simply because you opened a new tab (without visiting any website explicitly).
<b><font color=red>Was NOT able to find a way to disable this</font></b>, even in about:config.
</p>
<h3>Firefox tracks users with Google Analytics</h3>
<p>
Firefox has been integrated with the spyware platform called "Google Analytics"<sup><a href="#1">[1]</a></sup>. Firefox has been confirmed to now send analytics to Google. According to a Firefox developer the spyware in Firefox is "extremely useful to us and we have already weighed the cost/benefit of using tracking." and that Firefox will not remove Google Analytics support entirely. Firefox's position on privacy is made very clear with this quote:
</p>
<p><i>"Wanted to address your position though:
We don't give the "data directly to Google". See the discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=858839. The short version is:
tl;dr: We now have an option to opt-out of Google doing anything with the data that Google Analytics collections on Mozilla websites. GA tracking is anonymous and at the aggregate level and we use it to improve the experience of our websites.
We are collecting aggregate and non-identifiable data in numbers to ensure our development/UX changes are met well. We can respect privacy and still have analytics; in fact Mozilla's aim is for an experience that values user privacy and usability (I'd say Apple also wants UX that fits that mold, as an example). We need some data, anonymised and aggregated, to do this.
"</i></p>
<p>
The best takeaway to this is that Mozilla wants to pretend that including spyware in their program is somehow not a breach of privacy, and that Firefox could possibly be respecting user privacy while simultaneously collecting data on users and sending it to Google. It's strongly suggested to read the github thread and the further anti-privacy statements the Mozzilla employee makes while defending the spyware features in Firefox. It's very dangerous to assert that there is somehow a middle ground between respecting user privacy and datamining the user.
</p>
<h3>"Safe" Browsing?</h3>
<p>
Allegedly used to protect you from "phishing" websites, but in the end, it makes a bunch of requests to Google every 30 minutes (according to Mozilla), including a POST request with your Firefox version and a unique, persistent, hidden cookie. Since whenever the current URL matches an entry in the cached local blacklist a request is made to Google servers, ostensibly to test whether that website is still on the master online blacklist, it allows Google to monitor specific websites transparently to the user by putting the URLs of interest on the local but not the online blacklist. <br><img src="/images/safe_browsing.png"><b><font color=orange>Can be disabled ONLY in about:config.</font></b>
</p>
<h3>Firefox Health Report</h3>
<p>
From the horse's mouth: "For example, FHR sends data to Mozilla on things like: operating system, PC/Mac, number of processors, Firefox version, the number and type of add-ons. The data collected by FHR is tied to a Document ID that corresponds to a browser installation (explained above in question #4) so that the data can be correlated across a limited window of time."<sup><a href="#2">[2]</a></sup> Also, according to Mozilla, new versions of Firefox will also collect telemetry data by default. <b><font color=lime>Can be disabled through the GUI.</font></b>
</p>
<h3>Anti-privacy search engines by default</h3>
<p>Old versions of Firefox had Google as the default search engine,
which is obviously anti-privacy. For example, from their privacy
policy: "When you use our
services or view content provided by Google, we automatically collect
and store certain information in server logs. This includes: details
of how you used our service, such as your search queries.". Then, it
was Yahoo, which isn't better: "The Yahoo Search History tool allows
you to see what you've searched for in the past. ". So it saves all
your searches. And deleting does nothing: "Even if you clear your
past searches or turn the Search History tool off, Yahoo still
collects and stores search user log data when you use Yahoo Search
technology." Firefox 57 is going back to Google again. If they really
cared about your privacy, the default search engine would be
StartPage (which gives the same results as Google, but anonymized) or
DuckDuckGo. <b><font color=lime>Can be changed through the GUI.</font></b>
</p>
<h3>Pocket - a privacy nightmare</h3>
<p>
Firefox has a Pocket button in its navigation bar, which allows you
to "save any article, video or page from Firefox" and "View in Pocket
on any device, any time." Let's see how it looks in terms of privacy
- quoting from Pocket's privacy policy<sup><a href="#3">[3]</a></sup>:
"In addition to the information that you provide to us when you
register for a user account, we collect information about the URLs,
titles and content of the web pages and other information you save to
Pocket." So everything you conveniently put in "your" Pocket is
being stored (of course, otherwise Pocket wouldn't work). "The types
of information we collect includes your browser type, device type,
device id, time zone, language, and other information related to the
manner in which you access the Pocket Technologies. " So anytime you
view a file in "your" Pocket, they know everything about the device
you used to do it. "We may also use "pixel tags," "web beacons,"
"clear GIFs" or similar means (individually or collectively "Pixel
Tags") in connection with emails that we send to our users in order
to collect usage data." So, they are acting like any old tracking
website, even in ways that have nothing to do with their
functionality. "We may also share your device ID with third parties
in connection with advertising campaigns. " And they work with
advertisers too! Describing all of Pocket's
violations would take up this whole article. There are similar services with better privacy policies, but in the end, they still store the things you view in "the cloud". A real privacy-based browser would not be integrated with them by default.
</p>
<font color=yellow> <b>Can be disabled in about:config</b></font><sup><a href="#8">[8]</a></sup>
<h3>Automatic updates</h3>
<p>
Not that bad compared to all of the above, I guess - but still
installs something without your consent, with possible new privacy
nightmares in there. There is no excuse to at least not make "Check for updates, but
let me choose whether to install them" the default - it would still
give the security benefit, but not take control away from the user.
<b><font color=lime>Can be disabled through the GUI.</font></b>
</p>
<h3>Other issues</h3>
<p>
Firefox also sometimes makes a request to "self-repair.mozilla.org" which looks like this:
<br><img src="/images/self_repair.png">
It includes "optimizelyEndUserID" which probably means it
<b>uniquely identifies you. </b><b><font color=orange>Can be disabled ONLY in about:config.</font></b><sup><a href="#7">[7]</a></sup><br>
It also makes this request every time you open the default home page:
<img src = "/images/request2.png"><br>
The number after the Firefox version is, again, <b>uniquely
identifying</b><sup><a href="#4">[4]</a></sup><b><font color=orange> Can be disabled ONLY in about:config.</font></b>
<br>
Firefox has a file with list of blocked addons that it considers "malicious" and it makes a request to update it every day (even if you don't have any addons installed). <img src = "/images/blocklist.png"> The request includes a <b>uniquely identifying</b> browser installation ID. <b><font color=orange>Can be disabled ONLY in about:config.</font></b>
</p>
<h3>Firefox phones home about almost every single interaction you have with its UI</h3>
<p>
Firefox will send information about almost every basic operation that you do back to Mozilla. This is tagged with a unique client ID and an ID for your current session, and any relevant information related to this action.
<b><font color=red>By default, the following uses of the UI are reported to Mozilla<sup><a href="#5">[5]</a></sup>:</font></b>
<ul>
<li>Performing a search</li>
<li>Clicking a top site item</li>
<li>Deleting an item from history</li>
<li>Blocking a site</li>
<li>Bookmarking a link</li>
<li>Removing a bookmark from a link</li>
<li>Opening a link in a new window</li>
<li>Opening a link in a new private window</li>
<li>Opening the new tab preferences pane</li>
<li>Closing the new tab preferences pane</li>
<li>Acknowledging a section disclaimer</li>
<li>Adding or editing a new TopSite</li>
<li>Requesting a custom screenshot preview</li>
<li>Session end</li>
<li>Impression stats</li>
<li>Click/block/save_to_pocket ping</li>
<li>Addon initialization failure</li>
<li>Domain affinity calculation</li>
</ul>
<p>
Essentially, while this feature doesn't broadcast your search history to Mozilla, it proives an incedibly detailed walktrhough of exactly how you use Firefox's user interface. This can be disabled and is an opt-out spyware feature. You can disable it through the GUI as described here:
<a href="https://support.mozilla.org/en-US/kb/share-data-mozilla-help-improve-firefox">Share data with Mozilla to help improve Firefox</a>
<a href="http://web.archive.org/web/20181002204159/https://support.mozilla.org/en-US/kb/share-data-mozilla-help-improve-firefox">[web.archive.org]</a>
<a href="http://archive.fo/gkVeb">[archive.fo]</a>
</p>
<h3>Mitigating Firefox Spyware</h3>
<p>
This reveiew is also accompanied by a page about how to configure Firefox to be more privacy respecting, and links to other projects that have been created to solve this
problem. You can read about that <a href="/guides/firefox.html">here.</a> These are some of the flags in about:config mentioned earlier in the article, and the values that
they should be set too:
</p>
<table border background="/images/bg.jpg" style="width:800px">
<tr>
<th>Spyware Feature</th>
<th>about:config flag</th>
<th>about:config value</th>
<th>Source</th>
</tr>
<tr>
<td>Phoning home</td>
<td>network.captive-portal-service.enabled</td>
<td>False</td>
<td><a href="https://support.mozilla.org/en-US/questions/1157121">Turn off captive portal</a>
<a href="https://archive.li/57xdG">[archive.is]</a></td>
</tr>
<tr>
<td>Self-Repair</td>
<td>browser.selfsupport.url</td>
<td>""</td>
<td> <a href="https://support.mozilla.org/en-US/questions/1067502">How can I stop firefox from constantly connecting to self-repair.mozillia.org</a>
<a href="https://archive.li/a17cN">[archive.is]</a></td>
</tr>
<tr>
<td>Pocket</td>
<td>pocket.enabled</td>
<td>False</td>
<td> <a href="https://help.getpocket.com/article/1025-disabling-pocket-in-firefox#firefox">Disable Pocket in Firefox</a>
<a href="https://archive.li/mWBcp">[archive.is]</a></td>
</tr>
</table>
<hr>
<h2>Further Reading</h2>
<p>
<a href="https://jojo-website.neocities.org/privacy.html">firefox "about:config" settings</a>
<a href="http://web.archive.org/web/20180821224202/https://jojo-website.neocities.org/privacy.html">[web.archive.org]</a>
<a href="http://archive.is/eyzdE">[archive.is]</a><br>
</p>
<hr>
<h2>Credits</h2>
<p>
This article was originally written by <a href="https://digdeeper.neocities.org/">digdeeper.neocities.org</a><br>
Formatting changes and some sections were written by the site maintainer.<br>
Other Anonymous contributors have added pther sections and various changes to this article, as well.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://github.com/mozilla/addons-frontend/issues/2785">Google Analytics is used to track users</a>
<a href="https://web.archive.org/web/20180511002156/https://github.com/mozilla/addons-frontend/issues/2785">[web.archive.org]</a>
<a href="https://archive.li/hF6KB">[archive.li]</a>
<a href="https://via.hypothes.is/https://github.com/mozilla/addons-frontend/issues/2785">[via.hypothes.is]</a><br>
<a name="2">2.</a>
<a href="https://blog.mozilla.org/metrics/fhr-faq">FAQ for FHR</a>
<a href="https://web.archive.org/web/20180513014211/https://blog.mozilla.org/metrics/fhr-faq/">[web.archive.org]</a>
<a href="https://archive.li/No9Xo">[archive.li]</a><br>
<a name="3">3.</a>
<a href="https://getpocket.com/privacy?t=privacypolicy">Pocket Privacy Policy</a>
<a href="http://web.archive.org/web/20180410043925/https://getpocket.com/privacy?t=privacypolicy">[web.archive.org]</a>
<a href="https://archive.is/dCa2m">[archive.is]</a><br>
<a name="4">4.</a>
<a href="https://abouthome-snippets-service.readthedocs.io/en/latest/data_collection.html">Snippets Service Data Collection</a>
<a href="https://web.archive.org/web/20180410043926/https://abouthome-snippets-service.readthedocs.io/en/latest/data_collection.html">[web.archive.org]</a>
<a href="https://archive.li/JDXjv">[archive.li]</a><br>
<a name="5">5.</a>
<a href="https://github.com/mozilla/activity-stream/blob/master/docs/v2-system-addon/data_events.md">Metrics we collect</a>
<a href="https://web.archive.org/web/20180530091900/https://github.com/mozilla/activity-stream/blob/master/docs/v2-system-addon/data_events.md">[web.archive.org]</a>
<a href="https://archive.li/aK9Bx">[archive.li]</a><br>
<a name="6">6.</a>
<a href="https://support.mozilla.org/en-US/questions/1157121">Turn off captive portal</a>
<a href="https://archive.li/57xdG">[archive.is]</a><br>
<a name="7">7.</a>
<a href="https://support.mozilla.org/en-US/questions/1067502">How can I stop firefox from constantly connecting to self-repair.mozillia.org</a>
<a href="https://archive.li/a17cN">[archive.is]</a><br>
<a name="8">8.</a>
<a href="https://help.getpocket.com/article/1025-disabling-pocket-in-firefox#firefox">Disable Pocket in Firefox</a>
<a href="https://archive.li/mWBcp">[archive.is]</a><br>
<hr>
<p><b>
This article was last edited on 1/13/2019
</b></p>
<p><b>
This article was created on 11/23/2017
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

24
articles/foobar2000.html Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Foobar 2000</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/foobar_logo.png" alt="foobar Logo">
<p>
Foobar2000 is an advanced freeware audio player for the Windows platform.
</p>
<h2>Spyware Level: <font color=yellow>Not Rated</font></h2>
<p>
Foobar2000 does not make it's source code availible, which could be hiding spyware features.
</p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

27
articles/ftp.html Normal file
View File

@ -0,0 +1,27 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>File Transfer Protocol</h1>
<p><a href="/articles">Back to catalog</a></p>
<p>
FTP is a protocol used for transferring files over a computer network.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
FTP does not collect any information than the absolute minimum needed to provide its service. As such you could say that FTP's information is only incidental to the service it provides. So, FTP is not a spyware protocol. You are only giving up your IP address, which of course is required can be hidden through proxies. FTP requires you to uniquely identify yourself as a user of a system to use its access control features, but beyond that it does not ask you for unncessary information about your computer, unlike the <a href="/articles/http.html">HTTP</a> protocol.
</p>
<hr>
<p><b>
This article was last edited on 5/26/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

51
articles/google.html Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Google</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/google_logo.png" alt="Google logo">
<p>
Google is an advertising company that produces and researches a huge amount of spyware products and services that permeate
the internet almost entirely. It is almost impossible for the naieve user to use the internet without running into Google
spyware, as they have deployed products on almost every level of the user's interaction with the internet infrasturcture.
</p>
<h2>Technology</h2>
<p>
The following articles on this website have been written about technology created by Google:
</p>
<p>
<a href="/articles/chrome.html">Google Chrome</a><br>
<a href="/articles/google_search.html">Google Search</a><br>
<a href="/articles/youtube.html">YouTube</a><br>
</p>
<h2>Privacy Statements and Policies</h2>
<p>
The following documents are an incomplete list of policies Google uses for it's various products and
services when concerning user privacy.
</p>
<p>
<a href="https://policies.google.com/privacy">Google Privacy policy</a>
<a href="https://web.archive.org/web/20181109075525/https://policies.google.com/privacy">[web.archive.org]</a>
<a href="http://wayback.vefsafn.is/wayback/20181009135133/https://policies.google.com/privacy">[wayback.vefsafn.is]</a>
<a href="https://archive.li/U4mQP">[archive.li]</a><br>
</p>
<h2>Further Reading</h2>
<p>
<a href="https://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html">Why Google's Spying on User Data Is Worse than the NSA's</a><br>
<a href="https://stallman.org/google.html">Reasons not to use Google</a><br>
</p>
<hr>
<p><b>
This article was last edited on 11/9/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

101
articles/google_search.html Normal file
View File

@ -0,0 +1,101 @@
<!DOCTYPE HTML>
<html lang="en-us">
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Google Search</h1>
<p>
<a href="/articles">Back to catalog</a><br>
<a href="/articles/google_search_es.html">Spanish Translation</a> <a href="https://qorg.xyz/spyware/google.html">[qorg.xyz]</a><br>
<a href="/articles/google_search_tr.html">Turkish Translation</a><br>
</p>
<img src="/images/google_logo.png" alt="Google logo">
<p>
Google Search is a search engine created and owned by <a href="/articles/google.html">Google</a>.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Google Search collects your personal information and is heavily integrated with other services that collect your personal information.
Google's privacy policy<sup><a href="#1">[1]</a></sup> is written in a way that does not tell you which Google services are
collecting which types of information, and instead ties all of its services into one privacy policy. So the best that can be done is
to assume that by using any of Google's services at all, Google is trying to obtain all of the information detailed.
</p>
<p>
It's also important to note that this article only exists to provide a basic run-down on Google's spying, and is just here for completeness. It
does not at all represent the full extent of Google's breaches of privacy, just because it is not really a secret to anyone that Google collects
your information, so it is really not trying to be very detailed because it would not say anything new.
</p>
<h3>Google Search records your searches</h3>
<p>
Searches made using Google Search are associated with your identity and recorded in Google's servers. From the
privacy policy<sup><a href="#1">[1]</a></sup>, Google makes it clear that:
</p>
<p><i>
"We collect information about the services that you use and how you use them"
</i></p>
<p>
Where "collect information" is clearly stated<sup><a href="#2">[2]</a></sup> as such:
</p>
<p><i>
"This includes information like your usage data and preferences, Gmail messages, G+ profile, photos, videos, <b><font color=red>browsing history</font></b>, map searches, docs, or other Google-hosted content. Our automated systems analyze this information as it is sent and received and when it is stored.
</i></p>
<p>
Google also confirms again that it stores your searches in its servers, in this quote:
</p>
<p>
<i>"When you use our services or view content provided by Google, we automatically collect and store certain information in server logs.
This includes: details of how you used our service, such as your search queries."</i>
</p>
<h3>Google uses your searches to build a profile of your interests, which is sold to advertisers</h3>
<p>
In this page of Google's privacy policy<sup><a href="#2">[2]</a></sup>, Google confirms that
they create profiles of their users interests:
</p>
<p><i>
"For example, we may use...information in your web history cookies to provide you with more relevant search results."
</i></p>
<p>
It's important to note that Google <b>does not</b> think that your search history is personal information, as long as it is not attached to your name.
It does share this information with advertisers, as long as it is "not identifiable":
</p>
<p><i>
"We may share non-personally identifiable information publicly and with our partners like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services."
</i></p>
<h3>Google Search is integrated into the "Google Accounts" spyware platform.</h3>
<p>
Google search allows you to sign-in using an account made on the Google Accounts spyware platform. This platform
exists to collect personal information, and connects its users to other spyware services in the Google ecosystem.
It attempts to collect phone numbers, and helps Google attribute the information it collects though all of its services
to one user, increasing the accuracy of their internal profile of you.
</p>
<hr>
<h2>Further Reading</h2>
<p>
<a href="https://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html">Why Google's Spying on User Data Is Worse than the NSA's</a><br>
<a href="https://stallman.org/google.html">Reasons not to use Google</a><br>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://policies.google.com/privacy">Google Privacy policy</a>
<a href="https://web.archive.org/web/20181109075525/https://policies.google.com/privacy">[web.archive.org]</a>
<a href="http://wayback.vefsafn.is/wayback/20181009135133/https://policies.google.com/privacy">[wayback.vefsafn.is]</a>
<a href="https://archive.li/U4mQP">[archive.li]</a><br>
<a name="2">2.</a>
<a href="https://policies.google.com/privacy/example/collect-information">Google collect information</a>
<a href="https://archive.li/Hthpb">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 12/12/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

64
articles/google_search_es.html Normal file
View File

@ -0,0 +1,64 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Buscador de Google</h1>
<p>
<a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/google_search.html">English Version</a><br>
<a href="/articles/google_search.html">Turkish Version</a><br>
</p>
<img src="/images/google_logo.png">
<p>El buscador de Google es un motor de busqueda creado y mantenido por Google</p>
<h2>Nivel de spyware<font color="red"> EXTREMADAMENTE ALTO</font></h2>
<p> El buscador de Google recolecta tu información personal y está altamente integrado con otros servicios que también recolectan tu información personal. En la política de privacidad de Google<sup><a href="#1">[1]</a></sup> está escrita de mandera que no dice que tipos de información recolectam por lo que miente. Así que lo mejor que puedes hacer, es afirmar que cada vez que usas un servicio de Google es saber que está haciendo lo posible para obtener toda tu información.</p>
<p>También es importante remarcar que este artículo solo da una mínima visión de lo que espía Google. Por lo que no muestra todo detalladamente.</p>
<h3>Google recuerda tus búsquedas</h3>
<p>Las búsquedas hechas en Google estan asociadas a tu identidad y guardada en servidores de Google. La política de privacidad<sup> <a href="#1">[1]</a></sup>indica:</p>
<i>Recolectamos información sobre los servicios que usas y como los usas</i>
<p>Donde "Recolectamos información" indíca<sup><a href="#2">[2]</a></sup></p>
<i>"Esto incluye informacion como tu uso de datos y preferencia, mensajes de Gmail, perfil de Google+, fotos, vídeos, <b><font color="red">historial de navegacion</font></b>, búsquedas de mapas, documentos, o otro servicio dado por Google. Nuestros sistemas automatizados automaticamente analizan esta información cuando son almacenadas".</i>
<p>Google confirma nuevamente que almacena información de búsqueda en sus servidores, en esta cita:</p>
<i>"Cuando usas o vez un servicio que da Google, nosotros automaticamente recolectamos y almacenamos informacion en nuestros registros. Esto incluye: Detalles de como usas nuestro servicio, como tus búsquedas</i>
<h3>Google usa tus búsquedas para crear un perfil basado en tus intereses, el cual es vendido a anunciadores.</h3>
<p>En esta página de la política de privacidad de Google<sup><a href="#2">[2]</a></sup>Google confirma que crea perfiles de sus usuarios.</p>
<i>"Por ejemplo, usaremos está informacion: ... en cookies de tu navegador para proporcionar resultados de busqueda mas relevantes</i>
<p>Es menester hacer hincapié en que a Google no le interesa si tu historial de busquedas contiene información personal, a menos de que tengan tu nombre. Se vende información a anunciadores hasta que no "Sean identificables":</p>
<i>"Posiblemente compartamos información no personal (Que sea identificable) con nuestros compañeros - como publicistas, anunciantes o sitios conectados. Por ejemplo, posiblemente compartamos tu informacion para crear estadísticas de nuestros servicios</i>
<h3>El buscador de Google está vínculado con las "Cuentas de Google"</h3>
<p>Google te permite iniciar sesión con una cuenta de Google (Que es spyware).
Esto permite a Google recolectar mas información. Y conecta a los usuarios con otros servicios de Google. Estas cuentas intentan recolectar el numero telefónico. y ayuda a Google completar la información de un usuario a travez de todos sus servicios</p>
<hr>
<h2>Mas</h2>
<a href="https://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html">Why Google's Spying on User Data Is Worse than the NSA's</a><br>
<a href="https://stallman.org/google.html">Reasons not to use Google</a><br>
</p>
<hr>
<h2>Fuentes</h2>
<p>
<a name="1">1.</a>
<a href="https://policies.google.com/privacy">Google Privacy policy</a>
<a href="https://web.archive.org/web/20181109075525/https://policies.google.com/privacy">[web.archive.org]</a>
<a href="http://wayback.vefsafn.is/wayback/20181009135133/https://policies.google.com/privacy">[wayback.vefsafn.is]</a>
<a href="https://archive.li/U4mQP">[archive.li]</a><br>
<a name="2">2.</a>
<a href="https://policies.google.com/privacy/example/collect-information">Google collect information</a>
<a href="https://archive.li/Hthpb">[archive.li]</a><br>
</p>
<hr>
<p><b>
This translation was created on 1/14/2019<br>
Please keep this in mind when reading! It may become outdated in the future.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

128
articles/google_search_tr.html Normal file
View File

@ -0,0 +1,128 @@
<!DOCTYPE HTML>
<html lang="en-us">
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Google Arama</h1>
<p>
<a href="/articles">Kataloga dön</a><br/>
<a href="/articles/google_search_es.html">İspanyolca Çeviri</a> <a href="https://qorg.xyz/spyware/google.html">[qorg.xyz]</a><br>
<a href="/articles/google_search.html">English Version</a><br>
</p>
<img src="/images/google_logo.png" alt="Google logo">
<p><a href="/articles/google.html">Google</a> Arama tarafından oluşturulan ve yönetilen bir arama motorudur.
</p>
<h2 class="western">Casus Yazılım Seviyesi: <font color="red">AŞIRI FAZLA</font></h2>
<p>Google Arama kişisel bilgilerinizi toplar ve sizin kişisel
bilgilerinizi toplayan diğer hizmetlerle de ilişkilidir. Google'ın
gizlilik politikası<sup><a href="#1">[1]</a></sup> is size hangi
Google hizmetinin ne tür bilgileri topladığını belirtmez, bunun
aksine bütün hizmetleri tek bir gizlilik politikasına bağlı. <span lang="tr-TR">Bu
nedenle yapılabilecek en iyi şey, Googleın hizmetlerinden
herhangi birini kullanarak Googleın ayrıntılı tüm bilgileri
edinmeye çalıştığını var saymaktır.</span></p>
<p><span lang="tr-TR">Ayrıca, bu makalenin yalnızca Googleın
casusluğuyla ilgili temel bir </span><span lang="tr-TR">rapor</span><span lang="tr-TR">
sağlamak </span><span lang="tr-TR">ve bunun tamamlayıcılık
ısından var olduğunu belirtmek önemlidi</span><span lang="tr-TR">r</span>.
Bu yazı Googleın gizlilik ihlallerini tam olarak yansıtmamakta,
çünkü Googleın sizin hakkınızda bilgi topladığı gerçeği
kimse için bir sır değil, dolayısıyla bu yazı da ayrıntılı
olmaya çalışmamakta çünkü söylenecek yeni bir şey mevcut
yoktur.</p>
<h3 class="western">Google Arama aramalarınızı kaydediyor</h3>
<p>Google Arama kullanılarak yapılan aramalar kimliğinizle
ilişkilendirilip Googleın sunucularına kaydedilmektedir..
Gizlilik politikasından görüldüğü gibi<sup><a href="#1">[1]</a></sup>,
Google bu durumu netleştirmiştir:
</p>
<p><i>&quot;Kullandığınız hizmetler ve bu hizmetlerin nasıl
kullandığınıza dair bilgi toplamaktayız&quot; </i>
</p>
<p>“Bilgi toplama” da şu şekilde açıklığa kavuşturulmuştur<sup>
<a href="#2">[2]</a></sup>:
</p>
<p><i>&quot;Bilgiler kullandığınız veri ve tercihleriniz, Gmail
mesajlarınız, G+ profiliniz, fotoğraflarınız, videolarınız,
<font color="#ff0000"><b>tarama geçmişiniz</b></font>, harita
aramalarınız, belgeleriniz, ve diğer Google tarafından yönetilen
içerikleri bulundurmaktadır. Otomatikleştirilmiş sistemlerimiz bu
bilgiyi gönderilip alındığı gibi ve saklandığı zamanı da
içerecek şekilde analiz etmektedir. </i>
</p>
<p>Google şu cümlesinde de sunucularında aramalarınızı
sakladığını onaylamaktadır :
</p>
<p><i>&quot;</i><i>Hizmetlerimizi kullandığınız veya Google
tarafından sağlanan içeriği görüntülediğiniz zaman</i><i>,
</i><i>otomatik olarak kesin bilgiyi toplayıp sunucu kayıtlarımızda
saklıyoruz</i><i>. </i><i>Bu neyi içerir</i><i>: </i><i>arama
kayıtlarınız gibi</i><i> </i><i>bizim hizmetlerinizi ne kadar
kullandığınıza ilişkin detaylar</i><i>.&quot;</i>
</p>
<h3 class="western">Google, reklamcılara satılmak üzere
aramalarınızı ilgilerinize dair bir profil çizmek için
kullanıyor</h3>
<p>Googleın gizlilik politikası ile ilgili bu sayfasında <sup><a href="#2">[2]</a></sup>,
Google kullanıcıların ilgisine göre onların profilini
oluşturduğunu kabul etmektedir:
</p>
<p><i>&quot;Örnek olarak, web geçmişi çerezlerinizdeki…
bilgilerinizi size daha alakalı sonuçlar sunmak amacıyla
kullanabiliriz.&quot; </i>
</p>
<p>Şunu altını çizmek gerekir, Google isminize
ilişkilendirilmediği sürece <span style="font-weight: normal">arama
geçmişinizin kişisel bilgi olduğunu </span><b>düşünmez.</b> Bu
bilgiyi reklamcılarla olabildiği ölçüde “tanımlanmamış”
olarak paylaşır:
</p>
<p><i>&quot;Tanımlanmamış kimlikli bilgiyi açık şekilde veya
yayıncı, reklmcı veya bağlı siteler gibi ortaklarımızla
paylaşabiliriz. Örnek olarak, hizmetlerinizin genel kullanımına
ilişkin trendleri açık olarak göstmer için bilgiyi paylaşırız.&quot;
</i>
</p>
<h3 class="western">Google Arama “Google Hesaplar” casus yazılım
platformuna bağlıdır.</h3>
<p>Google arama Google hesaplar casus yazılım platformuyla
oluşturulmuş hesap ile giriş yapmanıza izin verir. Bu platform
kişisel bilgi toplamak için vardır ve kullanıcılarını Google
ekosistemindeki diğer casus yazılım hizmetlerine bağlar. Bu
sistem telefon numaralarını toplama girişiminde bulunur ve
Googlea bu bilgiyi bütün hizmetlerinde tek bir kullancı üstünde
bilgi toplayabilmesi için verir, böylelikle onların size dair
oluşturduğu iç profilin kesinliği artar.
</p>
<hr/>
<h2 class="western">Daha Fazla Okuma</h2>
<p><a href="https://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html">Neden
Googleın Kullanıcı Verisi Üstündeki İzlemesi NSAinkinden
Daha Beter?</a> <br/>
<a href="https://stallman.org/google.html">Googleı
kullanmamak için nedenler</a>
</p>
<hr/>
<h2 class="western">Kaynaklar</h2>
<p><a name="1"></a><a name="2"></a>1. <a href="https://policies.google.com/privacy">Google
Gizlilik Politikası</a> <a href="https://web.archive.org/web/20181109075525/https://policies.google.com/privacy">[web.archive.org]</a>
<a href="http://wayback.vefsafn.is/wayback/20181009135133/https://policies.google.com/privacy">[wayback.vefsafn.is]</a>
<a href="https://archive.li/U4mQP">[archive.li]</a> <br/>
2. <a href="https://policies.google.com/privacy/example/collect-information">Google
bilgi toplama</a> <a href="https://archive.li/Hthpb">[archive.li]</a></p>
<hr/>
<p><b>Bu makale en son 12/2/2018de düzenlendi </b>
</p>
<p>Eğer bu makaleyi düzenlemek veya kendi makalenizle katkıda
bulunmak istiyorsanız, <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>
adresime e-posta atabilirsiniz. Bütün katkılar kabul için CC0
lisansı altında lisanslanmak zorundadır.
</p>
<p><b>This article was translated from english on 4/8/2019. Check the dates of the english article with this one in case any changes have been made.
This translation might become outdated in the future.</b></p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

38
articles/gzdoom.html Normal file
View File

@ -0,0 +1,38 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>GZDoom</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/gzdoom_logo.png" alt="GZDoom Logo">
<p>
GZDoom is a source port of Doom based on an older source port, ZDoom.
</p>
<h2>Spyware Level: <font color=yellowgreen>Low</font></h2>
<p>
GZDoom contains telemetry that it reports back to the developers containing general information about your Operating System, CPU Cores, and OpenGL compatiblity.<sup><a href="#1">[1]</a></sup>.
GZDoom's developers do not seem to be very good at handling privacy concerns (After all, if this was privacy-concious, it would be opt-in...) and so if you decide to use this program, you
should make sure to compile it with the telemtery disabled, and you should make sure that this is the <i>only</i> spyware in the program- there may be more spyware implemented in the future.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://forum.zdoom.org/viewtopic.php?f=49&t=59787">GZStats: A quick rundown</a>
<a href="https://web.archive.org/web/20180325212702/https://forum.zdoom.org/viewtopic.php?f=49&t=59787">[web.archive.org]</a>
<a href="https://archive.is/2cTl4">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/30/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

25
articles/hexchat.html Normal file
View File

@ -0,0 +1,25 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Hexchat</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/hexchat_logo.png" alt="Hexchat Logo">
<p>
HexChat is an IRC client based on XChat, but unlike XChat it's completely free for both Windows and Unix-like systems.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
Hexchat is not spyware in and of itself, however you can use it to connect to services that may be spyware. Hexchat is also dstributed on spyware platforms such as the windows store. If you want to download Hexchat, download it from the <a href="https://hexchat.github.io/index.html">developers website</a> instead of the windows store.
</p>
<hr>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

84
articles/http.html Normal file
View File

@ -0,0 +1,84 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>HyperText Transmission Protocol</h1>
<img src="/images/w3c_logo.png" alt="World Wide Web Consortum: The maintainers of the HTTP standard">
<p><a href="/articles">Back to catalog</a></p>
<p>
HTTP is a protocol usually used for transferring HyperText Markup Language documents accross the internet.
</p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
<p>
HTTP is a protocol that is not designed with the privacy of its users in mind. The language used in the HTTP specification explicitly says that
the protocol was designed with enabling the datamining of its users in mind, and contains features that are not absolutely necessary for the purpose of the
protocol, but allow the protocol compromise user privacy.
</p>
<h3>"User-Agent" Datamining feature</h3>
<p>
Section 14.43<sup><a href="#1">[1]</a></sup> of the HTTP specification details the "User-Agent"
spyware feature of the protocol that, when implemented, will attach information about your computing enviroment that can be used to track you.
The biggest danger of the User-Agent spyware is that there is no way to anonymously opt-out of this- even if you do not provide a user-agent,
because almost everyone else does, you will be tracked by the fact that you do <b>not</b> provide that information. There are many strategies
to mitigate this spyware, with only varying levels of success, but the problem is that this is the acceptable standard of how HTTP is used-
and not the forgotten feature that it should be. Not only does the User-Agent feature collect this unncessary information, its purpose is explicitly
stated in the protocol specifications to aid in datamining.
</p>
<p><i>
"The User-Agent request-header field contains information about the user agent originating the request. This is for <b>statistical purposes</b>, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. "
</i></p>
<h3>Acknowledgement of HTTP's privacy problem</h3>
<p>
In the HTTP specification, the W3C explicitly acknowledges the serious privacy violations that implementations of this protocol are capable of comitting.
Section 15.1<sup><a href="#2">[2]</a></sup> of the HTTP specification has a very detailed analysis of
the implications of the comprimization of privacy that the User-Agent spyware allows to happen and suggests how to use the User-Agent feature: as an opt-in
feature where the privacy concerns of using such a feature are properly explained to the user. Even though this is a good section, it shows a very naieve
viewpoint from the W3C- the expectation that this feature would not be abused, and the expectation that implementers of this standard would respect the
privacy of their users and would not use these features of the protocol to datamine users.
</p>
<p>
At best, you could call this mindset naieve. Or, you could call it negligent. If you want to hold the W3C in contempt, you could call it malicious.
It's easy to write in your standard that while you could use this protocol to monitor the behavior of users, you should ask for their permission.
But once that standard is widely implemented, and is widely used for the exact malicious purpose that was acknowledged in its specification, who's
fault is that?
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">Section 14 of the HTTP/1.1 Specification</a>
<a href="http://webarchive.loc.gov/all/20160922055153/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20180522154719/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[web.archive.org]</a>
<a href="http://archive.is/20180425174415/https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[archive.is]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170610193333/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.nrscotland.gov.uk]</a>
<a href="http://www.webcitation.org/6tcP2LTQW">[www.webcitation.org]</a>
<a href="http://arquivo.pt/wayback/20160108175646/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[arquivo.pt]</a>
<a href="http://veebiarhiiv.digar.ee/a/20150704125123/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[veebiarhiiv.digar.ee]</a>
<a href="http://webarchive.proni.gov.uk/20110424091530/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.proni.gov.uk]</a><br>
<a name="2">2.</a>
<a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">Section 15 of the HTTP/1.1 Specification</a>
<a href="http://webarchive.loc.gov/all/20140118222005/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20171216001049/https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[web.archive.org]</a>
<a href="http://archive.is/20131016034135/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[archive.is]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170612090136/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[webarchive.nrscotland.gov.uk]</a>
<a href="http://arquivo.pt/wayback/20110609222436/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[arquivo.pt]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/14/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

44
articles/icecat.html Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>GNU IceCat</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/articles/icecat_es.html">Spanish Translation</a></p>
<img src="/images/icecat_logo.png" alt="icecat Logo">
<p>
GNU IceCat is a web browser that is a fork of <a href="/articles/firefox.html">Firefox</a>.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
GNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. IceCat 60 makes <font color=lime><b>no unsolicited connections</b></font> when you run it. Previous versions had privacy problems, but version 60 doesn't have these problems. You can read about the previous version here: <a href="/articles/icecat59.html">IceCat 59 Review</a>
</p>
<h3>IceCat's privacy features</h3>
<p>
From <a href="https://www.gnu.org/software/gnuzilla/">gnu.org</a>:
</p>
<ul>
<li>LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.</li>
<li>Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.</li>
<li>AboutIceCat: Adds a custom "about:icecat" homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.</li>
<li>Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.</li>
</ul>
<p>
As of writing this the information on gnu.org is a little outdated. Read this for the most up to date look at it: <a href="https://savannah.gnu.org/forum/forum.php?forum_id=9240">
GNUzilla - News: IceCat 60.2.0 Pre-release</a>
</p>
<hr>
<p><b>
This article was last edited on 9/18/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

54
articles/icecat59.html Normal file
View File

@ -0,0 +1,54 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>GNU IceCat (v59)</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/icecat_logo.png" alt="icecat Logo">
<p>
GNU IceCat is a web browser that is a fork of <a href="/articles/firefox.html">Firefox</a>.
</p>
<h2>Spyware Level: <font color=greenyellow>Low</font></h2>
<p>
GNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. However it still contains a lot of the spyware features found in Firefox. So, while it's better than Firefox, it still has a lot of problems that Firefox has.
</p>
<h3><font color=red>This article is about an older version of Icecat (v59), and not the current verison. (anything v60 and higher)</font></h3>
<h3>Phoning Home</h3>
<p>
Even though IceCat has better privacy features out of the box than Firefox, it still phones home by default to GNU, Mozilla, and Google.
So, while it claims to respect your privacy, it doesn't take steps to stop spyware features like this.
</p>
<img src="/images/icecat_phones_home.png" alt="Icecat phoning home">
<h3>IceCat's privacy features</h3>
<p>
From <a href="https://www.gnu.org/software/gnuzilla/">gnu.org</a>:
</p>
<ul>
<li>LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.</li>
<li>Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.</li>
<li>SpyBlock: Blocks privacy trackers while in normal browsing mode, and all third party requests when in private browsing mode. Based on Adblock Plus.</li>
<li>AboutIceCat: Adds a custom "about:icecat" homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.</li>
<li>Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.</li>
</ul>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://digdeeper.neocities.org/">Dig Deeper</a>
<a href="https://digdeeper.neocities.org/images/icecat.png">[original image link]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 6/21/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

43
articles/icecat_es.html Normal file
View File

@ -0,0 +1,43 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>GNU IceCat</h1>
<p><a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/icecat.html">English Translation</a></p>
<img src="/images/icecat_logo.png" alt="icecat Logo">
<p>
GNU IceCat es un navegador web, derivado de <a href="/articles/firefox.html">Firefox</a>.
</p>
<h2>Nivel de Spyware: <font color=lime>No es spyware</font></h2>
<p>GNU IceCat es una derivación de Firefox que es mas seguro y privado que Firefox, contiene muchas características que protegen la privacidad del usuario. IceCat 60 <font color=lime>No hace conexiones no solicitadas cuando lo abres.</font> La versión anterior tuvo problemas, pero la versión 60 no parece tener estos problemas. Puedes leer sobre la versión anterior <a href="icecat59.html">Icecat 59 [English]</a></p>
<h3>Características de privacidad de IceCat</h3>
<p>Fuente: <a href="gnu.org">gnu.org</a></p>
<ul>
<li>LibreJS: Gnu LibreJS apunta al "Problema de JavaScript" descrito por el artículo de Richard Stallman "The JavaScript Trap."</li>
<li>HTTPS-Everywhere: Extensión que encripta tu comunicación con muchos sitios web, haciendo tu navegación mas segura.</li>
<li>AboutIceCat: Añade una propia página de inicio "about:icecat" en la que puedes habilitar y deshabilitar opciones de privacidad</li>
<li>Contramedidas de "Fingerprinting": "Fingerprinting" es una serie de técnicas que permiten identificar a un navegador con características especificas (Como las fuentes instaladas en tu máquina) a diferencia de las cookies, el usuario no puede borrarla.</li>
</ul>
<p>Este articulo ha sido escrito (Y traducido), la información de gnu.org puede estar desactualizada, Lee <a href="https://savannah.gnu.org/forum/forum.php?forum_id=9240">esto</a> para más información
</p>
<hr>
<p><b>
This article was translated on 1/31/2019<br>
This translation might become inaccurate in the future. Compare the dates of the English and Spanish articles if you aren't sure.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

95
articles/index.html Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project Article Catalog</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/index_es.html">Spanish Catalog</a><br>
<a href="/articles/index2.html">Unfinished Articles</a><br>
</p>
<p>
All of the articles on this website are available here! If you want to edit any of these articles, or contribute your own articles, email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>
</p>
<hr>
<h2>Web Browsers</h2>
<a href="/articles/browsers.html">Comparison between web browsers</a><br><br>
<a href="/articles/iron.html">SRWare Iron</a><br>
<a href="/articles/slimjet.html">Slimjet</a><br>
<a href="/articles/chrome.html">Google Chrome</a>
<a href="/articles/chrome_es.html">[Spanish]</a><br>
<a href="/articles/opera.html">Opera</a><br>
<a href="/articles/webdiscover.html">WebDiscover</a><br>
<a href="/articles/firefox.html">Mozilla Firefox</a>
<a href="/guides/firefox.html">[Mitigation Guide]</a><br>
<a href="/articles/vivaldi.html">Vivaldi</a><br>
<a href="/articles/explorer.html">Internet Explorer</a><br>
<a href="/articles/dissenter.html">Dissenter</a><br>
<a href="/articles/waterfox.html">Waterfox</a><br>
<a href="/articles/brave.html">Brave</a><br>
<a href="/articles/palemoon.html">Pale Moon</a>
<a href="/guides/palemoon.html">[Mitigation Guide]</a><br>
<a href="/articles/sphere.html">Sphere Browser</a><br>
<a href="/articles/iridium.html">Iridium Browser</a>
<a href="/guides/iridium.html">[Mitigation Guide]</a><br>
<a href="/articles/icecat.html">GNU IceCat</a>
<a href="/articles/icecat_es.html">[Spanish]</a><br>
<a href="/articles/falkon.html">Falkon</a><br>
<a href="/articles/otter.html">Otter Browser</a><br>
<a href="/articles/qutebrowser.html">Qutebrowser</a><br>
<a href="/articles/ungoogled_chromium.html">Ungoogled Chromium</a><br>
<a href="/articles/tor.html">Tor Browser</a><br>
<h2>Online Content Platforms</h2>
<a href="/articles/snapchat.html">Snapchat</a><br>
<a href="/articles/instagram.html">Instagram</a><br>
<a href="/articles/youtube.html">YouTube</a><br>
<h2>Messaging Clients/Services</h2>
<a href="/articles/discord.html">Discord</a>
<a href="/articles/discord_es.html">[Spanish]</a><br>
<a href="/articles/thunderbird.html">Mozilla Thunderbird</a><br>
<a href="/articles/telegram.html">Telegram</a><br>
<a href="/articles/hexchat.html">Hexchat</a><br>
<h2>Search Engines</h2>
<a href="/articles/google_search.html">Google Search</a>
<a href="/articles/google_search_es.html">[Spanish]</a>
<a href="/articles/google_search_tr.html">[Turkish]</a><br>
<a href="/articles/bing.html">Bing</a><br>
<a href="/articles/yahoo.html">Yahoo</a><br>
<a href="/articles/duckduckgo.html">DuckDuckGo</a>
<a href="/articles/duckduckgo_es.html">[Spanish]</a><br>
<h2>Video Games</h2>
<a href="/articles/steam.html">Steam</a><br>
<a href="/articles/redshell.html">Red Shell</a><br>
<a href="/articles/unity.html">Unity</a><br>
<a href="/articles/razer_en.html">Razer</a>
<a href="/articles/razer.html">[Spanish]</a><br>
<a href="/articles/ksp.html">Kerbal Space Program</a><br>
<a href="/articles/gzdoom.html">GZDoom</a><br>
<h2>Media Players</h2>
<a href="/articles/realplayer.html">RealPlayer</a><br>
<a href="/articles/itunes.html">iTunes</a><br>
<a href="/articles/vlc.html">VLC Media Player</a><br>
<h2>Other</h2>
<a href="/articles/ccleaner.html">CCleaner</a><br>
<a href="/articles/poweriso.html">PowerISO</a><br>
<a href="/articles/cdex.html">CDex</a><br>
<a href="/articles/paint.net.html">Paint.NET</a><br>
<a href="/articles/http.html">HyperText Transmission Protocol</a><br>
<a href="/articles/ftp.html">File Transfer Protocol</a><br>
</body>
</html>

36
articles/index2.html Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE HTML>
<html lang="en-us">
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project Unfinished Article Catalog</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/">Main Catalog</a><br>
</p>
<p>
This is a catalog of all of the articles that are currently works-in-progress. The articles here are either unfinished, or not accurate and need to be edited before they can be added to the normal catalog. If you want to edit any of these articles, or contribute your own articles, email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. These articles need the most help, so feel free to contribute!
</p>
<p>The <a href="/requested_articles.txt">requested articles</a> file also has a list of articles that have been requested, and the state of those
requests.</p>
<hr>
<p>
<a href="/articles/utorrent.html">uTorrent</a><br>
<a href="/articles/nvidia.html">Nvidia Drivers</a><br>
<a href="/articles/1password.html">1password</a><br>
<a href="/articles/foobar2000.html">Foobar 2000</a><br>
<a href="/articles/browsers.html">Comparison between web browsers</a><br>
<a href="/articles/example.html">Example Article</a><br>
<a href="/guides/classify.html">Classification Guide</a><br>
</p>
</body>
</html>

34
articles/index_es.html Normal file
View File

@ -0,0 +1,34 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project Spanish Article Catalog</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/index.html">English Catalog</a><br>
<a href="/articles/index2.html">Unfinished Articles</a><br>
</p>
<p>
This is a catalog of all of the Spanish articles on this site. Some of these articles are translations of other English articles on the site and some
are only in Spanish. Thanks to one very helpful contributor, these articles have been translated. If you know English and Spanish, and want to make
this catalog larger, consider translating an article, or writing your own articles, in Spanish. It would be very much appreciated.
</p>
<p>
If you want to edit any of these articles, or contribute your own articles, email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>
</p>
<hr>
<h2>All Articles</h2>
<a href="/articles/razer.html">Razer</a><br>
<a href="/articles/chrome_es.html">Google Chrome</a><br>
<a href="/articles/icecat_es.html">GNU IceCat</a><br>
<a href="/articles/discord_es.html">Discord</a><br>
<a href="/articles/google_search_es.html">Google Search</a><br>
<a href="/articles/duckduckgo_es.html">DuckDuckGo</a><br>
</body>
</html>

104
articles/instagram.html Normal file
View File

@ -0,0 +1,104 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Instagram</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/ig_logo.png" alt="Instagram logo">
<p>
Instagram, developed by <a href="https://en.wikipedia.org/wiki/Facebook">Facebook</a> is designed to be a free smartphone app that allows users to post pictures and videos to a feed, much like any micro-blogging platform. It is popular among teenagers and millennials. In fact businesses are now getting into the Instagram scene and creating their own Instagram profiles.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Instagram is spyware because it identifies you with EXIF data, and demands direct access to excessive amounts of personal information that has nothing to do with the
service it provides.</p>
<h3>It Logs Your GPS Locations from EXIF Data In Your Photos</h3>
<p>
Whenever a user takes a picture on a modern smartphone, GPS Coordinates are stored in a photos. This is setting that one can easily turn off. However, many users don't even realize their phone is doing so. Instagram takes advantage of that. It will scan through all of the user's photos and look for this EXIF Data<sup><a href="#1">[1]</a></sup>. When it does, it logs the GPS Coordinates into a database. This database shows exactly where the user has been and what pictures they have taken. The only way to turn this off is to turn off EXIF tags on your camera (You should turn it off due to the numerous privacy issues that emerge from EXIF data).
</p>
<h3>It Demands Too Many Permissions and Punishes The User for Denying It Permissions</h3>
<p>Instagram is pretty demanding when it comes to permissions. When I tested the app on my spare Android Phone, it wanted access to:</p>
<ul>
<li>Phone owner's full name</li>
<li>Phone Contacts</li>
<li>Phone calendar</li>
<li>Send and receive SMS Messages (Which may cost money)</li>
<li>All files on phone and files on MicroSD card</li>
<li>Phone camera</li>
<li>Phone microphone</li>
<li>Identifying device information: IEMI number, carrier, SIM status, phone number</li>
<li>Control phone vibrator motor</li>
</ul>
<p>Denying the app access to: <i>the phone owners full name, contacts stored on the phone, the phones calendar, permission to send and receive SMS messages, and identifying device information</i> resulted in annoying nags containing some excuse as to why they would they would like access to said permission.</p>
<p>However, if you deny it access to: <i>All files on the phone and MicroSD card, phone camera, phone microphone, and phone vibrator motor</i>, the app will punish the user by disabling various features in the app that will most likely operate just fine with that permission denied.</p>
<h3>Instagram Owns Any Content You Post on Their Service</h3>
<p>Many users think that when they upload photos to Instagram, they retain all rights or it becomes public domain. This is far from the truth. When you upload a photo to Instagram. Instagram gains all rights to your work and they can anything they want to it<sup><a href="#2">[2]</a></sup>. Since most users don't bother reading the terms of service, they are ignorant of this and will often use the work they uploaded to Instagram on other platforms; doing so is against international copyright law treaties. Basically, the user is breaking copyright laws for simply using their own work they posted to Instagram on other platforms</p>
<h3>You Must Provide a Telephone Number or Email Address to Sign Up</h3>
<p>In order to sign up for the app, you must provide either a telephone number or an email address. You will not be allowed to create an account if you don't provide a either one. This is obviously a method Instagram to uniquely identify you.</p>
<p>If you provided Instagram with a cellular telephone number and uninstalled the app, you will get constant nags to "see whats new on Instagram". Fortunately these nags will go away after about a month, and can be blocked by simply blocking the number</p>
<img src="/images/ig_sshot.png" alt="screenshot">
<h3>It Broadcasts What You Do In The App To Other Users</h3>
<p>Introduced in January 2018, Instagram sports a new spyware feature that broadcasts what you doing in the app to anyone that DMs you in the app<sup><a href="#3">[3]</a></sup>. But, it goes further, it reportedly also broadcasts what comments you read and what photos you like in the app. On microblogging platforms like Instagram, the majority of users like their actions to be private. A lot of users have complained about this feature and they stated that the feature is here to stay. Also, there is no way to disable this feature either.</p>
<h3>It Might Spy in On Your Conversations</h3>
<p>In September of 2017 users started reporting ads appearing on their Instagram feed that they spoke to another person about and never once looked it up online. While Instagram is known to use super cookies (cookies that can hop to different computers on a network and use certain techniques to avoid being deleted), this is next level. A person conducted a test where on a hike they randomly mentioned a projector<sup><a href="#4">[4]</a></sup>. Before this hike they showed no interest in projectors. They than give Instagram about 15 hours and when the person checked their feed the next morning, there was an ad for a projector. Sadly, this is overwhelming proof that Instagram is indeed listening in. Of course, when questioned by various news outlets, Instagram said they never did this, despite their being overwhelming evidence that they are indeed tapping users microphones.</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1</a>
<a href="https://www.makeuseof.com/tag/ways-instagram-spying-you/">Make Use Of - Ways Instagram Is Spying on You</a>
<a href="https://archive.is/pHY8J">[archive.is]</a>
<a href="https://web.archive.org/web/20180131084312/https://www.makeuseof.com/tag/ways-instagram-spying-you/">[archive.org]</a>
<br>
<a name="2">2</a>
<a href="https://help.instagram.com/478745558852511/?_fb_noscript=1">Instagrams TOS</a>
<a href="https://archive.fo/9nxU8">[archive.is]</a>
<br>
<a name="3">3</a>
<a href="https://hellogiggles.com/news/instagram-compromising-privacy-dm-feature/">HelloGiggles Article on the New DM feature</a>
<a href="https://archive.fo/bvtic">[archive.is]</a>
<br>
<a name="4">4</a>
<a href="https://medium.com/@damln/instagram-is-listening-to-you-97e8f2c53023">Instagram Listens In</a>
<a href="https://archive.is/Utdc2">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 2/24/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

84
articles/iridium.html Normal file
View File

@ -0,0 +1,84 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Iridium Browser</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/guides/iridium.html">Mitigation Guide</a></p>
<img src="/images/iridium_logo.jpg" alt="Iridium Logo">
<p>
Iridium is a privacy-based fork of Google Chrome. From their website: "All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user." Unlike other browsers of its kind, this one is fully featured (has all the addons that are available for Chrome), and so is recommended for everyday usage.
</p>
<p>
<h2>Spyware Level: <font color=yellowgreen>Low</font></h2>
After following the <a href="/guides/iridium.html">mitigation guide</a>, this software is <font color=lime><b>Not Spyware</b></font>.
</p>
<p>
The only unsolicited request is for the Google SafeBrowsing feature, and can be easily turned off from the Preferences menu. Additionally, privacy enhancements unrelated to Google are added, such as blocking third party cookies by default, and deleting local storage on close. Full list of the differences between Chrome and Iridium can be found <a href="https://github.com/iridium-browser/tracker/wiki/Differences-between-Iridium-and-Chromium">here</a><sup><a href="#1">[1]</a></sup>. However this list is <b><font color=red>not accurate</font></b> and each claim it makes should be verified by the user.
</p>
<h3>Phoning Home</h3>
<p>
Iridium browser will make these requests to Google to update a blocklist of websites for its SafeBrowsing feature:
</p>
<img src="/images/iridium_request.png" alt="Iridium safebrowsing requests">
<p>
Iridium browser will also download this blocklist from a mirror maintained by the developers. Since the web browser is
awalys "phoning home" to either google or the developers servers, this is a form of spyware that can be used to monitor
usage of the program, as well as collection of the User-Agent's of the program's users. (See the <a href="/articles/http.html">HTTP article</a>)
This request is made 5 miniutes after the program is started, and then updated every 30 miniutes.
</p>
<h3>Inaccurate Privacy Claims</h3>
<p>
The Iridium developers make the claim that as one of the privacy enhancements of Iridium, it uses the Google SafeBrowsing spyware feature, but with their own mirror of Google's database, meaning that you can
use the feature without constantly phoning home to google, but instead phoning home to the developers, which, while still being a form of spyware, is an increase in privacy
for the user<sup><a href="#1">[1]</a></sup>. At least it would be if this section was actually true. You can see that from the "Phoning Home" section of this article, this claim is simply
<b><font color=red>not true</font></b>, which is very bad because it undermines the crediblity of the other privacy claims that Iridium makes.
</p>
<p>
According to another writer, in his tests the browser would only connect to iridiumbrowser.de. So it is possible that this privacy claim is true for some versions of Iridium,
and false for other versions of Iridium. The version of Iridium that phones home to Google is Version 2018.4 for 64-bit Windows, tested on Windows 7, if you want to see this
for yourself.
</p>
<p>
Not only is this privacy claim inaccurate, but a pull request<sup><a href="#2">[2]</a></sup> has been open on the developers github for OVER A YEAR with no response from the development team.
It's pretty dissapointing to see such a privacy concerned front to this project, but then a negligent additude with longstanding privacy issues once you pull back the curtain
and look a little deeper at the claims this browser makes.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://github.com/iridium-browser/tracker/wiki/Differences-between-Iridium-and-Chromium">Differences between Iridium and Chromium</a>
<a href="http://web.archive.org/web/20180216153314/https://github.com/iridium-browser/tracker/wiki/Differences-between-Iridium-and-Chromium">[web.archive.org]</a>
<a href="https://archive.is/H8MsS">[archive.is]</a>
<a href="https://via.hypothes.is/https://github.com/iridium-browser/tracker/wiki/Differences-between-Iridium-and-Chromium">[via.hypothes.is]</a><br>
<a name="2">2.</a>
<a href="https://github.com/iridium-browser/tracker/issues/131">Still access to google safebrowsing servers</a>
<a href="http://web.archive.org/web/20180517043109/https://github.com/iridium-browser/tracker/issues/131">[web.archive.org]</a>
<a href="https://archive.li/eayJ1">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 5/16/2018
</b></p>
<p><b>
This article was created on 5/5/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

178
articles/iron.html Normal file
View File

@ -0,0 +1,178 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>SRWare Iron</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/srware_logo.png" alt="SRWare Iron Logo">
<p>
SRWare Iron is a free web browser, and an implementation of Chromium by SRWare of Germany.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
SRWare Iron claims to be a privacy respecting web browser that is an alternative to <a href="/articles/chrome.html">Google Chrome</a>'s
spyware, and specifically brands itself as a privacy respecting web browser that aims to give users
the Chrome experience without Google's spyware. However when examining this program, these claims
instantly melt away. SRWare Iron connects to an absolutely incredible amount of trackers and opens
connections to an enormous amount of servers on it's first run. It racks up a rough estimate of
<b><font color="yellow">~400-500 unsolicited connections</font></b>, and it actually took several minitues for it to stop making new
requests and connections. SRWare Iron uses the spyware search engine <a href="/articles/bing.html">Bing</a> as it's default search
engine, however it goes beyond that and routes your requests to Bing through it's own servers
so that it can spy on your internet searches as well. The bottom line is that this browser is just
another false privacy initiative and is really <b><font color="red">no better than Chrome.</font></b>
</p>
<p>
Version 69.0.3600.0 of SRWare Iron was tested on Windows 7 64-bit. MITMproxy, Microsoft Network Montior 3.4,
and Sysinternals ProcMon were used to monitor the behavior of this program.
</p>
<h3>False Privacy Initiative</h3>
<p>
SRWare Iron claims on it's website that it is:
</p>
<p><i>
"Chrome thrilled with an extremely fast site rendering, a sleek design and innovative features. But it also gets critic from data protection specialists , for reasons such as creating a unique user ID or the submission of entries to Google to generate suggestions. SRWare Iron is a real alternative. The browser is based on the Chromium-source and offers the same features as Chrome - but without the critical points that the privacy concern."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
The reality is that you are merely trading in one spyware product for another. Where Chrome's spyware has been removed,
Iron's spyware is there to replace it. Which poision are you going to pick? The worst part is that people will read what is
claimed on SRWare's website and beleive it without doing any tests for themselves. Like
<a href="https://dottech.org/23821/srware-iron-a-privacy-oriented-web-browser-built-from-google-chromes-source-code/">this article</a>
<a href="http://web.archive.org/web/20160327201202/http://dottech.org/23821/srware-iron-a-privacy-oriented-web-browser-built-from-google-chromes-source-code/">[web.archive.org]</a>
that just copies the comparison-list from Iron's website without any real investegation before delcaring it a privacy alterantive to Chrome.
The most audacious thing about it is this incredible quote on the FAQ section for the Iron browser:
</p>
<p><i>
"Can i really check that Iron doesn't submit any private data, how you say? Yes, you can. There are tools like Wireshark, which scan the whole network-traffic. We could not recognize any obvious activity. But you can proof this by yourself."
</i><sup><a href="#2">[2]</a></sup></p>
<p>
Which is just an amazing gem in the context of what is actually found when running tests on the software.
</p>
<h3>Massive amount of connections on first startup</h3>
<p>
When you first start SRWare Iron, it will immediately open the following two pages: <code>https://iron.start.me/us</code> and
<code>https://www.srware.net/en/software_srware_iron.php</code>. The most offensive page is the <code>start.me</code> domain
which begins loading in an enormous amount of spyware from all over the internet. I did not count the specific amount of requests
but it was somewhere in the 400-500 range (my software doesn't provide a great amount of automation... or maybe i'm not using it
as well as I could). This <a href="/images/iron_spyware.png">image</a> (at 1.06 MB- almost 1/4 of the size of the entire site as of writing!)
should give you an idea of the amount of requests I was swamped by. It took a while for it to die down. On subsequent runs the
amount of requests it sent was far less. It connected to spyware platforms like Google Analytics and Piwik, and executed their JavaScript payloads.
There were a lot of redundant connections to Google Analytics so it's probable that multiple companies are able to send their own
analytics payloads through this homescreen. Thus throughly fingerprinting and profiling your web browser and computer the moment you
begin browsing the internet with your new "privacy respecting" browser- so that all of these advertising companies can track you
everywhere you go!
</p>
<p>
When checking the browser's connections in Network Monitor 3.4, you could see that it connected to a huge amount
of servers, even though only two domains were ever contacted.<a href="/images/iron_connections.png">This screenshot</a> doesn't caputre
all of the IP addresses that it connected, but should give you an idea.
</p>
<p>
And just so that there is no ambiguity, this notice is shown when you load this homepage:
</p>
<p><i>
"We use cookies to personalise content and ads, to provide social media features
and to analyse our traffic. We also share information about your use of our site
with our social media, advertising and analytics partners who may combine it
with other information youve provided to them or theyve collected from your
use of their services."
</i></p>
<p>
Just so that there is no doubt- you are being served tracking cookies by advertising companies.
</p>
<h3>Redirecting of internet searches through developer's domain</h3>
<p>
After you've finished identifying your web browser to just about every single spyware company on the internet, you can begin
making internet searches with your new SRWare Iron browser. The default search engine is the spyware search engine <a href="/articles/bing.html">Bing</a>.
However it's not enough to just point you at a spyware search engine... when you try and actually run a search on Bing, this is what happens:
</p>
<img src="/images/iron_bing.png" alt="SRWare Iron redirecting through it's own servers">
<p>
Basically, every time you make a search with this browser, your searches are sent through the developer's servers.
So, the developer can know exactly what your internet history is, in this way. Your searches are also being sent through
<code>wisesearches.com</code>, but I don't know who they are. So now instead of giving up your search history to one
spyware company, Google, you can give it to three spyware companies, by switching to this browser. This is a very similar
tactic to the one that the spyware browser <a href="/articles/slimjet.html">Slimjet</a> uses, where it routes searches to
Bing through it's own domains.
</p>
<h3>Motivations of the SRWare Iron developer?</h3>
<p>
If you dig deeper into how SRWare Iron was created, you can find some interesting information from some of the developers of
Chrome about the motivations behind the creation of this fork. More specifically this very interesting conversation:<sup><a href="#3">[3]</a></sup>
</p>
<xmp>
<Kmos> Iron: why not contribute to it, instead of forking ?
<Iron> because i removed all privacy-related code
<Iron> e.g. RLZ
<Iron> and URL tracking every 5 seconds after start
<Iron> the original chrome is heavily communitating to google...i hate that
<jamessan> all of those are supposed to have options to disable them, iirc
<Iron> yes but they haven't options yet
<Iron> and nobody knows when the next beta is released
<jamessan> so work on getting the options added so they'll be there for the next release
<mgreenblatt> Iron.. why not propose a patch based on preprocessor defines that disables the sections you dislike without forking the code?
<mgreenblatt> (assuming such a thing doesn't already exist)
<Iron> because a fork will bring a lot of publicity to my person and my homepage
<Iron> that means: a lot of money too ;)
<Kmos> rotflol
<Iron> what means rotful?
<mgreenblatt> Iron.. you're a large corporation that can dedicate the time to support a fork of something as complicated as chromium?
<Kmos> Iron: google about it
<Iron> yes there is enough time to support it
<jamessan> heh, you're expecting to make lots of money from making a fork of chromium? that's quite amusing
<Iron> i dont take money for my fork
<Iron> but i have adsense on my page ;)
<Iron> a lot of visitor -> a lot of clicka > a lot of money ;)
<Kmos> and do you think google should support your fork
<Kmos> lol
<mgreenblatt> Iron.. it's always good to have dreams ;-)
<Iron> we are here in germany
<Iron> the press will love my fork
<Iron> i talked to much journalists already
<DrPizza> Why are you forking?
<DrPizza> to do what?
<Iron> to remove all things in source talking to google ;)
<jamessan> to get fame and fortune
<Iron> nobody here trusts google
<Iron> the german people say: google is very evil
<jamessan> yet you use google's adsense
</xmp>
<p>
So, this could explain a lot... the motivation for this web browser to exist was to monetize
privacy concerns by generating traffic to his website, where he could make money by serving spyware
to the very users that wanted to escape from it. Then his fork gets loaded up with all sorts of
spyware from all sorts of other companies... which he probably makes some amount of money from as well.
(why else would he take the time to integrate these things into his browser? we can only speculate.)
At the end of the day it's pretty clear that this browser is a huge scam and you shouldn't use it.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://www.srware.net/en/software_srware_iron.php">SRWare Iron: The Browser of the future - Overview</a>
<a href="https://web.archive.org/web/20181118232123/http://www.srware.net/en/software_srware_iron.php">[web.archive.org]</a>
<a href="https://archive.is/qMNlG">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.srware.net/en/software_srware_iron_faq.php">SRWare Iron: The Browser of the future - Frequently asked questions</a>
<a href="https://web.archive.org/web/20180502103925/http://www.srware.net:80/en/software_srware_iron_faq.php">[web.archive.org]</a>
<a href="https://archive.fo/TXJbh">[archive.is]</a><br>
<a name="3">3.</a>
<a href="http://neugierig.org/software/chromium/notes/2009/12/iron.html">The story of Iron</a>
<a href="http://web.archive.org/web/20180427094010/http://neugierig.org/software/chromium/notes/2009/12/iron.html">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 11/20/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

89
articles/itunes.html Normal file
View File

@ -0,0 +1,89 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>iTunes</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/itunes_logo.png" alt="itunes logo">
<p>
iTunes is a media player, media library, Internet radio broadcaster, and mobile device management application developed by Apple Inc.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
iTunes is a spyware music player developed by Apple that collects an enormous amount of information about its users. iTunes is riddled with numerous spyware features and types of information collection, and is integrated with Apple's spyware platforms. Apple is not subtle about its spyware- it explains what it does plainly and clearly, so there is no deception about the scope and level of privacy violations comitted by its software.
</p>
<h3>Itunes is integrated into the Apple ID spyware platform</h3>
<p>
Itunes is integrated with the "Apple ID" spyware platform, which it requires for you to use certain features of the app.
This spyware platform collects the following information from you<sup><a href="#1">[1]</a></sup>:
</p>
<ul>
<li>Name</li>
<li>Mailing address</li>
<li>Phone Number</li>
<li>E-Mail address</li>
<li>Credit card information</li>
</ul>
<h3>Phoning Home</h3>
<p>
Whenever you open Itunes, these two requests are immediately made:
</p>
<img src="/images/itunes_spyware1.png" alt="Itunes unsolictied network requests">
<p>
<a href="https://support.apple.com/en-us/HT201999">Here</a><sup><a href="#2">[2]</a></sup> is a list of all of the domains that Itunes will connect too.
So, whenever you start up Itunes, you are immediately checked into the botnet. It's not clarified exactly what Itunes is
connected to for what reason. The only hint we have comes from this passage in the privacy policy<sup><a href="#1">[1]</a></sup>:
</p>
<p><i>
"We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising."
</i></p>
<p>
So, we can only assume that Itunes is collecting all of this information, or at least as much of it as it can get, from you and sending it back to apple.
</p>
<h3>Apple sells your personal information</h3>
<p>
Apple is very up-front about this in its privacy policy<sup><a href="#1">[1]</a></sup>:
</P>
<p><i>
"Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys."
</i></p>
<p>
So, there can be no illusion or mistake about what happens to the information you provide to Itunes- it will be sold to datamining companies.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.apple.com/legal/privacy/en-ww/">Apple Privacy Policy</a>
<a href="http://webarchive.loc.gov/all/20160817232247/http://www.apple.com/legal/privacy/en-ww/">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20180529202128/https://www.apple.com/legal/privacy/en-ww/">[web.archive.org]</a>
<a href="http://www.webcitation.org/6xDCQswT1">[www.webcitation.org]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170609165052/https://apple.com/legal/privacy/en-ww/">[webarchive.nrscotland.gov.uk]</a>
<a href="http://arquivo.pt/wayback/20161102151804/https://www.apple.com/legal/privacy/en-ww/">[arquivo.pt]</a>
<a href="http://collection.europarchive.org/nli/20160627122417/http://www.apple.com/legal/privacy/en-ww/">[collection.europarchive.org]</a>
<a href="https://archive.is/KdMGe">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://support.apple.com/en-us/HT201999">About macOS, iOS, and iTunes server host connections and iTunes background processes</a>
<a href="https://web.archive.org/web/20180523044139/https://support.apple.com/en-us/HT201999">[web.archive.org]</a>
<a href="http://webarchive.loc.gov/all/20160817153143/https://support.apple.com/en-us/HT201999">[webarchive.loc.gov]</a>
<a href="https://archive.is/KNtlQ">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/12/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

184
articles/ksp.html Normal file
View File

@ -0,0 +1,184 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Kerbal Space Program</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/ksp_logo.png" alt="Kerbal Space Program Logo">
<p>
Kerbal Space Program is a space flight simulation video game developed and published by Squad, and currently owned by Take-Two Interactive.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Kerbal Space program is a spyware program that mines large amounts of personal information of its users<sup><a href="#1">[1]</a></sup><sup><a href="#2">[2]</a></sup>,
to use for its own advertising, and to sell to other advertisers. On its face, it is a video game, but it is loaded with a huge amount of spyware that makes it completely unusable from a privacy standpoint.
If you MUST use this program, run it in a VM with no internet connection. KSP collects so much information, that it has managed to catapult itself into the highest ranks of
this webiste and can only be described as a uniquely malicious datamining platform. KSP at one point was integrated with the <a href="/articles/redshell.html">Redshell</a> spyware platform.<sup><a href="#1">[3]</a></sup><sup>
</p>
<h3>Kerbal Space Program collects vast amounts of personal information</h3>
<p>
KSP collects or attempts to collect or reserves the right to collect the following information about its users<sup><a href="#1">[1]</a></sup>:
</p>
<ul>
<li>First and/or last name</li>
<li>E-mail address</li>
<li>Phone number</li>
<li>Photo</li>
<li>Mailing address</li>
<li>Geolocation (physical location)</li>
<li>Payment information</li>
<li>Age</li>
<li>Gender</li>
<li>Date of birth</li>
<li>Zip code</li>
<li>Hardware configuration</li>
<li>Console ID</li>
<li>Software products played</li>
<li>Purchases</li>
<li>IP address</li>
<li>Systems you have played on</li>
<li>Other Information from integrated services</li>
<li>Other Information from social media</li>
</ul>
<p>
Anyone who is framiliar with privacy violating software can notice that compared to most spyware out there, this is a MASSIVE amount of personal information that is being collected.
It's further clarified that not only does this program collect all of your information, but it uses this information to build a unique profile of you by correlating that information
together.
</p>
<h3>Kerbal Space Program is integrated with other spyware platforms</h3>
<p>
KSP is integrated with social networking websites such as Facebook<sup><a href="#1">[1]</a></sup>, which allows it to collect a lot of personal information about you from any sort of social media profile that you
have on that website. If you're wondering how it could collect your date of birth, gender and photo if the program doesn't explicitly ask you, this is probably how it does it.
When you give KSP access to your facebook account by logging in through spyware platforms such as Facebook, it collects as much information from your profile as it possibly can. This includes:
</p>
<ul>
<li>Your profile picture</li>
<li>Your friends list</li>
<li>Your name</li>
</ul>
<p>
As well as all other information that KSP claims it collects in the previous section. As you can see, this feature is a way for KSP to collect huge amounts of your personal information,
which it does not show and restraint in collecting.
</p>
<p>
Not only is KSP integrated with Facebook's spyware platfrom, but it is also integrated with other spyware platforms as well:
</p>
<p><i>
"When you use a third-party authentication service or link your Company account with a third-party account, you will be asked to provide account information associated with that third-party account. Certain membership information may be transferred automatically to the Company when you register to join an Online Service from a third-party gaming network system or link your Online Service membership with a third-party service, such as your friends list on that gaming network or social network service."
</i><sup><a href="#1">[1]</a></sup></p>
<p><i>
"When you use Facebook Connect, OpenID or another multisite ID to log in to an Online Service, those ID services will authenticate your identity and provide you the option to share certain personal information with us to pre-populate our sign up form. Depending on your account settings, multisite IDs may also provide other information to us. Please check the terms of those services before using them to log into an Online Service."
</i><sup><a href="#1">[1]</a></sup></p>
<p><i>
"If you use, purchase, or register for an Online Service through a third-party service such as a gaming console's network service, an internet based gaming service, or a social network website, or request that we associate a Company account with a third-party service account, then limited user account personal information may be transferred to the Company as part of the registration process and we may be able to collect information about your use of the Online Services."
</i><sup><a href="#1">[1]</a></sup></p>
<h3>Kerbal Space Program allows advertisers to collect personal information seperately</h3>
<p>
In addition to tracking its users, KSP allows advertisers to track its users as well<sup><a href="#1">[1]</a></sup>. These advertisers are:
</p>
<ul>
<li>DoubleClick</li>
<li>Facebook</li>
<li>Google</li>
<li>Conversant</li>
<li>Nielsen/Netratings</li>
<li>Omniture</li>
<li>Yahoo</li>
</ul>
<p>
Which of course, all have their own seperate privacy polcies about how they handle your information. So, not only is KSP tracking you, but a huge amount of advertisers are
also tracking you when you use their services.
</p>
<h3>Kerbal Space Program sells your information to advertisers</h3>
<p>
KSP's privacy policy uses more vauge language here, but its clear that your information is being sold to advertisers. See the following quotes:
</p>
<p><i>
"In the event we offer services or promotions where your personal information is separately collected and used according to the privacy policy of a third party, we will inform you of that at the time of collection and you may elect not to participate in the service or promotion."
</i><sup><a href="#1">[1]</a></sup></p>
<p><i>
"In addition, we may share aggregate and other information regarding Online Service usage statistics and user demographics with third parties."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
Is "other information" personal information? There isn't any transparency here, so we cant know, but its clear that KSP uses its massive datamining platform to collaborate with other datamining platforms.
</p>
<h3>Kerbal Space Program uses your personal information for its own advertising</h3>
<p>
It's clearly stated in the privacy policy<sup><a href="#1">[1]</a></sup> that this information is used to target users for promotions, and to analyse for marketing purposes:
</p>
<p><i>
"The Company uses this information to send you promotional materials...We also use your personal and other information for our internal marketing and demographic studies, so we can constantly improve the products and services we provide you and to better meet your needs."
</i><sup><a href="#1">[1]</a></sup></p>
<p><i>
"The Company uses this information to send you promotional materials...We also use your personal and other information for our internal marketing and demographic studies, so we can constantly improve the products and services we provide you and to better meet your needs."
</i></p>
<h3>Kerbal Space Program does not make its source code availible</h3>
<p>
Its impossible to discern the level and scope of privacy violations done by this software beyond what they tell us in the privacy policy. The source code could potentially be hiding
more spyware, but nobody can audit it, and nobody can go into the source code and disable all of the spyware. If KSP had nothing to hide, you would be able to build the game from its
source code.
</p>
<h3>Further Reading</h3>
<a href="https://www.youtube.com/watch?v=WCLbUD_aubQ">Kerbal Space Program's New EULA Makes it Spyware </a><br>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.take2games.com/privacy/">TAKE-TWO INTERACTIVE SOFTWARE, Inc. PRIVACY POLICY</a>
<a href="http://web.archive.org/web/20180523084938/https://www.take2games.com/privacy/">[web.archive.org]</a>
<a href="http://archive.is/WvWBD">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://forum.kerbalspaceprogram.com/index.php?/topic/171850-does-ksp-v14-really-have-spyware-in-it/&page=12&tab=comments#comment-3314988">Does KSP v1.4 really have spyware in it?</a>
<a href="http://web.archive.org/web/20180530204319/https://forum.kerbalspaceprogram.com/index.php?/topic/171850-does-ksp-v14-really-have-spyware-in-it/&page=12&tab=comments">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="https://old.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/">[PSA] RED SHELL Spyware - "Holy Potatoes! Were in Space?!" integrated and removed it after complaints</a>
<a href="https://snew.github.io/r/Steam/comments/8pud8b/">[snew.github.io]</a>
<a href="http://archive.is/jwlur">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This article was last updated on 5/30/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

67
articles/nvidia.html Normal file
View File

@ -0,0 +1,67 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Nvidia Graphics Card Drivers</h1>
<img src="/images/nvidia_logo.png" alt="Nvidia logo">
<p><a href="/articles">Back to catalog</a></p>
<h2>UNFINISHED ARTICLE- UNDER CONSTRUCTION</h2>
<p>This article is about the graphics card driver software used for modern Nvidia graphics cards. It is not about any one specific driver.</p>
<h2>Spyware Level: <font color=red>Not Rated</font></h2>
<p>
Nvidia produces graphics cards, and of course to use this hardware you need to install their drivers. Unfortunately Nvidia's drivers are riddled with
spyware and the installation process is a minefeild of serious privacy pitfalls, with options selected by default that have serious privacy
implications they have if actually enabled. It isn't possible to install any of their drivers without bundled spyware being installed onto your computer,
which needs to be cleaned up after the install.
</p>
<h3>Nvidia's installer is bundled with other spyware programs</h3>
<p>
When attempting to install an Nvidia graphics card driver you will be shown an option to install the spyware program GeForce Experience onto your computer.
This program is malware that is also developed by Nvidia as well, and has a huge range of serious privacy issues, including scanning and uploading information
about the files onto your comptuer to Nvidia. (An article about GeForce Experience is planned)
</p>
<img src="/images/nvidia_bundling.png" alt="Nvidia driver installation screenshot">
<h3>Nvidia drivers install telemetry services onto the host machine</h3>
<p>
When the installation is finished, these services will show up (This is on windows 7):
</p>
<img src="/images/nvidia_spyware_service.png" alt="Nvidia spyware services">
<p>
These can at least be disabled like so:
</p>
<img src="/images/nvidia_spyware_disable.png" alt="Nvidia spyware service disable">
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">Section 14 of the HTTP/1.1 Specification</a>
<a href="http://webarchive.loc.gov/all/20160922055153/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20180522154719/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[web.archive.org]</a>
<a href="http://archive.is/20180425174415/https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[archive.is]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170610193333/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.nrscotland.gov.uk]</a>
<a href="http://www.webcitation.org/6tcP2LTQW">[www.webcitation.org]</a>
<a href="http://arquivo.pt/wayback/20160108175646/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[arquivo.pt]</a>
<a href="http://veebiarhiiv.digar.ee/a/20150704125123/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[veebiarhiiv.digar.ee]</a>
<a href="http://webarchive.proni.gov.uk/20110424091530/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.proni.gov.uk]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 7/22/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

83
articles/opera.html Normal file
View File

@ -0,0 +1,83 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Opera</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/opera_logo.png" alt="Images are in the /images folder">
<p>
A web browser made by Opera Software, using the Blink engine. Has some interesting features like mouse gestures, a built-in ad blocker and VPN. It is the sixth most popular browser. But how does it look like in terms of privacy?
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Opera makes 55 unsolicited requests upon its first run. By default, it spies on all your browsing history. Works closely with advertisers and trackers. Is integrated with Facebook, one of the biggest privacy violators in the world. Has Google as the default search engine. Closed source.
</p>
<h3>Geolocation</h3>
<p>The first request Opera makes is the geolocation request: <img src="/images/opera_geo.png"> which includes your country and the precise timestamp.</p>
<h3>Homepage request</h3>
<p>If this is the first time you run Opera, it makes this request: <img src = "/images/opera_firstrun.png"> which will redirect you to their homepage. Then, that homepage will make a bunch of other requests, including to google analytics, facebook (if you're logged in, they now know who you are), and even yandex.ru. The yandex request will set a <b>uniquely identifying</b> cookie.</p>
<h3>Cxense analytics</h3>
<p>Later, it will make a few requests to cxense.com. What is Cxense?</p>
<p><i>We are Cxense. We help hundreds of leading publishers and marketers across the globe transform their raw data into their most valuable resource. Built on the premise of 1:1 analytics and communication; allowing you to both gain unprecedented insight about your individual customers, and to action this insight real-time in all your marketing and sales channels. </i></p>
<p>This request seems to include a <b>unique ID</b></p>
<h3>Search engines</h3>
<p>Opera will also download a list of search engines, which <font color=red><b>you cannot delete</b></font>, only add new ones (at least from the GUI). Apparently, there are some convoluted methods of deleting the search engines, but I haven't confirmed them. <img src = "/images/opera_partner_content.png"> Of course, the default search engine is the anti-privacy <a href="/articles/google.html">Google</a>.</p>
<h3>OCSP querying</h3>
<p>Opera will query OCSP servers (ocsp.comodoca.com) to check if SSL certificates expired.
<h3>Malware / Phishing protection</h3>
<p>Anytime you visit a website, Opera will make a request like this: <img src="/images/opera_sitecheck.png"> to check if it is malicious. So it is literally spying on your whole browsing history. Fortunately, this can be turned off.</p>
<h3>Other requests</h3>
<p>Other requests include ones to googletagmanager, google ads specific for your country, more requests to yandex (these include your screen size, encoding, and the page you came from), more geolocation, etc. Together, Opera made 55 unsolicited requests in my first run of it. Analyzing them all would probably take a book.</p>
<h3>Facebook integration</h3>
<p>Opera has a Facebook chat button on the sidebar, and Facebook is one of the most anti-privacy organizations out there.</p>
<h3>Opera's "Partners"</h3>
<p>Opera has a list of "partners" - those are the websites that are in the Speed Dial by default. If you click on one of them from there, they will know you visited from Opera's Speed Dial. Those requests also include <b>unique user IDs</b>.
What happens if you close Opera and run it again? The websites in the Speed Dial will change to the ones from your country! And the same rule about them knowing where you came from applies.</p>
<h3>Opera is closed source</h3>
<p>And it will stay that way. <a href="https://archive.is/YMRla">From their FAQ</a> (the message used to be there in 2017, they must have <b>deleted it somewhere in 2018</b>):</p>
<p><i>Opera has no current plans to open source its browser.</i></p>
<p>Therefore, some other spyware might be hiding in there.</p>
<hr>
<h2>Credits</h2>
<p>
This article was written by <a href="https://digdeeper.neocities.org/">digdeeper.neocities.org</a><br>
Formatting changes were done by the site maintainer.
</p>
<hr>
<p><b>
This article was last edited on 6/8/2018
</b></p>
<p><b>
This article was created on 11/25/2017
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

29
articles/otter.html Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Otter Browser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/otter_browser_logo.png" alt="Otter Browser Logo">
<p>
From their website: "Otter Browser aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5." Their motto is: "Controlled by the user, not vice versa". Version tested: 0.9.12 (SlackBuild from slackbuilds.org). Program used for testing requests: Mitmproxy.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
Otter Browser <b><font color=lime>makes no unsolicited requests at all.</font></b> It is fully open source. The developers, also, don't plan to include any spyware "features" in the future. This seems like a true privacy-based web browser (at least for now).
</p>
<hr>
<p><b>
This article was created on 11/25/2017
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

51
articles/paint.net.html Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Paint.NET</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/paintnet_logo.png" alt="logo">
<p>
Paint.NET is a freeware image editor program for Microsoft Windows.
</p>
<h2>Spyware Level: <font color="yellowgreen">Low</font></h2>
<p>
Paint.NET contains some spyware features, but also claims in its privacy information<sup><a href="#1">[1]</a></sup> to not be spyware.
</p>
<h3>Paint.NET is closed source software</h3>
<p>
It's impossible to build Paint.NET from source and read its source code to verify that it is not spyware. Therefore, it is impossible to prove that Paint.NET is not spyware.
</p>
<h3>Paint.NET is self-updating software</h3>
<p>
Paint.NET contains an updater that downloads new version of Paint.NET. This updater also downloads a file from paint.net's website to check for new versions, which is a form of phoning home.
(I didn't check what protocol or kind of request it makes, though) This can be disabled, however, and you should disable it. Paint.NET also will phone home when you install or upate the software.<sup><a href="#1">[1]</a></sup>
So the only way to avoid this is to block the program from accessing the internet, and disabling all updates.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.getpaint.net/privacy.html">Privacy Information</a>
<a href="https://web.archive.org/web/20180410043929/https://www.getpaint.net/privacy.html">[web.archive.org]</a>
<a href="http://archive.is/aGtsl">[archive.is]</a>
<a href="http://arquivo.pt/wayback/20091015145021/http://www.getpaint.net/privacy.html">[arquivo.pt]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 6/1/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

69
articles/palemoon.html Normal file
View File

@ -0,0 +1,69 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Pale Moon</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/guides/palemoon.html">Mitigation Guide</a></p>
<img src="/images/palemoon_logo.png" alt="Pale Moon logo">
<p>
Pale Moon is a fork of an old <a href="/articles/firefox.html">Firefox</a> version, before the user interface change that put off many people. Version 28.4 was used to
write this article. This article replaces an old article (<a href="/articles/palemoon_old.html">here</a>).
</p>
<p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
After following the <a href="/guides/palemoon.html">mitigation guide</a>, this software is <font color=lime><b>Not Spyware</b></font>.
</p>
<p>
Connects to analytics services, and these requests can <b>only be avoided on subsequent runs</b>. Has block lists, search suggestions, and auto-updates.
Sends SSL certificates from the sites you visit.
</p>
<h3>Google Analytics on Homepage</h3>
<p>
By default, Pale Moon's home page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run.
This page connects to Google Analytics, which can fingerprint and track you across the internet.
</p>
<img src="/images/pm_analytics.png" alt="Google Analyics requests sent by Pale Moon's default homepage">
<h3>Blocking privacy-enhancing addons</h3>
<p>
Pale Moon by default won't allow you to install the privacy-enhancing addon noscript, citing this rationale for
blocking such an imporant addon: <i>"NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited,
NoScript will cause display issues and functional issues. "</i><sup><a href="#1">[1]</a></sup>
<b><font color=yellow>To disable this blocklist, set extensions.blocklist.enabled to false in about:config.</font></b>
</p>
<h3>Auto-updates</h3>
<p>
Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config.
</p>
<h3>Search Suggestions</h3>
<p>The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar.
</p>
<h3>OCSP querying</h3>
<p>Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://blocklist.palemoon.org/info/?id=pm112">This Add-on to your browser has been blocked or disabled.</a>
<a href="https://web.archive.org/web/20180514135250/http://blocklist.palemoon.org/info/?id=pm112">[web.archive.org]</a>
<a href="http://archive.is/EiraE">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This article was created on 3/19/2019<br>
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

96
articles/palemoon_old.html Normal file
View File

@ -0,0 +1,96 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Pale Moon</h1>
<p><a href="/articles">Back to catalog</a><br>
<a href="/guides/palemoon.html">Mitigation Guide</a></p>
<img src="/images/palemoon_logo.png" alt="Pale Moon logo">
<p>
Pale Moon is a fork of an old <a href="/articles/firefox.html">Firefox</a> version, before the user interface change that put off many people. But is it a worthy alternative to FF in terms of privacy? Versions 27.7.2 and 28.1.0 were both tested for this article.
</p>
<p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
After following the <a href="/guides/palemoon.html">mitigation guide</a>, this software is <font color=lime><b>Not Spyware</b></font>.
</p>
<h3><font color=red>This article talks about the older behaviors of the spyware services that Pale Moon was connecting too, which have changed. This article is oudated.</font></h3>
<p>
Connects to a MASSIVE amount of trackers, and these requests can <b>only be avoided on subsequent runs</b>. Has geolocation, search suggestions, and auto-updates. Sends SSL certificates from the sites you visit. Together made 169 unsolicited requests upon my first run of it, but again, most of them can be avoided on subsequent runs. Pale Moon, in the end, has less privacy issues than Firefox, aside from its terrible start page, so the rating is Medium.
</p>
<h3>First run</h3>
<p>
If this is your first run of Pale Moon, it will automatically connect to its first run webpage (http://palemoon.org/firstrun.html), which in turn will make a bunch of requests for location-aware Google Ads.
</p>
<h3>Pale Moon's start page</h3>
<p>
By default, Pale Moon's start page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run. That page will then (again) make a bunch of requests for various trackers - here is a list:
<ul>
<li>Google Ads (location-aware)</li>
<li>Facebook (so if you're logged in, they know who you are)</li>
<li>Quantserve ("Quantcast is an American technology company, founded in 2006, that specializes in audience measurement and real-time advertising.")</li>
<li>Amazon Ads</li>
<li>Criteo ("Criteo is a personalized retargeting company that works with Internet retailers to serve personalized online display advertisements to consumers who have previously visited the advertiser's website.")</li>
<li>Scorecardresearch ("ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet")</li>
<li>HubSpot ("HubSpot is an inbound marketing and sales platform that helps companies attract visitors, convert leads, and close customers.")</li>
<li>Alexa Metrics</li>
<li>Twitter Ads and Analytics</li>
<li>A few others</li>
</ul>
<p>
All these requests contain the Pale Moon start page referrer, so they know where you came from. They also all set uniquely idenfifying cookies, so if you come across another website with these trackers included, they will know you're the person from the Pale Moon's start page, and could start building a profile from your browsing habits. You can easily delete the cookies and change the start page so that it never appears again, but <b>there is no way to avoid the requests being made upon Pale Moon's first run.</b>
</p>
<h3>Blocking privacy-enhancing addons</h3>
<p>
Pale Moon blocks privacy enhancing addons like noscript, citing this rationale for
blocking such an imporant addon: <i>"NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited,
NoScript will cause display issues and functional issues. "</i><sup><a href="#1">[1]</a></sup> So, it looks like Pale Moon's developers are actively working against the intrests of its
privacy-concerned users, and would rather allow websites to execute malicious ECMAScript programs on unsuspecting user's machines, than to be blamed for a broken website.
<b><font color=yellow>To disable this blocklist, set extensions.blocklist.enabled to false in about:config.</font></b>
</p>
<h3>Auto-updates</h3>
<p>
Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config.
</p>
<h3>Search Suggestions</h3>
<p>The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar.
</p>
<h3>Geolocation</h3>
<p>Pale Moon connects to Mozilla's geolocation services.</p>
<h3>OCSP querying</h3>
<p>Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://blocklist.palemoon.org/info/?id=pm112">This Add-on to your browser has been blocked or disabled.</a>
<a href="https://web.archive.org/web/20180514135250/http://blocklist.palemoon.org/info/?id=pm112">[web.archive.org]</a>
<a href="http://archive.is/EiraE">[archive.is]</a>
<br>
</p>
<hr>
<h2>Credits</h2>
<p>
This article was written by <a href="https://digdeeper.neocities.org/">digdeeper.neocities.org</a><br>
Formatting changes and some sections were written by the site maintainer.
</p>
<hr>
<p><b>
This article was created on 6/7/2018<br>
This article was last updated on 10/14/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

73
articles/poweriso.html Normal file
View File

@ -0,0 +1,73 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>PowerISO</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/poweriso_logo.png" alt="PowerISO logo">
<p>
PowerISO is a CD / DVD / BD image file processing tool.
</p>
<h2>Spyware Level: <font color="yellow">Medium</font></h2>
<p>
The PowerISO software itself, after you have installed it, does not seem to have a lot of serious privacy problems and would probably be listed
as "Not Spyware" or "Low". However, downloading and installing this software requires careful attention because it attempts to install serveral spyware
programs and otherwise violates your privacy at every step of the installation process. So it's received this higher rating because of how bad this
process is for user privacy. Also, keep in mind that this is for the free version of the software and the paid version might be slightly better for
user privacy, however because there are so many problems with the free version you would have to do your own tests to make sure.
</p>
<p>
To talk more specifically about the software itself, it will check off "automatically check for updates" by default in the installer which is bad, but you can uncheck it.
When I actually ran it after installing, it did not make any unsolicited requests so it didn't have any problems. When I asked it to check for updates,
it used HTTP to talk to some server. HTTP is a little excessive and not good for privacy. But at least it doesn't phone home or anything, which is really
not something I expected after seeing the absolute disregard for user privacy when trying to install the program.
</p>
<p>
Microsoft Network Monitor 3.4, ProcMon, and NoScript were used to check this program and it's installation process for spyware.
</p>
<h3>Unsolicited connections in installation process</h3>
<p>
When you try to download this program off of the developer's website (<a href="http://www.poweriso.com/download.php">http://www.poweriso.com/download.php</a>), the download link,
which appears to be a link to: <code>http://www.fettcedob-nero.com/vf6o1o5/PowerISO7-x64.exe</code>, is actually a redirect to a website that tries to run a third
party script (spyware) on your browser.
</p>
<img src="/images/piso_scripts.png" alt="PowerISO install button running scripts- caught by noscript.">
<h3>Attempting to install a chrome extenison</h3>
<p>
I could not manage to download this program with a Firefox-based browser so I used a Chrome-Based browser to download it. Once I had enabled JavaScript and executed all of the
spyware involved, it attempted to get me to install this chrome extension:
</p>
<img src="/images/piso_extension.png" alt="PowerISO attempt to install a chrome extension">
<p>
While this is not a review of search manager, it's worth noting that this extension is known adware at least, and who knows what else it does. Any searches about this
extension should explain this. But at the very least, assuming that you didn't install any spyware yet, you at least have the PowerISO installer...
</p>
<h3>Attempts to Install spyware in the PowerISO installer</h3>
<p>
Once you run the PowerISO installer, it will attempt to install the following progams on your computer:
</p>
<img src="/images/PowerISO7-x64_1.png" alt="PowerISO attempt to install spyware 1">
<img src="/images/PowerISO7-x64_2.png" alt="PowerISO attempt to install spyware 2">
<p>
Which both look very shady. <a href="/articles/cdex.html">CDex</a> also seems to be using this same tactic and installer software.<br>
Now, to top it all off, the PowerISO installer will also phone home to some Amazon Servers:
</p>
<img src="/images/piso_installer_phone_home.png" alt="PowerISO installer phoning home">
<hr>
<p><b>
This article was created on 10/7/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

29
articles/qutebrowser.html Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Qutebrowser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/qutebrowser_logo.png" alt="Qutebrowser Logo">
<p>
From their website: "qutebrowser is a keyboard-focused browser with a minimal GUI. It's based on Python and PyQt5 and free software, licensed under the GPL." Program tested: v1.3.0 for Windows 7 64-bit. Mitmproxy was used to check for connections.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
Qutebrowser <b><font color=lime>makes no unsolicited requests at all.</font></b> It is also fully open source. This web browser is a great choice to use, and there is
nothing to complain about from a privacy standpoint. (although I don't really know how to use the User Interface that well... ) So far this browser looks like it can stand tall in the ranks of the other privacy-respecting web browsers out there.
</p>
<hr>
<p><b>
This article was created on 5/10/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

63
articles/razer.html Normal file
View File

@ -0,0 +1,63 @@
<!DOCTYPE HTML>
<html lang="en-us">
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Spyware de Razer</h1>
<p> <p><a href="/articles">Back to catalog (English)</a><br>
<a href="/articles/index_es.html">Back to catalog (Spanish)</a><br>
<a href="/articles/razer_en.html">English Translation</a></p>
<img src="/images/razer_logo.png">
<p>Razer es una compañía que hace programas y hardware para videojugadores</p>
<h2>Nivel de spyware: <b style="color:red;">EXTREMADAMENTE ALTO</b></h2>
<h3>Información que recolecta</h3>
<p>Razer confirma<sup><a href="#1">[1]</a></sup> que recolecta estos datos:</p>
<ul>
<li>Correo electrónico</li>
<li>Nombre</li>
<li>Información de contacto</li>
<li>La información que envias cuando los contactas (mensaje y demás)</li>
<li>El tiempo que usas sus productos/servicios</li>
<li>Los datos que envias en encuestas</li>
<li>Dirección IP, geolocalización, sistema operativo, navegador</li>
</ul>
<p>Razer tambien admite<sup><a href="#1">[1]</a> <a href="#2">[2]</a> </sup>que vende los datos de los usuarios</p>
<p>También dice que los empleados pueden ver esos datos.</p>
<h3>Razer te obliga a crear una cuenta para usar sus productos</h3>
<img src="/images/theevidence.png">
<p style="font-family:monospace">¿Dónde está el botón para iniciar sesión en otro momento?</p>
<p>Sin una cuenta, no puedes configurar ni tu teclado ni tu ratón, no puedes cambiar el DPI del ratón (A no ser que haya un botón en el ratón para eso)</p>
<p>Basicamente, cada vez que abras el software para cambiar el color del ratón o lo que sea, Razer recibirá tus datos.</p>
<p>Estás obligado a conectarte a "la nube" para cargar configuraciones, esto quiere decir que las configuraciones de tu hardware están en el ordenador de otra persona, y saben quien las tiene (las configuraciones)</p>
<hr>
<h2>Mas lecturas</h2>
<a href="http://wp.xin.at/archives/1438">The Razer Synapse 2.0 spy ware</a>
<hr>
<h2>Crédito</h2>
<p>This article was written by:
<a href="mailto:qorg[@]vxempire.xyz">qorg11</a>
</p>
<hr>
<h2>Referencias</h2>
<p>1. <a id="1" href="https://www.razer.com/legal/privacy-policy">Razer - Privacy Policy | Razer United States</a> <a href="https://archive.fo/sVOGz">[archive.is]</a><br>
2. <a id="2" href="http://wp.xin.at/archives/1438">The Razer Synapse 2.0 spy ware</a> <a href="https://archive.fo/sjgDR">[archive.is]</a></p>
<hr>
<p><b>
This article was created on 3/4/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 license to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</html>

68
articles/razer_en.html Normal file
View File

@ -0,0 +1,68 @@
<!DOCTYPE HTML>
<html lang="en-us">
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Razer's spyware</h1>
<p>
<a href="/articles/index.html">Back to catalog</a><br>
<a href="/articles/razer.html">Spanish Article</a>
</p>
<img src="/images/razer_logo.png">
<p>Razer is a company that makes software and hardware for gamers.</p>
<h2>Spyware level: <b style="color:red;">EXTREMELY HIGH</b></h2>
<h3>Data collection</h3>
<p>Razer confirms that they collect this data:</p>
<ul>
<li>E-mail</li>
<li>Full name</li>
<li>Contact info</li>
<li>Info you send when you contact them (texts and such)</li>
<li>The time you use their services and products</li>
<li>Info you send via polls</li>
<li>IP, geolocation, OS and browser version</li>
</ul>
<p>
Razer also admits<sup><a href="#1">[1]</a><a href="#2">[2]</a></sup> that they sell users' info. They also claim that the employees can see this data.
Razer FORCES you to create an account to use YOUR products.
</p>
<img src="/images/theevidence.png">
<p>
Where is the option "Sign in later" at? Without an account, you CAN'T configure your keyboard,
change your mouse DPI and RGB configuration and such, this means that the configurations you set to your (Razer) peripherals are in somebody's
elses PC, and Razer knows who has that (your) info.
</p>
<hr>
<h2>Further reading</h2>
<a href="http://wp.xin.at/archives/1438">The Razer Synapse 2.0 spy ware</a>
<hr>
<h2>Credit</h2>
<p>This article was written by:
<a href="mailto:qorg[@]vxempire.xyz">qorg11</a>
</p>
<hr>
<h2>References</h2>
<p>1. <a id="1" href="https://www.razer.com/legal/privacy-policy">Razer - Privacy Policy | Razer United States</a> <a href="https://archive.fo/sVOGz">[archive.is]</a><br>
2. <a id="2" href="http://wp.xin.at/archives/1438">The Razer Synapse 2.0 spy ware</a> <a href="https://archive.fo/sjgDR">[archive.is]</a></p>
<hr>
<p><b>
This article was translated on 3/10/2019<br>
This is a translation of the Spanish article. It may become outdated in the future. Check the dates on both articles.
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 license to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

120
articles/realplayer.html Normal file
View File

@ -0,0 +1,120 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>RealPlayer</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/realplayer_logo.png" alt="realplayer logo">
<p>
RealPlayer, formerly RealAudio Player, RealOne Player and RealPlayer G2, is a cross-platform media player app, developed by RealNetworks.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
RealPlayer is spyware that reports all of the media you consume using it to its developers. It uses information that it obtains through this spyware
to build detailed profiles of its users, such as what media they consume and what physical locations they visit, fingerprints of their computers, etc., as well as using information
from other spyware services like Facebook and Twitter to build these profiles. <b><font color=red>Realplayer knows what media you watch, what your physical location is, what computers you use, and it uses this information for advertising.</font></b>
</p>
<p>
No actual tests of the software were done to write this article since there isn't really a point... RealPlayer doesn't seem to be hiding anything,
since the privacy policy is so open about what it does. There probably is more spyware hidden in it, but it's really at such a point where it can't
receive a higher rating or a diffrent advisory: <b><font color=red>Do not use this program.</font></b>
</p>
<h3>RealPlayer records the media you own and consume with it</h3>
<p>
In the same way that a web browser can spy on you by recording all of your internet history and showing it to the developers, RealPlayer spies on you
by recording all of media history and showing it to it's developers. It is very clearly stated in the privacy policy<sup><a href="#1">[1]</a></sup> that
RealPlayer collects the following information about you:
</p>
<p><i>
"Such information can include...Information relating to your use of our products and services, for example information relating to photographs or videos you upload to RealPlayer or add to RealTimes, content you download using RealPlayer including domains associated with such content, geo-location information or patterns associated with photographs or videos to enable features in RealTimes, and activities on our websites such as pages visited;"
</i><sup><a href="#1">[1]</a></sup></p>
<p>
So, because of this vauge wording, it can only be assumed that RealPlayer has access to all of the media that you consume using it.
</p>
<h3>RealPlayer tracks the physical locations of its users</h3>
<p>
What is especially agregious about this policy is that is designed to create detailed profiles of the user. RealPlayer specifically mentions that when it
uses it's spyware to access your photos, it will search for <i>"geo-location information"</i>, as well as <i>"patterns associated with photographs or videos"</i>.
This is worded in a (somewhat) innocent way but it tells a lot about what this spyware is for. "Patterns" associated with media implies that RealPlayer is
using the information it collects on its users for facial recognition.
</p>
<p>
RealPlayer also fingerprints the hardware you use:
</p>
<p><i>
"Such information can include...Information about your computer or mobile device such as your unique device ID (persistent/ non-persistent, MAC or IMEI), hardware, software, platform, and Internet Protocol (IP) address."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
Since we also know that RealPlayer scrapes the geolocation information from your images, this is more information that RealPlayer can use to collect information about
your physical location. And this is only further confirmed by this statement later in the privacy policy:
</p>
<p><i>
"we sometimes receive information from third parties such as...Service providers that help us determine your devices location based on its IP address to customize certain products to your location"
</i><sup><a href="#1">[1]</a></sup></p>
<p>
So, this is proof that RealPlayer is <b><font color=red>designed to track your physical location.</font></b>
</p>
<h3>RealPlayer colludes information with other spyware services to profile its users</h3>
<p>
RealPlayer uses all of the information it collects in combination with information that other spyware platforms and services use
to build a more accurate profile of it's users. It clearly states in its privacy policy that it colludes information with<sup><a href="#1">[1]</a></sup>:
</p>
<ul>
<li><i>
"Social networks (like Facebook and Twitter) and similar third party services, that make users information available to others;"
</i></li>
<li><i>
"Partners with which we offer co-branded services or engage in joint marketing activities"
</i></li>
<li><i>
"Advertisers about your experiences or interactions with their offerings."
</i></li>
</ul>
<h3>RealPlayer uses the information it collects to advertise to its users</h3>
<p>
RealPlayer uses the information that it collects to sell to advertisers and to advertise to its users itself. The privacy policy<sup><a href="#1">[1]</a></sup> makes no secret of this:
</p>
<ul>
<li><i>
"RealNetworks uses information to...Provide personalized content recommendations, language and location customization, and/or personalized help and instructions"
</i></li>
<li><i>
"RealNetworks uses information to...Communicate with you, such as sending you messages concerning your account and customer service issues; asking you to participate in surveys; and delivering news, updates, targeted advertising, promotions, and special offers."
</i></li>
</ul>
<h3>RealPlayer sells the information it collects to third parties</h3>
<p>
RealPlayer clearly states that all of the information that it collects about its users are sold to advertisers:
</p>
<p><i>
"When you visit our website or use our products or services, certain third-party companies can collect information as part of serving ads, providing analytics services, or delivering content or plug-ins."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
The quotes that have been shown here are really only the <b>tip of the iceberg</b> and for more information the actual privacy policy itself should be read since there is so much
more information on it.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.realnetworks.com/privacy-policy">Privacy Policy REALNETWORKS, INC., AND AFFILIATED ENTITIES</a>
<a href="https://web.archive.org/web/20180731113210/https://www.realnetworks.com/privacy-policy">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/13/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

86
articles/redshell.html Normal file
View File

@ -0,0 +1,86 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Redshell</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/redshell_logo.png" alt="redshell Logo">
<p>
Redshell is a spyware platform that is integrated into many video games.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Redshell is a spyware platform. It's purpose is to collect huge amounts of information about its user's computers
to try and connect marketing data (collected through other spyware platforms) to actual results. It fingerprints
any computers it is attached too and phones home. It also collects information about how a player has been interacting
with the video game that it is embedded in. It's strongly recommended that any programs that embed this spyware are
avoided entirely.
</p>
<h3>Redshell collects a huge amount of information from its users machines</h3>
<p>
Redshell has confirmed that it collects the following information<sup><a href="#1">[1]</a></sup>:
</p>
<ul>
<li>Operating System</li>
<li>Installed Browsers</li>
<li>Availible Fonts</li>
<li>Screen Resolution</li>
<li>IP Address</li>
<li>Timezone</li>
<li>System Language</li>
<li>Game-Specific UUID</li>
</ul>
<p>
This is obviously a very large amount of information being mined. The purpose of this is to fingerprint the user as well
as possible, destroying any kind of anonymity. It goes beyond most spyware programs in the information it collects, by
scanning your computer for installed programs and collecting various demographic information about the user. It's very clear
that this is a huge amount of personal information to be collecting, despite all of the claims on the official website about how
innocent this data is.
<p>
<h3>Phoning home</h3>
<p>
Redshell is designed to phone home at its client's (the game developer) whim. Any program using Redshell will phone home with
personal information in a way perculiar to that program.
</p>
<h3>Sharing Information with third parties</h3>
<p>
Redshell clearly says that it shares any kind of marketing data with third parties<sup><a href="#1">[1]</a></sup>:
</p>
<p><i>
"For example: Studio X wants to run ads through Google AdWords. When a potential customer clicks on an that ad, they are sent through our tracking link and redirected to the destination set by the studio (in the same way a bitly link works) - usually their game's Steam page. AdWords provides us with unique id for that user and if they end up playing the game, we tell AdWords so they know the ad was effective."
</i></p>
<p>
Of course, the words "integrated partner" are used to describe these third parties. The bottom line is that other people are being
given this information. There is also an important distinction to make when talking about this: as Redshell's spyware is a product,
Redshell does not actually have control over what the buyers of that product can do. So, just because Redshell doesn't sell the
the information it's spyware collects about it's users to third parties, that doesn't mean that the buyers of the product do not or
will not sell the information that they collect through Redshell to third parties.
</p>
<h3>Further Reading</h3>
<p>
<a href="https://old.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/">[PSA] RED SHELL Spyware - "Holy Potatoes! Were in Space?!" integrated and removed it after complaints</a>
<a href="https://snew.github.io/r/Steam/comments/8pud8b/">[snew.github.io]</a>
<a href="http://archive.is/jwlur">[archive.is]</a>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.redshell.io/gamers">Hi there, we're Red Shell.</a>
<a href="https://web.archive.org/web/20180710040517/https://redshell.io/gamers">[web.archive.org]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 7/16/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

93
articles/slimjet.html Normal file
View File

@ -0,0 +1,93 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Slimjet</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/slimjet_logo.png" alt="slimjet Logo">
<p>
Slimjet is a clone of the SlimBrowser web browser from FlashPeak that uses the Chromium as a base.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Slimjet's website claims that it is very committed to user privacy, and that it blocks Google tracking, unlike Google Chrome<sup><a href="#1">[1]</a></sup>. However this claim is <b><font color=red>not true</font></b>. Slimjet is constantly sending information to google and connecting to google
services. Slimjet claims to be concerned about privacy but ultimately retains just about all of the spyware features found in Google Chrome, as well as additional spyware added on by FlashPoint. In this way, Slimjet manages to implement all of the spyware that is found in browsers like Google Chrome, except instead of one company having this information, it's split up among several companies...
</p>
<h3>Phoning Home</h3>
<p>
Even though on its site, FlashPeak claims that: <i>"Slimjet doesn't send any usage data back to Google like Chrome."</i><sup><a href="#1">[1]</a></sup>
the moment I turn it on with MITMproxy running, I am greeted with this:
</p>
<img src="/images/sj_google_requests.png" alt="Slimjet sending requests to all sorts of google services">
<p>
So, this claim just isn't true at all. It's still got a lot of Google's spyware in it, if it's still connecting to so many Google services. What's kind of surprising is that it didn't seem connect to any servers explicitly operated by FlashPeak when I was testing it. Even though, it claims to collect information about it's users for internal usage.<sup><a href="#2">[2]</a></sup> So, it must be phoning home as well as sending information to Google. Maybe it sends information through some kind of Google web service?
</p>
<h3>Default Search Engine is Spyware</h3>
<p>
The default search engine is <a href="/articles/bing.html">Bing</a>, which sells your information to advertisers. If that isn't enough, it's
<i>"served from fpseek.com"</i> which means that not only are you exposing your information to Bing, this is also being logged by fpseek, which
has it's own privacy policy<sup><a href="#3">[3]</a></sup>. Whenever you search something using the default search engine, requests are sent to both Bing and fpseek.
</p>
<img src="/images/fpseek.png" alt="Fpseek connection">
<p>
So, not only are you sharing everything with Microsoft, now there is another company looking at all of your searches. This is a uniquely bad
default search engine because of how much information it leaks out. Fpseek itself is a company that seems to be tracking how users interact
with advertisments and it says that it uses information it collects about it's users to:
</p>
<p><i>
"...maintain and improve the quality and operation of the Software & Services, including, monitoring viewability of and interaction with advertisements, search results and other products and services provided by Company."
</i><sup><a href="#3">[3]</a></sup></p>
<p>
So, it looks like your searches are sent to two advertising companies instead of just one. At the very least when the search engine is changed to
an alternative like DuckDuckGo the requests to fpseek stop.
</p>
<h3>Collecting Information about Users</h3>
<p>
Slimjet claims to collects <i>"some anonymous feature usage statistics information"</i>, and claims not to record your IP or sell that information
to advertisters. However it is still opt-out spyware.
</p>
<h3>Using the Microsoft BITS service to upload search history to Google servers</h3>
<p>
When you start Slimjet, it will begin using the BITS (Background Intelligent Transfer Service) which is designed to use spare bandwidth to transfer
updates and other information. These requests are sent between Slimjet and a Google server, with confirmation from Process Monitor and MITMproxy:
</p>
<img src="/images/sj_google_BITS.png" alt="Bits1">
<img src="/images/sj_google_BITS_2.png" alt="Bits2">
<img src="/images/sj_google_BITS_3.png" alt="Bits3">
<p>
Personal information was censored from these images. It's unclear what this is for specifically but this is probably being done to implement the
"CLOUD SYNC OF BOOKMARK & DATA" that is advertised on Slimjet's website. This is probably how they upload all of your search history and bookmarks into their cloud services, which seem to be provided by Google. There are no other features or requests made that would require large amounts of data to be sent too an external server in this way, so by process of elimination this is my theory as to how it's implemented.
</p>
<img src="/images/sj_cloud.png" alt="cloud sync feature">
<p>
Obviously you can tell that any kind of service to sync your search history "in the cloud" is a privacy nightmare. Now both Google and Slimjet have access to your search history...
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.slimjet.com/">Fastest web browser that automatically blocks ads</a>
<a href="http://web.archive.org/web/20180624103729/https://www.slimjet.com/">[web.archive.org]</a>
<a href="http://archive.is/67qZa">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.slimjet.com/en/privacy-policy.htm">Privacy Policy</a>
<a href="http://web.archive.org/web/20180624104143/https://www.slimjet.com/en/privacy-policy.htm">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="http://info.fpseek.com/privacy-policy/">Privacy Policy Fpseek</a>
<a href="http://web.archive.org/web/20170619202653/http://info.fpseek.com/privacy-policy/">[web.archive.org]</a>
<a href="http://archive.is/fHly1">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/4/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

95
articles/snapchat.html Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Snapchat</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/snapchat_logo.png" alt="Snapchat Logo">
<p>
Snapchat, developed by <a href="https://en.wikipedia.org/wiki/Snap_Inc">Snap Inc</a> is designed to be a free, and fun smartphone app to send messages as "Snaps" to your friends. It is popular among teenagers and millennials, however older people have started using the app too.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Snapchat is spyware because it identifies you with your IP, demands too many permissions and punishes the user for not allowing it certain permissions. Furthermore, it logs your GPS location constantly, makes you provide a phone number or email to use it after a set grace period, and you are forced to use the offical client</p>
<h3>It Identifies You With Your IP</h3>
<p>
Snapchat constantly logs your IP even if the app is closed and not running on the phone<sup><a href="#1">[1]</a></sup>. Furthermore, it combines all these logged IP addresses to build a log on the person. This log can help identify what cities/countries the user has visited or are residing in. Furthermore it can help pinpoint the users home without using the GPS. This feature is mandatory and there is no way you can disable it, however one might be able to use a VPN or the TOR network, although it has been reported that Snapchat is now blacklisting VPN networks and TOR exit nodes<sup><a href="#2">[2]</a></sup> claiming that they "detected suspicious activity", forcing the user to reveal their real IP address.
</p>
<h3>It Demands Assess to Too Many Permissions and Punishes The User For Not Granting It Permissions</h3>
<p>
For a simple social media app, Snapchat demands too many permissions. When I tested it on my spare Android phone, it wanted access to:</p>
<ul>
<li>Phone owner's full name</li>
<li>Phone Contacts</li>
<li>Phone calendar</li>
<li>Exact GPS location</li>
<li>Send and receive SMS Messages (Which may cost money)</li>
<li>All files on phone and files on MicroSD card</li>
<li>Phone camera</li>
<li>Phone microphone</li>
<li>Identifying device information: IEMI number, carrier, SIM status, phone number</li>
<li>Control phone vibrator motor</li>
</ul>
<p>To top all of that off, Snapchat will punish the user for denying it too many permissions. When I was testing the app, it would lock me out of the app if I didn't give permission assess all my files. It also it would not let me record video if I didn't give it assess to the microphone.</p>
<h3>It Contains a GPS Location Logger</h3>
<p>As well as keeping track of IP's, Snapchat logs locations taken from the phones GPS at random times<sup><a href="#4">[4]</a></sup>. If that wasn't scary enough, Snapchat even sells this data to third party advertisers. Also, Snapchat has introduced SnapMap, a feature that shows where your friends are located. People have reported having their location broadcasted to all their friends<sup><a href="#5">[5]</a></sup> even though they didn't accept any prompts. This is dangerous as this can broadcast your location to potential stalkers and the user doesn't even realize it.</p>
<h3>You Must Provide a Phone Number or Email</h3>
<p>If logging IPs and GPS Locations wasn't enough, Snapchat will now lock out accounts that haven't provided an email or phone number<sup><a href="#3">[3]</a></sup>. Snapchat will let you use thier app for a grace period before it locks you out and demands an email or phone number in order to get your account back. The length of this grace period is unknown.</p>
<h3>You Must Use the Official Client</h3>
<p>If a user is fed up with the the vast amount of information the official Snapchat client collects about you, they CANNOT change to the 3rd party client. Doing so is strictly prohibited. Snapchat has a service that is designed to catch users using 3rd party clients and permanently lock your account. This forces the user to use the official client which contains the spyware.</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.snap.com/en-US/privacy/privacy-policy/">Snap Inc's Privacy Policy</a>
<a href="https://web.archive.org/web/20190213100848/https://www.snap.com/en-US/privacy/privacy-policy/">[web.archive.org]</a>
<br>
<a name="2">2.</a>
<a href="https://support.snapchat.com/en-US/a/blocked-network">Snapchats Troubleshooting Guide</a>
<a href="http://archive.fo/WeNig">[archive.fo]</a>
<br>
<a name="3">3.</a>
<a href="https://www.player.one/snapchat-account-locked-why-it-happened-and-how-unlock-your-account-524999">Player One's Article On Locked Snapchat Accounts</a>
<a href="https://web.archive.org/web/20190121224137/https://www.player.one/snapchat-account-locked-why-it-happened-and-how-unlock-your-account-524999">[web.archive.org]</a>
<br>
<a name="4">4.</a>
<a href="https://support.snapchat.com/en-US/a/download-my-data">Snapchat Request Data</a>
<a href="http://archive.fo/lzoDg">[archive.fo]</a>
<br>
<a name="5">5.</a>
<a href="https://www.theverge.com/2017/6/23/15864552/snapchat-snap-map-privacy-threat">Verge's Article On Snapmap</a>
<a href="https://web.archive.org/web/20190223064446/https://www.theverge.com/2017/6/23/15864552/snapchat-snap-map-privacy-threat">[web.archive.org]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 2/23/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

51
articles/sphere.html Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Sphere Browser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/sphere_logo.png" alt="sphere browser logo">
<p>
Sphere Browser is a privacy-focused web Browser made by Tenebris.
</p>
<h2>Spyware Level: <font color=greenyellow>Possible Spyware</font></h2>
<p>
This program was tested with MITMproxy on Linux. Sphere Browser itself does not contain any telemetry and really has removed all of
the spyware from the chromium codebase that it is based on. However, it has two red flags- the default homepage has analytics, and you have to run
analytics on your browser to download it. The software is fine. Just the settings and the way you have to
download it and the lack of source code hold it back from the title of "Not Spyware". You can easily configure it to not connect to the default homepage, at least.
</p>
<h3>Tracking pixel on the default homepage</h3>
<p>
Sphere Browser is based around an "identities" feature that lets you change how your browser appears to the rest of
the internet in a rather easy way- and then it by default loads the site <code>f.vision</code> which can identify your new identity in a pretty
centeralized way, and even includes a tracking pixel from the getclicky analytics service. If you want to use this browser, you really
should not be using this default homepage. It contrasts with the privacy features of the browser rather poorly.
</p>
<img src="/images/sphere_tracking.png" alt="getclicky tracking pixel on the sphere browser default homepage">
<h3>JavaScript from an Analytics company on the download site</h3>
<p>
Another problem is, you need to load JavaScript to download the browser itself at sphere.tenebris.cc/, which tries to load JS code from Tenebris
as well as JavaScript from the same analytics company that has the tracking pixel on <code>f.vision</code>. Why are these analytics here if the browser
is so focused on privacy?
</p>
<img src="/images/sphere_homepage.png" alt="getclicky tracking JS on the sphere browser download page">
<hr>
<p><b>
This article was last edited on 12/12/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

113
articles/steam.html Normal file
View File

@ -0,0 +1,113 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Steam</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/steam_logo.png" alt="Steam logo">
<p>
Steam is a video game launching service, digital content store, DRM platform, file sharing platform, and Social Network created by Valve.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
This program is spyware because it collects huge amounts of user information, including but not limited to your Home Address, Telephone Number, Credit Card Number, and Internet Search History. Steam also profiles your hardware, communciations through Steam's social networking features, and contains a mandatory self-updater. Steam will not work without an internet connection.
</p>
<h3>Steam's source code is unavailible</h3>
<p>
Steam cannot be built from an availible copy of the source code. This means that it is impossible to prove that Steam is not spyware or does not use certain spyware features that it potentially has.
</p>
<h3>Steam collects and shares huge amounts of sensitive user information</h3>
<p>
In Steam's privacy policy<sup><a href="#1">[1]</a></sup>, Steam details that it collects the following user information:
</p>
<ul>
<li>Name</li>
<li>Address</li>
<li>Credit Card Number(s)</li>
<li>e-mail</li>
<li>Age</li>
<li>IP Address</li>
<li>Device Unique ID</li>
<li>Chat logs</li>
<li>Fourm posts</li>
<li>Voice Chat Recordings</li>
<li>Hardware Enumeration</li>
</ul>
<p>
Steam also confirms that it shares this information with third parties. The implications of this are as follows: Steam knows your name, age, where you live, your banking information, and what your e-mail is. Steam shares this information with other companies (at least, to the extent allowed by law). Steam can use your IP Address to track where you are to the nearest county and can use your Device Unqiue ID provided by the fingerprinting spyware features inside Steam to track your usage habits across devices that you use. Steam also records all of your communications with others through its social networking and instant messaging services, such as all chat logs, voice conversations, and forum posts, and can share all of this information with third parties as well.
</p>
<h3>Steam has been and may still be recording your internet history</h3>
<p>
It was proven that Steam's VAC system records your internet history and uploads it to an offical Valve server<sup><a href="#2">[2]</a></sup>. Valve has subsequently denied<sup><a href="#3">[3]</a></sup> that they store user's internet history, but it is impossible for Valve to prove that they do not store internet history. What we do know is that Valve does have the ability to spy on a users internet history, the spyware feature is programmed into Valve's software and the internet history is processed by Valve's servers. It is up to you to decide wether or not you trust Valve when they say that they have turned this feature off or not.
</p>
<h3>Steam records and publicly broadcasts your program usage habits</h3>
<p>
Steam records your program usage habits for all programs launched through Steam's program launching service. This spyware feature is mandatory and has no opt-out. Steam also uses its social network features such as the user profile and friends list to broadcast a users program usage habits publicly. This spyware feature can be partially disabled by setting your profile to private, but it cannot be opted-out of if you are using the "friends" social networking feature.
</p>
<h3>Steam attempts to collect your telephone number</h3>
<p>
Steam has the spyware feature which allows you to "opt-in" to certain features of the Steam service by providing Steam your telephone number. This is done through a pop-up that cannot be turned off. This spyware feature is currently not required, but is being encouraged by Steam. Steam in fact will lock out certain features and privledges to users who want to protect their privacy- for example, access to the "steam store" which is an online marketplace run by valve requires you to give you your phone number. So it is impossible to use all features of the software without giving up this kind of information.
</p>
<h3>Steam "phones home" and requires and internet connection</h3>
<p>
Steam will "phone home" whenever the Steam client is opened or a program is launched through Steam. This spyware feature is mandatory and cannot be turned off. Steam provides an offline mode which is not an opt-out because users must still connect to Steam Servers every 30 days or so.
</p>
<h3>Steam is self-updating software</h3>
<p>
Steam contains spyware features that allow it to update itself without user verification. This is not an opt-out feature because eventually Steam will stop working until it is updated. Self-updating software is a form of spyware because it can be used to install new spyware features or force users to agree to new agreements that force them to explicitly give up more information to continue using the spyware program.
</p>
<hr>
<h2>Further Reading</h2>
<p>
<a href="https://voat.co/v/technology/2475543">Steam Proprietary Malware</a>
<a href="http://web.archive.org/web/20180802034105/https://voat.co/v/technology/2475543">[web.archive.org]</a>
<a href="http://archive.is/baCzK">[archive.is]</a>
<br>
<a href="https://www.ghacks.net/2016/02/08/steam-uses-insecure-out-of-date-chromium-browser/">Steam uses insecure, out-of-date Chromium browser</a>
<a href="https://web.archive.org/web/20180114102416/https://www.ghacks.net/2016/02/08/steam-uses-insecure-out-of-date-chromium-browser/">[web.archive.org]</a>
<a href="http://archive.is/UpQU5">[archive.is]</a>
<br>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://store.steampowered.com/privacy_agreement/">Privacy Policy Agreement</a>
<a href="https://web.archive.org/web/20180601093517/https://store.steampowered.com/privacy_agreement/">[web.archive.org]</a>
<a href="http://archive.is/20180527153547/https://store.steampowered.com/privacy_agreement/">[archive.is]</a>
<a href="http://wayback.archive-it.org/all/20170630073019/http://store.steampowered.com/privacy_agreement/">[wayback.archive-it.org]</a>
<a href="http://arquivo.pt/wayback/20160515220303/http://store.steampowered.com/privacy_agreement/">[arquivo.pt]</a>
<br>
<a name="2">2.</a>
<a href="http://store.steampowered.com/privacy_agreement/">VAC now reads all the domains you have visited and sends it back to their servers hashed</a>
<a href="https://web.archive.org/web/20180521023712/https://www.reddit.com/r/GlobalOffensive/comments/1y0kc1/vac_now_reads_all_the_domains_you_have_visited/">[web.archive.org]</a>
<a href="https://archive.is/rc37E">[archive.is]</a>
<br>
<a name="3">3.</a>
<a href="http://www.reddit.com/r/gaming/comments/1y70ej/valve_vac_and_trust/">Valve, VAC, and trust</a>
<a href="https://web.archive.org/web/20180521023711/https://www.reddit.com/r/gaming/comments/1y70ej/valve_vac_and_trust/">[web.archive.org]</a>
<a href="https://archive.li/06hx7">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This article was last edited on 8/3/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

55
articles/systemd.html Normal file
View File

@ -0,0 +1,55 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>systemd</h1>
<p><a href="/articles">Back to catalog</a></p>
<h1><font color=red>This aritcle is not accurate and needs to be rewritten</font></h1>
<h2>Spyware Level: <font color="yellow">Not Rated</font></h2>
<p>
A lot of people asked me to write this article, so here is my attempt at writing it. Lots of people have lots of reasons to dislike systemd, and a lot of them wonder if
there is also a privacy reason to dislike systemd. But I have not ever heard of any kind of telemetry, phoning home, or any other kind of spyware in the systemd software
suite. systemd is free software so anyone can look at the code. And a lot of people have spent a lot of time cataloging why they don't like systemd. But if you read their
reasons, none of them mention any kind of spyware hiding inside of systemd's codebase that can be actually proven. So, I can't write that systemd is spyware until someone
can prove that it is spyware. If you have proof then feel free to email me and I will be happy to change this rating.
</p>
<p>
This line of reasoning for giving systemd a "Not Spyware" rating has some flaws, and the most obvious one is that it isn't reasonable to audit the 1 million lines of systemd
code for spyware. But this is still too generic of a critisim to make about it, because while in theory it is true, there needs to be real proof. Maybe the take-away is
that while there are many reasons to not like systemd, it's really probably not violating anyones privacy, just because of how much scrutiny it has gotten. Maybe it should be
rated "Potential Spyware" or a lower, "Probably Not Spyware"? I think that the rating should be taken with a grain of salt because of this.
</p>
<p>
I have personally never used systemd and I don't have the skills to actually audit it or run tests on it myself. So this isn't a very good place to look when looking for reasons
to dislike systemd. At the very least, I can point to anti-systemd web pages that I am sure would be the first to report on systemd potentially violating the privacy of it's users.
But I don't want to call them "sources" or anything because what they talk about is beyond the scope of this website.
</p>
<hr>
<h2>Anti systemd web pages</h2>
<p>
<a href="https://suckless.org/sucks/systemd/">systemd is the best example of Suck.</a>
<a href="https://web.archive.org/web/20180725191931/https://suckless.org/sucks/systemd">[web.archive.org]</a>
<a href="http://archive.li/BfS7l">[archive.is]</a><br>
<a href="http://without-systemd.org/wiki/index.php/Arguments_against_systemd">Arguments against systemd</a>
<a href="http://web.archive.org/web/20180802045154/http://without-systemd.org/wiki/index.php/Arguments_against_systemd">[web.archive.org]</a>
<a href="http://archive.li/bnmIo">[archive.is]</a><br>
<a href="https://web.archive.org/web/20170724100245/https://muchweb.me/systemd-nsa-attempt/">Is systemd an NSA attempt?</a>
</p>
<hr>
<p><b>
This article was last edited on 8/7/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

57
articles/telegram.html Normal file
View File

@ -0,0 +1,57 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Telegram</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/telegram_logo.png" alt="Telegram Logo">
<p>
Telegram is an instant messaging program that allows you to send text, images, videos and also any other files to other Telegram users.
</p>
<h2>Spyware Level: <font color="yellow">Medium</font></h2>
<p>
Telegram has some spyware features in it such as the telephone number verification, and routing communications through official Telegram servers in most cases. However, Telegram contains privacy features and claims to not collect any user information<sup><a href="#1">[1]</a></sup>.
</p>
<h3>Telephone Number Required</h3>
<p>
Telegram features the more modern spyware feature that requires the user to associate their persistent user identity with a telephone number. This is obviously a breach of privacy, because Telegram requires the user to disclose this personal information.
</p>
<h3>Centralized communication routing</h3>
<p>
Telegram does not use peer-to-peer or private servers for the majority of its communications. This means that Telegram is capable of logging all of the communications you send through its service, unless you opt to only use the Peer-to-Peer features of Telegram. Centralized communication routing has a high potential to be spyware. Telegram attempts to use Peer-to-Peer communication for Voice Calls, but it may disclose IP address to the counterpart. Telegram claims in its privacy policy<sup><a href="#1">[1]</a></sup> that it does not collect any information, but it is impossible to prove this.
</p>
<p>
Telegram's server software is closed source and Telegram does not distribute its server software. There is no way for other people to host their own Telegram services because
of this, meaning that the servers that the developers operate are the only choice for using this messaging platform.
</p>
<h3>Telegram does not follow its GPLv2 Obligations</h3>
<p>
Telegram clients are advertised as free software, but in practice the source code is not immediately accessible<sup><a href="#2">[2]</a></sup>, the delay sometimes being up to 5 months. So, unknown spyware features could be in the official Telegram client binaries that you download, without you knowing. It's recommended that you build an outdated version of telegram from its source code, since its not provable whether or not the binaries that are distributed have unknown spyware or not.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://telegram.org/privacy">Telegram Privacy Policy</a>
<a href="https://web.archive.org/web/20180528161128/https://telegram.org/privacy">[web.archive.org]</a>
<a href="https://archive.is/Rn64n">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://github.com/overtake/TelegramSwift/issues/163">Where are the sources of the latest releases?</a>
<a href="https://archive.li/2018.05.29-092521/https://github.com/overtake/TelegramSwift/issues/163">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 2/18/2019
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

74
articles/thunderbird.html Normal file
View File

@ -0,0 +1,74 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Mozilla Thunderbird</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/thunderbird.png" alt="Mozilla Thunderbird logo">
<p>
Mozilla Thunderbird is an email, newsgroup, news feed, and chat client that was developed by the Mozilla Foundation, who are also the developers of <a href="/articles/firefox.html">Firefox</a>.
</p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
<p>
Thunderbird contains a lot of spyware features, however all of these can be opted-out of and most of the spyware is connected to the web-browsing capaiblities of Thunderbird. Thunderbird contains some minor spyware protection to its users and does not attempt to collect any information that is extremely sensitive, however it is spyware and does share and collect user information by default that it does not need to share.
</p>
<h3>Thunderbird shares your E-Mail address with other parties</h3>
<p>
From the Thunderbird privacy policy<sup><a href="#1">[1]</a></sup>:
</p>
<p><i>
Thunderbird may try to contact external DNS servers, standard autoconfiguration URIs, and Mozilla's configuration database to try and work the settings needed for your account. This may involve sending part or all of your email address, but never involves sending your password. When Thunderbird does this, the parties contacted may retain logs of those requests.
</i></p>
<h3>Thunderbird allows other websites to track you</h3>
<p>
Thunderbird contains web browsing spyware features, including compatiblity with tracking cookies and javascript, which can both be used to allow other parties to spy on users. As such, all of the spyware concerns of browsing the web are relevant when using Thunderbird. However, these features can be turned off. They are not spyware in and of themselves but they are attack vectors for other spyware programs to be downloaded and executed by the user. Thunderbird however provides some basic protections by default such as blocking all remote content in HTML E-Mails.
</p>
<h3>Thunderbird profiles its users and tracks the add-ons and personas they have installed</h3>
<p>
Thunderbird details in its privacy policy<sup><a href="#1">[1]</a></sup> that it updates Mozilla with the add-ons that users have installed, and then uses that information to recommend other add-ons to its users. Thunderbird will also track which "personas" a person installs and uses (these are like themes) when the user is using Mozilla's centeralized "personal gallery". These spyware features can be opted-out of or not used.
</p>
<h3>Thunderbird shares your web browsing information with other parties</h3>
<p>
From the Thunderbird privacy policy<sup><a href="#1">[1]</a></sup>:
</p>
<p><i>
When you visit a secure website or access secure remote content via emails, Thunderbird may check the identity of that secure remote service using any status provider mentioned in the certificate provided by that service. Thunderbird sends only the certificate identification to the certificate provider, not the exact URL you are visiting. Sending these verification requests to third parties is sometimes important to ensure your connection to a site is secure; to help maintain your security, Thunderbird may deny access to the site if it can't verify your connection using the third party.
</i></p>
<p>
Keep in mind that this only applies to web browsing activity that happes on Thunderbird, and not web browsing activity that happens on any other program. This feature can be opted-out of.
</p>
<h3>Thunderbird is self-updating software</h3>
<p>
Thunderbird will try and download new versions of itself using its update system. Since new versions of programs means that there could be new forms of spyware hidden in the program after updating, this is a form of spyware. This feature has an opt-out.
</p>
<h3>Thunderbird contains other opt-in spyware</h3>
<p>
Thunderbird contains several forms of opt-in spyware that only collects information when the user specifically authorizes it. This includes crash reports and detailed user analytics. Mozilla says that it anonymizes this information if you choose to share it.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://www.mozilla.org/en-US/privacy/thunderbird/">Mozilla Thunderbird Privacy Policy</a>
<a href="https://web.archive.org/web/20180518042233/https://www.mozilla.org/en-US/privacy/thunderbird/">[web.archive.org]</a>
<a href="https://archive.is/l4Sf1">[archive.is]</a>
<a href="http://arquivo.pt/wayback/20150815191914/https://www.mozilla.org/en-US/privacy/thunderbird/">[arquivo.pt]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 6/2/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

51
articles/tor.html Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Tor Browser</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/tor_logo.png" alt="TOR browser logo">
<p>
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.<sup><a href="#1">[1]</a></sup>
</p>
<h2>Spyware Level: <font color="lime">Not Spyware</font></h2>
<p>
The Tor browser is a privacy focused web browser that is used to access the internet either normally or through the Tor Network.
Connections through the Tor network are much more private than normal connections as you do not have an IP address that is
associated with you. While spyware services can tell that you are connecting from the Tor network, their ability to identify and profile you is
greatly reduced. Tor browser is <b><font color="lime">Not Spyware</font></b> and is the best web browser to use for privacy.
</p>
<p>
One thing that complicates this review is that most browsers are chastized for sending auto-update requests. However the Tor browser is doing
this over the Tor network... so while it's definitely "phoning home", it's doing so in an anonymous way.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.torproject.org/">Tor Browser Official Site</a>
<a href="https://web.archive.org/web/20181113230342/https://www.torproject.org/">[web.archive.org]</a>
<a href="http://wayback.archive-it.org/all/20181111103241/https://www.torproject.org/">[wayback.archive-it.org]</a>
<a href="http://webarchive.loc.gov/all/20170822223331/https://www.torproject.org/">[webarchive.loc.gov]</a>
<a href="https://swap.stanford.edu/20141221222101/https://www.torproject.org/">[swap.stanford.edu]</a>
<a href="https://arquivo.pt/wayback/20160517095637/http://www.torproject.org/">[arquivo.pt]</a>
<a href="http://archive.is/20181011170659/https://www.torproject.org/">[archive.is]</a>
<a href="http://wayback.vefsafn.is/wayback/20180915054500/https://www.torproject.org/">[wayback.vefsafn.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 11/20/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

45
articles/ungoogled_chromium.html Normal file
View File

@ -0,0 +1,45 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<meta name="viewport" content="width=device-width, initial-scale=1">
<h1>Ungoogled-Chromium</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/ugc_logo.png" alt="Ungoogled-Chromium logo">
<p>
Ungoogled-chromium is Google Chromium, sans integration with <a href="/articles/google.html">Google</a>. It also features some tweaks to enhance privacy,
control, and transparency (almost all of which require manual activation or enabling).<sup><a href="#1">[1]</a></sup>
</p>
<h2>Spyware Level: <font color="lime">Not Spyware</font></h2>
<p>
Ungoogled-chromium is a fork of Chrome that has all of Google's spyware removed. It was tested with MITMproxy and makes
<b><font color="lime">no unsolicited requests</font></b>, and is therefore not spyware. Ungoogled-chromium is the highest-rated
browser based on <a href="/articles/chrome.html">Google Chrome</a>, and is probably one of the best choices if you can compile it.
Otherwise <a href="/guides/iridium.html">configuring Iridium</a> to a sufficient privacy standard might be a good choice if you are
looking for a Chrome-based browser to switch too without taking the time to compile any software.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://github.com/Eloston/ungoogled-chromium">Ungoogled-Chromium</a>
<a href="http://web.archive.org/web/20181008021159/https://github.com/Eloston/ungoogled-chromium">[web.archive.org]</a>
<a href="http://archive.is/uLsce">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 11/1/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

66
articles/unity.html Normal file
View File

@ -0,0 +1,66 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Unity</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/unity_logo.png" alt="unity Logo">
<p>
Unity is a game engine developed by Unity Technologies SF.
</p>
<h2>Spyware Level: <font color=red>EXTREMELY HIGH</font></h2>
<p>
Unity collects user information and uses it in a dubious and malicious way and is a classic example of how analytics are a framework for anti-user behavior. It should not be trusted. It also is integrated with other spyware programs, like the .NET runtime provided microsoft, and Visual Studio. You can use alternatives to these, though.
</p>
<h2>Unity Editor collects user activity</h2>
<p>
Some users have found that the Unity Editor, left idle for some time, will elicit an email from Unity support
asking for a reason for their inactivity.<sup><a href="#1">[1]</a></sup>
Unity support have also been known to contact developers suspected to be earning over the $100,000 revenue limit with the gratis Unity Editor (against Unity EULA) to pressure them into purchasing a Pro license. Several of these developers were not active on services, or did not even have accounts on said services, which Unity support claimed to have "discovered" their projects.<sup><a href="#2">[2]</a></sup> Additionally, Unity Editor analytics can no longer be disabled unless users purchase the Pro edition.<sup><a href="#3">[3]</a></sup>
</p>
<img src="/images/unity_analytics.png" alt="unity data collection UI">
<h2>Unity games and system data collection</h2>
<p>
Many Unity games have been found to report telemetry at first launch and have telemetry enabled by default, sometimes with no option to disable it. With no way to disable data collection, players are left to blacklist the game through their firewall.<sup><a href="#4">[4]</a></sup> Exported Unity projects collect anonymized statistics about a systems hardware configuration to monitor and report to developers which type of devices are used to play their Unity engine games. <sup><a href="#5">[5]</a></sup>
</p>
<hr>
<h2>Credits</h2>
<p>
This reveiew was written by Alia Sarmor.<br>
Formatting changes were done by the site maintainer.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://twitter.com/SmashRiot/status/1022518849848180736">Jesse / Dr. Spacezoo (twitter)</a>
<a href="https://web.archive.org/web/20180809193622/https://twitter.com/SmashRiot/status/1022518849848180736">[web.archive.org]</a><br>
<a name="2">2.</a>
<a href="https://www.gamedev.net/news/hard-sell-and-coercive-tactics-from-unity-r477/">Hard sell and coercive tactics from Unity</a>
<a href="http://web.archive.org/web/20180824223630/https://www.gamedev.net/news/hard-sell-and-coercive-tactics-from-unity-r477/">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="https://forum.unity.com/threads/cant-disable-editor-analytics-since-unity-5-2-3p1-its-now-pro-only.370585">Can't disable editor analytics since Unity 5.2.3p1 it's now pro only</a>
[Need archive- cant manage to do it...!]<br>
<a name="4">4.</a>
<a href="https://www.gog.com/mix/games_w_potentially_telemetry">Games w/ potentially telemetry</a>
<a href="http://web.archive.org/web/20180716174123/https://www.gog.com/mix/games_w_potentially_telemetry">[web.archive.org]</a><br>
<a name="5">5.</a>
<a href="https://web.archive.org/web/20180612145659/https://www.tasharen.com/?p=4811">Tasharens Games: Privacy Policy</a><br>
</p>
<hr>
<p><b>
This article was last edited on 9/10/2018
</b></p>
<p><b>
This article was created on 8/24/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

43
articles/utorrent.html Normal file
View File

@ -0,0 +1,43 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>uTorrent</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/utorrent_logo.png" alt="utorrent logo">
<p>
uTorrent is a proprietary adware BitTorrent client owned and developed by BitTorrent, Inc.
</p>
<h2>Spyware Level: <font color="yellow">Not Rated</font></h2>
<p>
This article is a stub. Someone needs to write it. Email me if that person is you. The rest of this page is just the template for writing new
articles.
</p>
<h3>Spyware Feature X</h3>
<p>
This program has spyware feature X in it. There should be some kind of proof here. If it doesn't contain original research, the source
should be cited like this: <sup><a href="#1">[1]</a></sup>.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="http://example.com/">Example Source</a>
<a href="http://web.archive.org/web/20180729230956/http://example.com/">[web.archive.org]</a>
<a href="http://archive.is/tgJjl">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/3/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

92
articles/vivaldi.html Normal file
View File

@ -0,0 +1,92 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Vivaldi</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/vivaldi_logo.png" alt="vivaldi logo">
<p>
Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). But how does it look in terms of privacy? Versions 1.15 and 2.0 were tested to make this article. Program used for testing requests: Mitmproxy.
</p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
<p>
Vivaldi makes a bunch of requests to Google upon startup and after (malware protection requests can be turned off, but extension updates don't appear to?). Phones home every 24 hours with a unique ID using Piwik, an analytics service. Anti-privacy <a href="/articles/bing.html">Bing</a> as the default search engine. Not fully open source. Connects to an analytics platform that spies on its users.
</p>
<h3>Vivaldi's developers do not respect your privacy</h3>
<p>
Vivaldi connects to the analytics platform Piwik<sup><a href="#1">[1]</a></sup> that it uses to spy on its users, which is discussed in greater detail in other sections of this page.
What is most notable about this is the additude of Vivaldi's developer team: Developers that belittle privacy concerns, and insult their users further when they speak out about being spied on,
are <font color=red><b>not developers you can trust.</b></font> Below is an anti-privacy rant from a moderator on Vivaldi's forums:
</p>
<p><i>
@dib_ Stop spreading FUD. Piwik as employed by Vivaldi is not "spyware." Piwik is not a "spyware company" (unless Google, Facebook, Yahoo, TVGuide, Microsoft, Apple, NYT, Huffpo, Ancestry.com, WaPo, CenturyLink and McAfee are "spyware companies" - in which case just disconnect your computer and go to bed). It is irresponsible and malicious of you to lie about Vivaldi in this fashion. If you want to know what a connection does, ask. But don't sling around reckless accusations.<sup><a href="#2">[2]</a></sup>
</i></p>
<h3>Addon updates</h3>
<p>
<BR>
<img src = "/images/vivaldi_update.png"><BR>
These are the Chrome webstore requests, supposed to update your extensions. But with a new Vivaldi install, you don't have any, so they only accomplish spying. And the first request includes "x-googleupdate-appid" which is most likely <b>uniquely identifying</b>. <font color=red>Can't be disabled.</font>
</p>
<h3>Google Safe Browsing</h3>
<p>
<img src = "/images/vivaldi_safebrowsing.png"><BR>
<img src = "/images/vivaldi_threatlist.png"><BR>
Vivaldi is downloading the lists for Google's Malware and Phishing protection, which is enabled by default, but can be disabled from the Settings menu.
</p>
<h3>Phoning home</h3>
<p>
From Vivaldi's privacy policy: "When you install Vivaldi browser ('Vivaldi'), each installation profile is <b>assigned a unique user ID</b> that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.". So they (claim to) delete "the last octet" of your IP. How generous of them. This is the full request: <img src="/images/vivaldi_piwik.png">
</p>
<h3>Anti-privacy search engine by default</h3>
<p>The default search engine is Bing, whose privacy policy states: "Microsoft will collect the search or command terms you provide, along with your IP address, location, the unique identifiers contained in our cookies, the time and date of your search, and your browser configuration.". To make it worse, that data is shared with third parties: "We share some de-identified search query data, including voice queries, with selected third parties for research and development purposes." (you have no proof it has been "de-identified", by the way). Vivaldi has other engines preinstalled, and you can easily change it - but still, the default is all we can judge it by.
</p>
<h3>New tab sites</h3>
<p>By default, Vivaldi contains some websites in its new tab page that have a lot of spyware in them, but does not automatically make any connection, and those sites can easily be deleted.</p>
<h3>Cannot be built from source code</h3>
<p>
"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."<sup><a href="#3">[3]</a></sup>
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://matomo.org/download/">Get Matomo</a>
<a href="https://web.archive.org/web/20180531220947/https://matomo.org/download/">[web.archive.org]</a>
<a href="http://archive.is/q9hOn">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://forum.vivaldi.net/topic/24029/return-of-vivaldi-spyware">Return of Vivaldi spyware</a>
<a href="https://web.archive.org/web/20180214185847/https://forum.vivaldi.net/topic/24029/return-of-vivaldi-spyware">[web.archive.org]</a>
<a href="http://archive.li/8Elc9">[archive.li]</a><br>
<a name="3">3.</a>
<a href="
https://www.reddit.com/r/vivaldibrowser/comments/62adz5/the_vivaldi_source_code_license_and_the_eula/dfn7ltm/
">The Vivaldi source code license and the EULA appear to conflict with each other...</a>
<a href="
https://web.archive.org/web/20180410043927/https://www.reddit.com/r/vivaldibrowser/comments/62adz5/the_vivaldi_source_code_license_and_the_eula/dfn7ltm/
">[web.archive.org]</a>
<a href="http://archive.li/ZoRUx">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 10/14/2018
</b></p>
<p><b>
This article was created on 11/25/2017
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

45
articles/vlc.html Normal file
View File

@ -0,0 +1,45 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>VLC Media Player</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/vlc_logo.png" alt="VLC Media Player Logo">
<p>
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
VLC Media Player is not spyware, but it does have notable features in it that could be possible forms of spyware. However all of these features are opt-in, and the software explicitly informs the user about the risks associated with these features. VLC is a model program that has convenience features in it that could compromise privacy, while still respecting user privacy.
</p>
<h3>VLC Media Player has been distributed with spyware programs by third parties</h3>
<p>
While VLC's creators do not distribute their player with spyware, it has been distributed with spyware<sup><a href="#1">[1]</a></sup> by other parties. If you download VLC Media Player, make sure you download it from <a href="https://www.videolan.org/">VideoLAN's web site</a>.
</p>
<h3>VLC Media Player contains some opt-in spyware features</h3>
<p>
VLC Media player searches through online databases to find complete album covers / metadata for songs. This implicitly means that it sends requests to external servers, and those servers could log information about specific users music libraries. VLC Media player also has a self-updater, however this does not update without the user's consent, and while there is no precedent for the developers to add spyware in its updates, it's still notable. This is the notice that users are presented with when first installing VLC, which adequately explains the implications of these features. The only improvement would be to not have them checked off by default.
</p>
<img src="/images/vlc_privacy_policy.png" alt="privacy policy">
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.zdnet.com/article/companies-bundling-spyware-adware-with-open-source-media-player/">Companies bundling spyware, adware with open-source media player</a>
<a href="https://web.archive.org/web/20180410043938/https://www.zdnet.com/article/companies-bundling-spyware-adware-with-open-source-media-player/">[web.archive.org]</a>
<a href="http://archive.is/80IDC">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 7/30/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

145
articles/waterfox.html Normal file
View File

@ -0,0 +1,145 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Waterfox</h1>
<p><a href="https://spyware.neocities.org/articles">Back to catalog</a></p>
<img src="/images/waterfox logo.png" alt="Waterfox Logo">
<p>
Waterfox is a web browser that is a fork of <a href="/articles/firefox.html">Firefox</a>.
</p>
<h2>Spyware Level: <font color=orange>High</font></h2>
<p>
Waterfox is a fork of Firefox that claims to be more private and secure
than Firefox. However, Waterfox contains telemetry and shares
information about you with Mozilla, and has other spyware features.
</p>
<h3>Waterfox connects to spyware services when it is first run</h3>
<p>
If you start up Waterfox for the first time, it will make <b><font color="red">109 requests</font></b><sup><a href="#5">[5]</a></sup> to several spyware platforms, most notably
Google Analytics, and Mozilla online services like its Geolocation service, and several other Mozilla services, as
well as Waterfox's own update service. You can look at a list of these requests
<a href="https://digdeeper.neocities.org/images/wfox.png">here</a> or a on mirror <a href="/images/wfox.png">here</a>.
</p>
<h3>Waterfox has a communication problem</h3>
<p>
There has been some controversy over Waterfox's privacy policy<sup><a href="#1">[1]</a></sup>.
At the time of writing, it claims that Waterfox sends "Webpage data
to Google's SafeBrowsing service," meaning that at one point, both Google
and Waterfox were spying on all of your internet activity. However,
according to this reddit thread<sup><a href="#2">[2]</a></sup>,
this is no longer true: therefore, Waterfox's privacy policy does not
necessarily reflect what information the browser currently collects.
The lack of detail and clarity in the privacy policy is also very
concerning. For example, in the abovementioned section titled "Webpage
data to Google's SafeBrowsing service," there are links to a Firefox
Knowledge Base article and Google's privacy policy, neither of which
actually explain what data is sent by Waterfox to Google. If this were
still accurate, it would have some serious privacy implications (and
would certainly bump up the spyware rating of this program). An
inaccurate and outdated privacy policy - i.e. one that does not
correctly explain what information is being shared - is
a <font color="red"><b>serious red flag</b></font> for any privacy-conscious user.
</p>
<h3>Waterfox "phones home" with information about your computer whenever you start it up</h3>
<p>
According to its privacy policy<sup><a href="#1">[1]</a></sup>, Waterfox collects the following information by default:
</p>
<ul>
<li>Waterfox version</li>
<li>Operating system</li>
<li>Language settings</li>
<li>Installed Waterfox Add-ons</li>
</ul>
<p>
Waterfox shares this information with Mozilla and will collect this information every time you launch Waterfox.
</p>
<h3>Waterfox offers spyware search engines to its users and uses Bing as its default search engine</h3>
<p>
By default Waterfox is using the spyware search engine <a href="/articles/bing.html">Bing</a>.
Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google,
which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). Luckily there are some more private search engines offered,
like StartPage and DuckDuckGo. What is concerning is the additude that the developer of waterfox has towards these spyware search engines:
</p>
<p>
<i>"Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009)."</i><sup><a href="#3">[3]</a></sup>
</p>
<p>
It's very clear that while the browser advertizes itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim.
</p>
<h3>Waterfox sends all website notifications through Mozilla's servers</h3>
<p>
If you enable notifications on a website, all of those messages will
be sent through Mozilla's servers. According to Waterfox's privacy policy<sup><a href="#1">[1]</a></sup>,
Mozilla cannot see the content of said messages. However, Mozilla will
receive the following information:
</p>
<ul>
<li>Number of Waterfox subscriptions and unsubscriptions to website notifications</li>
<li>Number of messages sent</li>
<li>Timestamps</li>
<li>Senders (which may include specific website providers)</li>
</ul>
<p>
So, Mozilla can see who is sending notifications, when these notifications
are being sent, how many notifications are sent, and how many websites you
have enabled notifications on. Waterfox collects all of the above, and
additionally sees your IP address for each notification sent.
</p>
<h3>Waterfox is integrated into the "Firefox Accounts" spyware platform</h3>
<p>
The "Firefox Accounts" platform allows you to sync a lot of sensitive
information, such as your internet history, across all of your devices.
This is, of course, all being stored on Mozilla's servers.<sup><a href="#4">[4]</a></sup>
This feature
is opt-in spyware, but it should still be mentioned.
If you don't want your internet history to be uploaded to Mozilla servers,
don't use this feature.
</p>
<h3>Waterfox is self updating software</h3>
<p>
Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way
where the user can understand what they are giving up when they download the update. Given Waterfox's bad communication, this is especially likely to happen.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.waterfoxproject.org/en-US/privacy/waterfox/">Improve security for users everywhere</a>
<a href="http://web.archive.org/web/20180411175752/https://www.waterfoxproject.org/en-US/privacy/waterfox/">[web.archive.org]</a>
<a href="https://archive.li/ONrR3">[archive.li]</a><br>
<a name="2">2.</a>
<a href="https://www.reddit.com/r/waterfox/comments/880z4b/what_happened_to_waterfoxs_devotion_to_user/">What happened to Waterfox's devotion to user privacy?</a>
<a href="http://web.archive.org/web/20180329154241/https://www.reddit.com/r/waterfox/comments/880z4b/what_happened_to_waterfoxs_devotion_to_user/">[web.archive.org]</a>
<a href="https://archive.li/omeK3">[archive.li]</a><br>
<a name="3">3.</a>
<a href="http://www.reddit.com/r/waterfox/comments/7m1pkq/waterfox_and_ecosia_privacy_concerns/">Waterfox and Ecosia - Privacy Concerns</a>
<a href="https://web.archive.org/web/20180201210222/https://www.reddit.com/r/waterfox/comments/7m1pkq/waterfox_and_ecosia_privacy_concerns/">[web.archive.org]</a>
<a href="https://archive.is/smDw6">[archive.is]</a><br>
<a name="4">4.</a>
<a href="https://support.mozilla.org/en-US/kb/access-mozilla-services-firefox-accounts">Access Mozilla Services with Firefox Account</a>
<a href="https://archive.li/oDcmj">[archive.li]</a><br>
<a name="5">5.</a>
<a href="https://digdeeper.neocities.org/browsers.html">How to choose a browser for everyday use?</a>
<a href="http://web.archive.org/web/20180607023304/https://digdeeper.neocities.org/browsers.html">[web.archive.org]</a>
<a href="http://archive.is/HVj9I">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 6/2/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body></html>

115
articles/webdiscover.html Normal file
View File

@ -0,0 +1,115 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>WebDiscover</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/webdiscover_logo.png" alt="Webdiscover logo">
<p>
WebDiscover is a web browser made by WebDiscover Media.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
WebDiscover uses the spyware search engine <a href="/articles/yahoo.html">Yahoo</a> as it's default search engnine, but on it's website it says it uses the spyware
search engine <a href="/articles/bing.html">Bing</a> as it's default search engine. It is hard to review since every time I run it,
it messes up MITMproxy so I can't see what it's doing. The privacy policy explains that it collects a large amount of personal information from it's users, so it is at least not a secret that this browser is spyware. This program acts in a very suspicious way and
the privacy policy contains a lot of language in it about the use of the information it collects that elevates it
to a <b><font color=red>uniquely bad stance on user privacy and use of user information</font></b>, so I would recommend staying far away from it.
</p>
<h3>WebDiscover installs itself onto users computers through installer bundling</h3>
<p>
WebDiscover is mostly installed through other programs as an opt-out. This means that most users did not want to install this browser, and
were tricked into doing it by other software's installer programs. For example<sup><a href="#2">[2]</a></sup>:
</p>
<p>
<a href="/images/wd1.jpg">[1]</a> <a href="/images/wd2.jpg">[2]</a> <a href="/images/wd3.jpg">[3]</a> <a href="/images/wd4.jpg">[4]</a>
<a href="/images/wd5.jpg">[5]</a> <a href="/images/wd6.jpg">[6]</a> <a href="/images/wd7.jpg">[7]</a> <a href="/images/wd8.jpg">[8]</a>
<a href="/images/wd9.jpg">[9]</a> <a href="/images/cdex_bundling.png">[10]</a>
</p>
<h3>WebDiscover collects a large amount of information about its users</h3>
<p>
According to its privacy policy<sup><a href="#1">[1]</a></sup>, WebDiscover collects the following information about its users as its browser is downloaded and used:
</p>
<ul>
<li>Web Browser type</li>
<li>Operating System type and version</li>
<li>Domain Name</li>
<li>Browser version</li>
<li>Browser usage and statistics</li>
</ul>
<p>
Some of this information is typical of the kind of info that is collected by developers who write programs that phone
home using the HTTP protocol. However, WebDiscover also collects the following information about it's users which is
more concerning:
</p>
<p><i>
"We may collect Personal Data and Anonymous Data when you download the Browser. We may also collect Personal Data when you send us information or communications directly. “Personal Data” means data that allows someone to identify or contact you including, without limitation, your name, physical address, electronic mail (email) address, phone number, and credit card information (collectively, your “Personal Data”) for the purposes of recording the transaction when you engage in activities on the Site or through use of the Browser."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
So, WebDiscover will profile your computer, and WebDiscover Media will use every oppotunity they get to collect
information about you.
</p>
<h3>WebDiscover sells information about it's users</h3>
<p>
In this quote from the privacy policy:
</p>
<p><i>
"We may share Anonymous Data with selected third parties and business partners..."
</i></p>
<p>
Confirming that the information that WebDiscover collects about you will be sold to advertisers.
</p>
<h3>WebDiscover uses your personal information in a malcious way</h3>
<p>
WebDiscover sells your information to advertising companies that will send you junk mail seperately from
WebDiscover's discretion- it also DOES NOT comply with requests to stop contact, and requires you to seperately
request each company that it has sold your information to, to stop contacting you. I didn't check if they would comply
with those requests or not. The following quotes from the privacy policy should explain this:
</p>
<p><i>
"To opt-out of having future third-party marketing communications sent to you, you will be required to unsubscribe with the applicable third party providers. Despite your request to no longer receive future newsletters or promotional and marketing communications from us, we reserve the right to continue to send you notices of any updates to the Browser, our Software End User License Agreement, and our Privacy Policy."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
WebDiscover also claims that anyone who acts in a way that "damages the reputation" of their company will have all of the
personal information that WebDiscover has collected about them disclosed to any party at their discretion.
</p>
<p><i>
"If we determine, in our sole discretion, that you have engaged in conduct which might be considered, unlawful, fraudulent, or which might harm or damage the reputation or standing of WebDiscover Media with either the general public or with a business partner or potential business partner of WebDiscover Media, we reserve the right to release your Personal Information to such persons or third parties as we consider necessary in order to prevent you from causing injury to, or otherwise injuring or interfering, now or in the future, with WebDiscover Media' rights, property or operations or otherwise the rights, property or operations of anyone else who could be harmed by such conduct."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
Which is basically threatening their users that they will use the information they collect to dox anyone who says bad things about their software.
This is possibly the most anti-user statment that I have read in a privacy policy.
</p>
<h3>Phoning Home</h3>
<p>When WebDiscover is started, it will begin making requests to this domain: </p>
<p>ec2-54-191-159-75.us-west-2.compute.amazonaws.com</p>
<p>
This is presumably how it collects a lot of the personal information about its users.
This was discovered using Microsoft Network Monitor 3.4.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://getwebdiscover.com/privacy/">WebDiscover Privacy Policy</a>
<a href="http://web.archive.org/web/20171224213336/https://getwebdiscover.com/privacy/">[web.archive.org]</a>
<a href="http://archive.is/Orpq6">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://www.pcrisk.com/removal-guides/9153-discover-browser-adware">WebDiscover removal instructions</a>
<a href="http://archive.is/bE7Qe">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/4/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

75
articles/yahoo.html Normal file
View File

@ -0,0 +1,75 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Yahoo! Search</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/yahoo_logo.png" alt="Yahoo Logo">
<p>
Yahoo! search is a search engine made by Yahoo.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Yahoo! search is integrated into the Oath spyware ecosystem, which is a merger between Yahoo and AOL. When you use Yahoo! Search, your
internet history is sent to Oath, and Oath will track you across the internet. This tracking is then sold to advertisers. The Oath Privacy Policy makes it difficult to know which parts of it refer to Yahoo! search, and which parts of it refer to other Oath services, so it's difficult to quantify the extent of data collection done by Yahoo! search specifically. (combining privacy policies is a common tactic to obfusicate privacy information)
</p>
<p>
It's important to notice that this is <b><font color=red>just scratching the surface</font></b> at the extent of spying that the Oath
spyware platform does to it's users, and only includes information collection aspects of the Oath spyware platform that could be reasonably attributed to Yahoo! search.
</p>
<h3>Integration into the "Yahoo Account" spyware platform and tracking internet history</h3>
<p>
Yahoo's privacy policy is actually called the "Oath" privacy policy, so it's not as simple to find. Yahoo search
is integrated into the "Yahoo Account" spyware platform, which shares all of the information it collects with it's parent company, Oath, including your browsing history. When you have an account connected to Oath, which would be an AOL account or a Yahoo account, your internet history is colleted and associated with a unique user identity obtained through browser fingerprinting.<sup><a href="#1">[1]</a></sup>
</p>
<p>
It's important to notice that this information will be collected whether you are signed in or not. The Oath Privacy Policy makes it clear that
they fingerprint your computer and so can uniqley identify you no matter what. What is probably happening is that Yahoo will fingerprint your
use of it's services, so that you will be tracked through your usage of them, whether you have an account or not.
</p>
<h3>Tracking users</h3>
<p>
The Oath Privacy Policy makes a lot of statements about how it tracks it's users across their devices and across the internet:
</p>
<p><i>
"We collect information from your devices (computers, mobile phones, tablets, etc.), including information about how you interact with our Services and those of our third-party partners and information that allows us to recognize and associate your activity across devices and Services. This information includes device specific identifiers and information such as IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data."<sup><a href="#1">[1]</a></sup>
</i></p>
<h3>Selling user information to advertisers</h3>
<p>
The Oath privacy policy clearly states that the information it collects from you is shared with advertisers:
</p>
<p><i>
"We may recognize your devices to provide you with personalized experiences and advertising across the devices you use."
</i><sup><a href="#1">[1]</a></sup></p>
<p><i>
"We also may use the information we have about you for the following purposes: ... <br>
Help advertisers and publishers connect to offer relevant advertising in their apps and websites.....<br>
Match and serve targeted advertising (across devices and both on and off of our Services) and provide targeted advertising based on your device activity, inferred interests and location information....<br>
Create analytics and reports for external parties, including partners, publishers, advertisers, apps, third-parties and the public regarding the use of and trends within our Services and ads, including showing trends to partners regarding general preferences, the effectiveness of ads and information on user experiences...."
</i><sup><a href="#1">[1]</a></sup></p>
<p>
A LOT more could be written but this is probably enough to understand that Yahoo! search is spyware. If you want any more, the privacy policy should speak for itself.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://policies.oath.com/us/en/oath/privacy/index.html">Welcome to the Oath Privacy Center</a>
<a href="https://web.archive.org/web/20180803155645/https://policies.oath.com/us/en/oath/privacy/index.html">[web.archive.org]</a>
<a href="http://archive.is/20180709124104/https://policies.oath.com/us/en/oath/privacy/index.html">[archive.is]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 8/3/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

96
articles/youtube.html Normal file
View File

@ -0,0 +1,96 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>YouTube</h1>
<p><a href="/articles">Back to catalog</a></p>
<img src="/images/youtube_logo.png" alt="youtube logo">
<p>
YouTube is an American video-sharing website headquartered in San Bruno, California. It is owned by <a href="/articles/google.html">Google</a>.
</p>
<h2>Spyware Level: <font color="red">EXTREMELY HIGH</font></h2>
<p>
Googles business strategy with Youtube relies on tracking users device identifiers, location, search history, IP addresses and other personally identifying data to provide to advertisers. Google discloses in their Youtube privacy policy that it collects many types of personal information, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services.<sup><a href="#1">[1]</a></sup>
</p>
<h3>Integration with Google Tracking</h3>
<p>
YouTube is integrated with Googles suite of advertising technologies and services, including AdWords, DoubleClick, and Google Preferred. DoubleClick is “an advertising serving and tracking company that uses web cookies to track browsing behavior online by their IP address to deliver targeted ads. Other DoubleClick ad technologies used to target YouTube users include the Campaign Manager, which helps advertisers “identify, locate and understand your customers, wherever they are.”<sup><a href="#2">[2]</a></sup>
</p>
<p>
You can find that Google operates tracking domains active on the Youtube page, “pubads.g.doubleclick.net” and “googleads.g.doubleclick.net” in addition to three cookies requested by *.youtube.com. Youtube serves a particular tracking cookie, “VISITOR_INFO1_LIVE” in order to continue monitoring users that have signed out of their account and to continue serving recommended videos related to that session. Of course, while you are logged in to any Google service, Google can track you with absolute precision. <sup><a href="#3">[3]</a></sup>
</p>
<p>
The Youtube app for android additionally uses the Google Firebase Analytics tracker which provides methods for logging events and setting user properties. The full app report finds that the Youtube app employs three trackers and requires 33 permission, 14 of which are considered dangerous such as access to the the users location and contacts.
<sup><a href="#4">[4]</a></sup><sup><a href="#5">[5]</a></sup>
</p>
<h3>Taking down more private alternatives</h3>
<p>
For some time, a popular Youtube tracking sanitizer, Hooktube.com was a useful resource for accessing Youtube videos without being subjected to Googles surveillance techniques in full. Hooktube was also useful for circumventing region blocking. However, Google, not to be stopped in their spying endeavors, served Hooktubes operators with a cease and desist over their use of the Youtube API. Hooktube was effectively forced to use Youtubes official embedded player if they wished to continue to operate, nullifying Hooktube as a viable means for privately viewing Youtube content.<sup><a href="#6">[6]</a></sup><sup><a href="#7">[7]</a></sup>
</p>
<h3>Youtube Requires non-free JavaScript</h3>
<p>
It is also worth noting that, in order to function, Youtube requires visitors to run non-free JavaScript. As with any proprietary software, these programs can be doing just about anything with almost no way to determine exactly what.<sup><a href="#10">[10]</a></sup> For example, there has been some speculation as to whether Youtubes compulsory JavaScript might be useful for Youtube to track your devices unique MAC address. <sup><a href="#8">[8]</a></sup><sup><a href="#9">[9]</a></sup>
</p>
<p>
All that said, it would be wise to avoiding using any of Googles services. If you must access Youtube, we recommend doing so through one of the remaining sanitizers such as Invidious (<a href="https://www.invidio.us">https://www.invidio.us</a>).
</p>
<hr>
<h2>Credits</h2>
<p>
This reveiew was written by Alia Sarmor.<br>
Formatting changes were done by the site maintainer.
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://policies.google.com/privacy">Google Privacy policy</a>
<a href="https://archive.li/U4mQP">[archive.li]</a><br>
<a name="2">2.</a>
<a href="https://www.commercialfreechildhood.org/sites/default/files/devel-generate/tiw/youtubecoppa.pdf">Request to Investigate Googles YouTube Online Service...</a>
<a href="http://web.archive.org/web/20180816062432/https://www.commercialfreechildhood.org/sites/default/files/devel-generate/tiw/youtubecoppa.pdf">[web.archive.org]</a><br>
<a name="3">3.</a>
<a href="https://security.stackexchange.com/questions/165842/stop-youtube-tracking-when-signed-out">Stop YouTube tracking when signed out</a>
<a href="http://web.archive.org/web/20180910190055/https://security.stackexchange.com/questions/165842/stop-youtube-tracking-when-signed-out">[web.archive.org]</a>
<a href="https://archive.fo/ri7xa">[archive.fo]</a><br>
<a name="4">4.</a>
<a href="https://reports.exodus-privacy.eu.org/reports/11758/">Youtube Android App Permissions</a>
<a href="http://web.archive.org/web/20180910190242/https://reports.exodus-privacy.eu.org/reports/11758/">[web.archive.org]</a><br>
<a name="5">5.</a>
<a href="https://firebase.google.com/docs/reference/android/com/google/firebase/analytics/package-summary">com.google.firebase.analytics </a>
<a href="http://web.archive.org/web/20170307052724/https://firebase.google.com/docs/reference/android/com/google/firebase/analytics/package-summary">[web.archive.org]</a>
<a href="http://archive.is/N5qvH">[archive.is]</a><br>
<a name="6">6.</a>
<a href="https://twitter.com/swack/status/1018665375364501506">@swack on Twitter</a>
<a href="https://archive.fo/bXAoK">[archive.fo]</a><br>
<a name="7">7.</a>
<a href="https://github.com/FreeTubeApp/FreeTube/releases">FreeTube Releases</a>
<a href="http://web.archive.org/web/20180724155631/https://github.com/FreeTubeApp/FreeTube/releases">[web.archive.org]</a>
<a href="https://via.hypothes.is/https://github.com/FreeTubeApp/FreeTube/releases">[via.hypothes.is]</a>
<a href="http://archive.is/Sei5n">[archive.is]</a><br>
<a name="8">8.</a>
<a href="https://www.blackhatworld.com/seo/does-youtube-track-our-mac-address.197618/">Does Youtube track our Mac address??</a>
<a href="http://web.archive.org/web/20161010063335/http://www.blackhatworld.com:80/seo/does-youtube-track-our-mac-address.197618/">[web.archive.org]</a><br>
<a name="9">9.</a>
<a href="https://www.stormfront.org/forum/t900258/?postcount=9#post10428507">How does YouTube know what I've been watching?</a>
<a href="http://web.archive.org/web/20180910193256/https://www.stormfront.org/forum/t900258/?postcount=9%23post10428507">[web.archive.org]</a><br>
<a name="10">10.</a>
<a href="https://www.fsf.org/youtube">Does the FSF use YouTube? </a>
<a href="https://web.archive.org/web/20171223035419/http://www.fsf.org/youtube/">[web.archive.org]</a><br>
</p>
<hr>
<p><b>
This article was created on 9/10/2018<br>
This article was laste updated on 12/12/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

16
contact.html Normal file
View File

@ -0,0 +1,16 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Contact</h1>
<p>
My E-Mail is <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a><br>
My XMPP is spyware@openxmpp.org<br>
</p>
</body>
</html>

26
extra.html Normal file
View File

@ -0,0 +1,26 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Extras Page</h1>
<p>
This page is for content on the site that doesn't belong anywhere else.
</p>
<h2>Fan Made Pins</h2>
<p>
These pins were created by fans of the site for linking to pages on the site. They're pretty cool, so I thought I would host them. You can download the ones you want
for your website here:
</p>
<a href="https://spyware.neocities.org/articles/discord.html"><img src="/images/discord-no-way-2.gif" alt="Discord? No Way!"></a>
<a href="https://spyware.neocities.org"><img src="/images/osw.jpg" alt="Online Spyware Watchdog"></a>
<p>
You can also visit the creator's websites:<br>
<a href="https://floppys-lounge.neocities.org/">https://floppys-lounge.neocities.org/</a><br>
<a href="https://computerdemons.neocities.org/">https://computerdemons.neocities.org/</a><br>
</p>
</body>
</html>

BIN
favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

88
guides/articles.html Normal file
View File

@ -0,0 +1,88 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project - Contribution Guide</h1>
<p><a href="/">Back to Home</a></p>
<p>
This guide is to share how these articles are written for readers of this website who want to contribute to it
but don't know how, or would like some resources on how to write these articles. So, it should help ease the burden
of writing new articles for writers who don't know about things that can make the articles easier to write and more
accurate.
</p>
<h2>Common Privacy Policy Pitfalls</h2>
<p>
Lots of software today contains a privacy policy - and a great starting point for understanding how a program invades your privacy
is to read the privacy policy so that you know what kinds of things the developers admit that the software does. However it is a
big mistake to take a privacy policy by its word, as many privacy policies are obfusicated, omit information, or lie. There are
several common pitfalls that most privacy policies are guilty of:
</p>
<h3>Organization-Wide Privacy Policies</h3>
<p>
This is a common obfusication tactic that many organizations use when writing privacy policies (if you want to give them the
benefit of the doubt, it could be laziness). Instead of writing a privacy policy that explains what kind of information is
being collected about you for each individual software, a privacy policy is written for all of the software that that company
produces and operates. This obviously makes it very hard to find out what one particular software does, and it means that
understanding the privacy policy and how it applies to the software you are trying to find information about will take longer
and will rely on more speculation because of how uncertain the information is.
</p>
<h3>"We aren't spyware so we dont need a privacy policy"</h3>
<p>
This category is where it's more difficult: programs that are not spyware do not have privacy policies- they don't need them if they
dont violate your privacy. This is OK but there is a category of programs that do not contain privacy policies but still have privacy
concerns. You can't take a developers word that their program is not spyware: you have to actually run the program and inspect any kind
of packets it sends out and what features it has. A lot of people have a lot of diffrent ideas about what is and isnt spyware- so you
might have a developer who thinks that phoning home, etc, isn't a privacy issue that they need to make their users aware of.
</p>
<h3>Outdated/Inaccruate Privacy Policies</h3>
<p>
Some privacy policies are very outdated and report privacy violations in the program that dont exist anymore, or fail to report new privacy
violations, just because the developer of the software cannot be bothered to keep his privacy policy up to date. In this case such a
privacy policy should be heavily criticized because it shows that the developer cannot properly communicate to his users the privacy implications
of installing his software. So it's really like rolling the dice... who knows what the program will actually do? It's like not having a
privacy policy at all, except worse, because it can fool people into thinking that the program does things that it doesn't do.
</p>
<p>
Ultimately the take away is that privacy policies are meaningful, but they also can't be the only thing to prove a program's innocence.
You have to verify all of the claims made on a privacy policy, and if you can't, you have to doubt them. When a privacy policy is not
enough to make a final decision, you need to use other methods of finding privacy issues in the program.
</p>
<h2>Checking a program with MITMproxy</h2>
<p>
Ultimately the only way to prove and discover what a program is actually doing to invade your privacy is to look at what kinds of
network activity it is doing when you run it. A great guide is written about how you can check a program's network activity with
MITMproxy to discover spyware by a writer for this site who has written many of the articles on here. It's linked right here:
</p>
<a href="https://digdeeper.neocities.org/liftingtheveil.html">Lifting the veil - how to test browsers for spyware.</a>
<h2>Citing Sources</h2>
<p>
Sources should be cited at the bottom of the article as a list of links, with links to archived versions of these links next to them.
There should be at least two archive links, from two diffrent archiving services, but ideally you should provide alterante links to as many
archives as you can. If you can't find an archived version of the page you want to save on a service that allows you to submit a link for
archiving, you should submit it and use that. That being said, there is a useful online service that lets you find archived links
by searching multiple archive sources for links. <a href="http://timetravel.mementoweb.org/">http://timetravel.mementoweb.org/</a> will usually
automate the process of finding all of these archive links and make citing sources much easier- but it's still important to update web.archive.org
and archive.is copies of these links.
</p>
</body>
</html>

52
guides/classify.html Normal file
View File

@ -0,0 +1,52 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project - Spyware Classification Guide</h1>
<p><a href="/">Back to Home</a></p>
<h2><font color=red>This page needs to be re-written should be disregarded for now</font></h2>
<p>
This guide specifies how the articles on this website classify programs as spyware, and assign scores. Programs given an amount of points for every spyware feature that the program contains and every spyware criteria that the program meets. It is important to note that not every feature and critera is proof that a program is spyware, but proof that the program could be spywre. Since we are holding all programs in contempt, programs that might not be spyware, but cannot be proven to not be spyware, are given spyware scores above 0 (not spyware) until they can be proven to not be spyware. If you want to amend/change this document, please follow the instructions in the <a href="/guides/faq.html">FAQ</a>.
</p>
<p>
This guide is written in a format where the name of each spyware feature or critera and the number of points given from containing said feature or meeting said critera is written in a header, and then a short description explaining why this feature or criteria is a spyware feature or criteria; and justifying the score given. There are diffrent severities of data collection or potential data collection, so it is important to outline how many points should be given for each type of feature. This document starts out by explaining what types of spyware criterias or features are given what scores, and then lists actual features and criterias and their classifications.
</p>
<h2>Types of Spyware Features and Criterias and their scores</h2>
<h3>Low Potential For Data Collection - 1</h3>
<p>
The Spyware Feature or Criteria does not prove that data collection is happening, but proves that we cannot prove that data collection is not happening. The creators of the software do not have a history of producing any spyware programs and have claimed that their programs are not spyware.
</p>
<h3>Potential For Data Collection - 2</h3>
<p>
The Spyware Feature or Criteria does not prove that data collection is happening, but proves that we cannot prove that data collection is not happening. The creators of the software have created spyware programs in the past but otherwise have not provided any evidence that their program is spyware.
</p>
<h3>High Potential For Data Collection - 3</h3>
<p>
The Spyware Feature or Criteria does not prove that data collection is happening, but proves that we cannot prove that data collection is not happening. The creators of the software have created spyware programs in the past and/or there is evidence that there may be or is a data collection feature inside of their program, but they have claimed that their software is not using this feature. An example is a known data collection feature in a program that the creators of the program have claimed is no longer active, but have not proven that said feature is no longer active. Another example is software creators who do not claim to include spyware features in their programs, but have failed to disclose spyware features in past programs that they have created.
</p>
<h3>Normal Potential Amount of Possible Data Collection - 3</h3>
<p>
The Spyware Feature or Criteria proves that data collection is possible, in the normal way. I thought about creating a classification "Low Potential Amount of Possible Data Collection", but I realized that such sandboxed programs simply do not exist in today's userlands. The program has access to all availible files in the user's file system, enumeration of the hardware, access to the keyboard and mouse input, and any other input from other peripherals, as well as the enumeration of these peripherals, and access to the internet. The program has access some or all of these and has no access to anything described in "High Potential Amount of Possible Data Collection", and we are unable to prove that the program will never record and report information using this access.
</p>
<h3>High Potential Amount of Possible Data Collection - 10</h3>
<p>
The Spyware Feature or Criteria proves that the program may be accessing an elevated amount of features that normal programs are unable to access. The program may require or ask the user to run it as a superuser (i.e. the program must be run as "root" on Unix-based systems and as "Administrator" on Windows-based systems). The program may install a kernel module or otherwise run in security levels higher than userspace, such as "ring 0".
</p>
<h3>Confirmed Low Amount of Data Collection - 5</h3>
<p>
The Spyware Feature or Criteria proves that the program is collecting a small amount of information on the user. This information may be information that the user might want to share. For example, a user might want to use a program to provide credentials to an online service, like a client to a subscription based video game. This means that the user's login activity is being collected by the creators of the program. This is different from client software where the user is giving credientials to people who are probably not the creators of the program, like an e-mail client.
</p>
<h3>Confirmed Medium Amount of Data Collection - 15</h3>
<p>
The Spyware Feature or Criteria proves that the program is collecting an substantial amount of information on the user. This information can include but is not limited to hardware profiles, e-mail addresses, fingerprinting, and basic usage information. This is generally known as "telemetry", which is a more sanitized term people use to refer to spyware.
</p>
<h3>Confirmed High Amount of Data Collection - 25</h3>
<p>
The Spyware Feature or Criteria proves that the program is collecting a high amount of information on the user. This information can include but is not limited to keylogging, screen capture or any form of screen recording, chat logs, search history, webcam access, filesystem scanning and/or profiling, and recording information from the microphone.
</p>
</body>
</html>

82
guides/faq.html Normal file
View File

@ -0,0 +1,82 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project - Frequently Asked Questions</h1>
<p><a href="/">Back to Home</a></p>
<h2>What is spyware?</h2>
<p>
Spyware is a classification of programs which collect information about their users. Any program which collects any kind of information about its users is spyware. Programs are held in contempt (guilty until proven innocent) when evaluating spyware features. Spyware features include but are not limited to unavailable source code, telemetry of any kind, presistent user identities, network connectivity, and information collection on users, such as asking for a telephone number.
</p>
<h2>How does this website classify spyware?</h2>
<p>
At a glance, this website will give spyware programs a spyware rating and then a summary of why it has that rating, followed by a detailed rationale for giving the program that rating. The ratings that are present on the website right now are:
</p>
<table border background="/images/bg.jpg" style="width:800px">
<tr>
<th>Spyware Rating</th>
<th>Category Rationale</th>
</tr>
<tr>
<td><center><h3><font color=red>EXTREMELY HIGH</font></h3></center></td>
<td>Reserved for the most invasive spyware programs, that collect the most amount of data, and the most sensitive data, with no opt-out's. These programs should be avoided entirely. </td>
</tr>
<tr>
<td><center> <h3><font color="orange">High</font></h3></center></td>
<td>For spyware that collects high amounts of data, but doesn't collect as much data, or data that is as important as the worst spyware out there. </td>
</tr>
<tr>
<td><center><h3><font color=yellow>Medium</font></h3></center></td>
<td>For spyware that collects some data, but is transparent and doesn't collect a lot of data, or any important data. You should be able to disable all spyware features for a program to get this rating.</td>
</tr>
<tr>
<td><center><h3><font color=yellowgreen>Low</font></h3></center></td>
<td>For software that has some form of data collection that is extremely limited.</td>
</tr>
<tr>
<td><center><h3><font color=greenyellow>Potential Spyware</font></h3></center></td>
<td>For software that cant be proven to be not spyware, and have red flags that make them suspicious without definite proof of spying.</td>
</tr>
<tr>
<td><center><h3><font color="lightgreen">Probably not Spyware</font></h3></center></td>
<td>For software that doesnt seem to be spyware, but can't be absolutely proven to not be spyware.</td>
</tr>
<tr>
<td><center><h3><font color=lime>Not Spyware</font></h3></center></td>
<td>For software that completely respects the privacy of its users.</td>
</tr>
<tr>
<td><center><h3><font color=lime>N</font><font color=lightgreen>o</font><font color=yellowgreen>t</font> <font color=yellow>R</font><font color=orange>a</font><font color=red>t</font><font color=orange>e</font><font color=yellow>d</font></h3></center></td>
<td>For software that has an article, but does not have a complete article. The color of the text indicates what spyware score the incompelte article is leaning towards.</td>
</tr>
</table>
<h2>How do I support this website?</h2>
<p>
You can support this website by submitting or translating articles and referring to articles already on the site to other people in your regular internet discussions. This will encourage other people to read this website and contribute to this website as well. You can also encourage your friends or other people online that you are aquainted with to use and submit articles to this website. As more people submit and refer to the content here, this website will become much better.
</p>
<h2>How do I submit articles to this website?</h2>
<p>
Articles can be submitted by emailing me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. Any article that is submitted must follow the article style guide and the spyware criteria guide correctly to be accepted into the website. If you want to make changes to an article please download and edit that article, and resubmit your version of the article in an email, explaining what the changes are and why you made those changes. If your version of the article is conforming to the article style guide and spyware criteria guide and has justified changes it will be accepted as a replacement to the previous article. Your submissions will be manually reveiwed and added to the website at this time. I will reply to all submissions explaining if the submission was accepted or not, and if the submission was declined, why it was declined.
</p>
<h2>What language do the submissions need to be in?</h2>
<p>
Any language should be fine. Currently there are only English and Spanish articles on the site, but it doesn't matter what language you want to submit articles in.
</p>
<h2>I want to amend/change the style guide and/or the spyware classification guide.</h2>
<p>
Send an email to me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a> with a new version of the guide in question, detailing the changes you have made and the reasons for these changes. If I agree with these changes then I will either replace the current document(s) with your version(s) or edit the document(s) myself to incorporate the new ideas, and send you a follow-up email explaining what I did. If I disagree with you, I will send you an email explaining why I don't want to amend/change the guide(s) in such a way.
</p>
<h2>Spyware and Software Licensing</h2>
<p>
To be able to know if a program has absolutely no spyware features, you have to be able to compile it from source- it does not need to meet any of the other requirements that it would need to meet to be called "Free Software" or "Open Source Software" according to the definitions of the FSF or OSI. So, I don't like to use the words "Free Software" or "Open Source Software" on my website because it implies that a program needs to meet all of the requirements set by those organizations to be called "Free" or "Open" for spyware concerns to be alleviated. If you can compile it from source, that is the only thing needed.
</p>
<p>
Although, I don't want to say that just because a program allows you to compile it from source, it isn't spyware. It just ensures that you can be aware of all spyware features, and that there is no spyware hidden inside of a binary blob. Also, programs that do not distribute their sources can be analyzed even though they are only dstributed as binaries, which is in fact how we know about some of the more underhanded spyware features that Steam and Discord have, for example.
</p>
</body>
</html>

277
guides/firefox.html Normal file
View File

@ -0,0 +1,277 @@
<!DOCTYPE html>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Mozilla Firefox Spyware Mitigation Guide</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/firefox.html">Back to Firefox</a>
</p>
<img src="/images/firefox_logo.png">
<p>
After configuring Mozilla Firefox according to this guide it's rating changes like so:
</p>
<h3>Spyware Rating: <font color="orange">High</font> =&gt; <font color="lime">Not Spyware</font></h3>
<p>
Before beginning this guide it is important that you try and cross-reference it with other guides,
to see which prespective on this topic is the best way to do it for you. At the bottom of the page are links
to <a href="#Other_Guides">other guides</a> and projects like this one. You should strongly consider this as <b><font color=orange>
you may find other guides more useful than this one.</font></b>
</p>
<p>
Mozilla Firefox has a huge amount of spyware features, but they all can be disabled by using predefined profile settings.
To do this you need to create new Firefox profile:
<ul>
<li> Run <code>firefox -no-remote -ProfileManager</code> </li>
<li> Create a new profile </li>
<li> Exit. </li>
</ul>
Then open your Firefox user profiles directory. It should be located at:
<table border background="/images/bg.jpg" style="width:800px">
<tr>
<th> OS</th>
<th> Path</th>
</tr>
<tr>
<td> Windows 7</td>
<td><code> %APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Linux </td>
<td><code> ~/.mozilla/firefox/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> OS X</td>
<td><code> ~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Android</td>
<td><code> /data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Sailfish OS + Alien Dalvik</td>
<td><code> /opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name</code></td>
</tr>
<tr>
<td> Windows (portable)</td>
<td><code> [firefox directory]\Data\profile\</code></td>
</tr>
</table>
</p>
<p>
Delete everything from the new profile and create in this folder "user.js" file with such content:<br>
<code>
user_pref("network.connectivity-service.enabled", false);<br>
user_pref("browser.startup.homepage", "about:blank");<br>
user_pref("browser.newtabpage.enabled", false);<br>
user_pref("browser.newtab.preload", false);<br>
user_pref("browser.search.geoip.url", "");<br>
user_pref("app.update.enabled", false);<br>
user_pref("extensions.update.enabled", false);<br>
user_pref("app.update.auto", false);<br>
user_pref("extensions.update.autoUpdateDefault", false);<br>
user_pref("app.update.service.enabled", false);<br>
user_pref("app.update.staging.enabled", false);<br>
user_pref("app.update.silent", false);<br>
user_pref("extensions.getAddons.cache.enabled", false);<br>
user_pref("lightweightThemes.update.enabled", false);<br>
user_pref("browser.search.update", false);<br>
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);<br>
user_pref("dom.ipc.plugins.reportCrashURL", false);<br>
user_pref("extensions.getAddons.showPane", false); <br>
user_pref("extensions.webservice.discoverURL", "");<br>
user_pref("toolkit.telemetry.unified", false);<br>
user_pref("toolkit.telemetry.enabled", false); <br>
user_pref("toolkit.telemetry.server", "data:,");<br>
user_pref("toolkit.telemetry.archive.enabled", false);<br>
user_pref("toolkit.telemetry.cachedClientID", "");<br>
user_pref("toolkit.telemetry.newProfilePing.enabled", false); <br>
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); <br>
user_pref("toolkit.telemetry.updatePing.enabled", false); <br>
user_pref("toolkit.telemetry.bhrPing.enabled", false); <br>
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); <br>
user_pref("toolkit.telemetry.hybridContent.enabled", false); <br>
user_pref("datareporting.healthreport.uploadEnabled", false);<br>
user_pref("datareporting.policy.dataSubmissionEnabled", false);<br>
user_pref("breakpad.reportURL", "");<br>
user_pref("browser.tabs.crashReporting.sendReport", false);<br>
user_pref("browser.crashReports.unsubmittedCheck.enabled", false); <br>
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); <br>
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); <br>
user_pref("browser.aboutHomeSnippets.updateUrl", "data:,");<br>
user_pref("browser.chrome.errorReporter.enabled", false);<br>
user_pref("browser.chrome.errorReporter.submitUrl", "");<br>
user_pref("extensions.blocklist.enabled", false);<br>
user_pref("extensions.blocklist.url", "");<br>
user_pref("services.blocklist.update_enabled", false);<br>
user_pref("services.blocklist.onecrl.collection", ""); <br>
user_pref("services.blocklist.addons.collection", "");<br>
user_pref("services.blocklist.plugins.collection", "");<br>
user_pref("services.blocklist.gfx.collection", "");<br>
user_pref("browser.safebrowsing.malware.enabled", false);<br>
user_pref("browser.safebrowsing.phishing.enabled", false); <br>
user_pref("browser.safebrowsing.downloads.enabled", false);<br>
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);<br>
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);<br>
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); <br>
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); <br>
user_pref("browser.safebrowsing.provider.google.updateURL", "");<br>
user_pref("browser.safebrowsing.provider.google.gethashURL", "");<br>
user_pref("browser.safebrowsing.provider.google4.updateURL", ""); <br>
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");<br>
user_pref("browser.safebrowsing.downloads.remote.enabled", false);<br>
user_pref("browser.safebrowsing.downloads.remote.url", "");<br>
user_pref("browser.safebrowsing.provider.google.reportURL", "");<br>
user_pref("browser.safebrowsing.reportPhishURL", "");<br>
user_pref("browser.safebrowsing.provider.google4.reportURL", ""); <br>
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); <br>
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); <br>
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); <br>
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); <br>
user_pref("browser.safebrowsing.allowOverride", false);<br>
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);<br>
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");<br>
user_pref("browser.safebrowsing.blockedURIs.enabled", false);<br>
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");<br>
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");<br>
user_pref("network.allow-experiments", false);<br>
user_pref("app.normandy.enabled", false);<br>
user_pref("app.normandy.api_url", "");<br>
user_pref("app.shield.optoutstudies.enabled", false);<br>
user_pref("shield.savant.enabled", false); <br>
user_pref("extensions.systemAddon.update.enabled", false); <br>
user_pref("extensions.systemAddon.update.url", "");<br>
user_pref("browser.ping-centre.telemetry", false);<br>
user_pref("extensions.pocket.enabled", false);<br>
user_pref("browser.library.activity-stream.enabled", false); <br>
user_pref("extensions.screenshots.disabled", true);<br>
user_pref("extensions.screenshots.upload-disabled", true); <br>
user_pref("browser.onboarding.enabled", false);<br>
user_pref("extensions.formautofill.addresses.enabled", false);<br>
user_pref("extensions.formautofill.available", "off");<br>
user_pref("extensions.formautofill.creditCards.enabled", false); <br>
user_pref("extensions.formautofill.heuristics.enabled", false);<br>
user_pref("extensions.webcompat-reporter.enabled", false);<br>
user_pref("network.prefetch-next", false);<br>
user_pref("network.dns.disablePrefetch", true);<br>
user_pref("network.dns.disablePrefetchFromHTTPS", true);<br>
user_pref("network.predictor.enabled", false);<br>
user_pref("captivedetect.canonicalURL", "");<br>
user_pref("network.captive-portal-service.enabled", false);<br>
user_pref("browser.send_pings", false);<br>
user_pref("browser.send_pings.require_same_host", true);<br>
user_pref("network.protocol-handler.external.ms-windows-store", false);<br>
user_pref("network.predictor.enable-prefetch", false);<br>
user_pref("network.trr.mode", 0);<br>
user_pref("network.trr.bootstrapAddress", "");<br>
user_pref("network.trr.uri", "");<br>
user_pref("network.file.disable_unc_paths", true);<br>
user_pref("browser.search.suggest.enabled", false);<br>
user_pref("browser.urlbar.suggest.searches", false);<br>
user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true);<br>
user_pref("browser.urlbar.usepreloadedtopurls.enabled", false);<br>
user_pref("browser.urlbar.speculativeConnect.enabled", false);<br>
user_pref("security.ssl.errorReporting.automatic", false);<br>
user_pref("security.ssl.errorReporting.enabled", false);<br>
user_pref("security.ssl.errorReporting.url", "");<br>
user_pref("dom.push.enabled", false);<br>
user_pref("dom.push.connection.enabled", false);<br>
user_pref("dom.push.serverURL", "");<br>
user_pref("dom.push.userAgentID", "");<br>
user_pref("beacon.enabled", false);<br>
user_pref("browser.uitour.enabled", false);<br>
user_pref("browser.uitour.url", "");<br>
user_pref("permissions.manager.defaultsUrl", "");<br>
user_pref("webchannel.allowObject.urlWhitelist", ""); <br>
user_pref("browser.startup.homepage_override.mstone", "ignore"); <br>
user_pref("startup.homepage_welcome_url", "");<br>
user_pref("startup.homepage_welcome_url.additional", "");<br>
user_pref("startup.homepage_override_url", "");<br>
user_pref("media.gmp-gmpopenh264.autoupdate", false);<br>
user_pref("browser.shell.shortcutFavicons", false);<br>
user_pref("media.gmp-eme-adobe.autoupdate", false);<br>
user_pref("media.gmp-manager.url", "data:text/plain,");<br>
user_pref("media.gmp-manager.url.override", "data:text/plain,");<br>
user_pref("media.gmp-manager.updateEnabled", false);<br>
user_pref("media.gmp-widevinecdm.autoupdate", false);<br>
user_pref("devtools.webide.autoinstallADBHelper", false);<br>
</code>
</p>
<p>
If you want to disable OCSP as well, you should also add this to your user.js. These settings are seperated
because while OCSP is a privacy breach it is also a security feature, and so whether to have it on or off should
be thought about before continuing. You can read about OCSP here: <a href="https://scotthelme.co.uk/revocation-is-broken/">
https://scotthelme.co.uk/revocation-is-broken/</a> <a href="http://web.archive.org/web/20180831224302/https://scotthelme.co.uk/revocation-is-broken/">
[web.archive.org]</a> . The problem is, that OCSP is a form of phoning home, and you might not want to make those requests.
</p>
<code>
user_pref("security.ssl.enable_ocsp_stapling", false);<br>
user_pref("security.OCSP.enabled", 0);<br>
user_pref("security.OCSP.require", false);<br>
</code>
<p>
With this installation method, if you change any of user.js settings through about:config or Firefox preferences dialogs,
they will be reset to the user.js defined values after you restart Firefox.
This makes sure they're always back to secure defaults when starting the browser.
At the end you need to delete several default plugins in Firefox directory at <code>\Mozilla Firefox\browser\features\</code> that can violate privacy:
</p>
<ul>
<li> firefox@getpocket.com.xpi - Pocket </li>
<li> followonsearch@mozilla.com.xpi - Follow On Search </li>
<li> activity-stream@mozilla.org.xpi - Activity Stream </li>
<li> screenshots@mozilla.org.xpi - Screenshots </li>
<li> onboarding@mozilla.org.xpi - Onboarding </li>
<li> formautofill@mozilla.org.xpi - Autofill </li>
<li> webcompat@mozilla.org.xpi - Web Compatibility Reporter </li>
</ul>
<p>
It is highly recommended to also check other user.js template settings from ongoing <i>"ghacks-user.js project"</i><sup><a href="#1">[1]</a></sup> for further hardening Firefox privacy, security and anti-fingerprinting.
</P>
<hr>
<a name="Other_Guides"></a>
<h2>Other Guides</h2>
<p>
These are other guides and projects to help protect your privacy using Firefox. It's important to look at
other prespectives instead of reading JUST this guide. So you should be comparing all of the
guides that you can find to hear everyone's ideas about how this should be done, before you
finish setting Firefox up. Librefox is less of a guide and more of a project and series of tools and settings
you can download to help you make Firefox private.
</p>
<a href="https://www.privacytools.io/#about_config">Firefox: Privacy Related "about:config" Tweaks</a>
<a href="http://web.archive.org/web/20181031171622/https://www.privacytools.io/">[web.archive.org]</a>
<a href="http://archive.fo/SEFXb">[archive.is]</a><br>
<a href="https://restoreprivacy.com/firefox-privacy/">Firefox Privacy The Complete How-To Guide</a>
<a href="https://web.archive.org/web/20181015023738/https://restoreprivacy.com/firefox-privacy/">[web.archive.org]</a>
<a href="http://archive.is/20180414165038/https://restoreprivacy.com/firefox-privacy/">[archive.is]</a><br>
<a href=" https://librefox.org">Librefox: Firefox with privacy enhancements</a>
<a href="http://web.archive.org/web/20181224083906/https://github.com/intika/Librefox">[web.archive.org]</a>
<a href="http://archive.is/Nb6oz">[archive.is]</a><br>
<hr>
<h2>Sources</h2>
<p>
<p>
<a name="1">1.</a>
<a href="https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">ghacksuserjs/ghacks-user.js</a>
<a href="http://web.archive.org/web/20181015031306/https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js">[web.archive.org]</a>
<a href="http://archive.is/GXIBO">[archive.is]</a>
<br>
</p>
<hr>
<p><b>
This guide was created on 10/8/2018<br>
This guide was last updated on 12/26/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body></html>

36
guides/iridium.html Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Iridium Browser Spyware Mitigation Guide</h1>
<p>
<a href="/">Back to Home</a><br>
<a href="/articles/iridium.html">Back to Iridium</a>
</p>
<img src="/images/iridium_logo.jpg">
<p>
After configuring Iridium according to this guide it's rating changes like so:
</p>
<h3>Spyware Rating: <font color=yellowgreen>Low</font> => <font color=lime>Not Spyware</font></h3>
<p>
Iridium only has one spyware feature, so the only thing that needs to be removed is google safebrowsing.
You have to turn off your internet connection or otherwise stop Iridium from connecting to the internet
while you turn it off, so it doesn't make any requests before you opt-out. Then uncheck "protect you and
your device from dangerous sites" in the advanced settings menu.
</p>
<img src="/images/iridium_disablesb.png" alt="disabling safebrowsing from the advanced settings menu">
<hr>
<p><b>
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

77
guides/palemoon.html Normal file
View File

@ -0,0 +1,77 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Pale Moon Browser Spyware Mitigation Guide</h1>
<p><a href="/">Back to Home</a><br>
<a href="/articles/palemoon.html">Back to Palemoon</a>
</p>
<img src="/images/palemoon_logo.png">
<p>
After configuring Pale Moon according to this guide it's rating changes like so:
</p>
<h3>Spyware Rating: <font color=yellow>Medium</font> => <font color=lime>Not Spyware</font></h3>
<p>
The first thing to do, after you have downloaded Pale Moon, is to turn off your internet connection. Then
install the browser and change the homepage to something else. In the "options" dialog:
</p>
<img src="/images/pm_hp.png" alt="Pale moon options screen">
<p>
The next step is to disable update checking, you can do that like this:
</p>
<img src="/images/pm_ud.png" alt="Pale moon options screen">
<p>
Finally, these settings should be changed in about:config:
</p>
<table border background="/images/bg.jpg" style="width:800px">
<tr>
<th>Spyware Feature</th>
<th>about:config flag</th>
<th>about:config value</th>
</tr>
<tr>
<td>Addon Blocklist</td>
<td>extensions.blocklist.enabled</td>
<td>False</td>
</tr>
<tr>
<td>OCSP querying</td>
<td>services.sync.prefs.sync.security.OCSP.enabled</td>
<td>False</td>
</tr>
<tr>
<td>OCSP querying</td>
<td>security.OCSP.GET.enabled</td>
<td>False</td>
</tr>
<tr>
<td>OCSP querying</td>
<td>security.OCSP.require</td>
<td>False</td>
</tr>
<tr>
<td>OCSP querying</td>
<td>security.OCSP.enabled</td>
<td>0</td>
</tr>
<tr>
<td>Geolocation</td>
<td>geo.enabled</td>
<td>False</td>
</tr>
</table>
<hr>
<p><b>
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), email me at <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a>. All contributions must be liscenced under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="/images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

128
guides/responses.html Normal file
View File

@ -0,0 +1,128 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Answers To Common Criticisms Of This Website</h1>
<p>
Sometimes I read criticisims of this website online, where the author finds a reason
to "debunk" or otherwise invalidate (to them) the concerns or evidence that is brought
up in the articles on this website, when this criticisim does not actually invalidate or
debunk what is discussed in the articles on the website. So, I thought it would be
useful to write a page that lists common criticisims of the website and an adequate
response to each type of criticisim. Please understand that this page is not meant to
write off people who have serious criticisms, and of course if you email me with those
you can exect a serious answer back.
</p>
<ul>
<li><a href="#Iknow">"I know that the program does this!"</a></li>
<li><a href="#SoWhat">"I'm OK with these spyware features!"</a></li>
<li><a href="#SpywareDefinition">"I don't agree with your definition of Spyware!"</a></li>
<li><a href="#Popularity">"Lots of people use this software!"</a></li>
<li><a href="#TheyHadAReason">"The developers had a reason to add this feature!"</a></li>
<li><a href="#OptingOut">"I can disable this feature!"</a></li>
</ul>
<a name="Iknow"></a>
<h2>"I know that the program does this!"</h2>
<p>
This criticisim is probably the simplest kind: that because such a spyware feature is
known about a program, that this criticisim of the spyware feature is no longer valid.
</p>
<p>
The obvious response is that just because you KNOW that a program does something doesn't
validate what it is doing or sheild it from criticisim. If you KNOW a program is spying on
you, that doesn't change anything about the situation or make it less of a problem. Just
because you know that a program can do certain things also doesn't mean that other people
know these things too, like someone who has not used the program before and is using the
articles on this website to evaluate whether he should use that program or not.
</p>
<a name="SoWhat"></a>
<h2>"I'm OK with these spyware features!"</h2>
<p>
This criticisim acknowledges the features of the program as spyware, but then claims that
because the critic is okay with using a spyware program, that the criticisims of the program
in the article are no longer valid.
</p>
<p>
But just because you are OK with using spyware, doesn't mean that everyone else is OK with
that. The articles on this website can only say: "This is what the program is doing.". And,
it's up to you if you're OK with that or not. Being OK with using spyware might invalidate
the criticisims of the spyware for you as an individual. But it doesn't invalidate it for
anyone else who might think diffrently about using spyware.
</p>
<a name="SpywareDefinition"></a>
<h2>"I don't agree with your definition of Spyware!"</h2>
</a>
<p>
This criticisim disagrees in the articles labeling of the program as spyware, but doesn't talk
about the actual spyware feature in question, just the label assigned to that feature.
</p>
<p>
The point of the articles are not really the Spyware label that it assigns to everything, but
rather to raise awareness of features that can be used to invade user privacy. Even if the
definition of spyware that this website uses is wider than someone elses definition, that
doesn't change the facts about what is happening: it just changes the label we use to describe
those facts. Instead of thinking about "Is this Spyware?", we should consider: "Is this OK?"
</p>
<a name="Popularity"></a>
<h2>"Lots of people use this software!"</h2>
<p>
This criticisim states that because so many people use the software being criticised, that it
is safe to use and is not spyware.
</p>
<p>
This is a very obvious appeal to popularity fallacy- as if the collective "Trust" (ignorance)
of a massive userbase changes the facts about what a program is doing to its userbase. The
existence of a massive userbase of course changes nothing about the facts about what such a
program is actually doing, and what information it is actually collecting.
</p>
<a name="TheyHadAReason"></a>
<h2>"The developers had a reason to add this feature!"</h2>
<p>
This criticisim states that because the developers of the software in question had a reason to
add a spyware feature, that this makes the spyware feature okay.
</p>
<p>
The question here is whether spyware can be justified by a "really good reason". How else will the
developer have feature X without it, after all? To anyone who is concerned with their privacy, the answer to
this is an obvious NO. Just because there are (spyware) features that can be implemented into a program that
require the exposure of user information, this does not justify their implementation into any program.
</p>
<p>
It's also important to notice that a lot of spyware features are designed in a way where they collect more information
than they need to collect in order to function. In fact, a lot of these features could function without spying on the
user! So a lot of the time it's not even a feature that NEEDS spyware to function that is being criticized.
Lots of developers come up with reasons to implement features into their program that collect way more information
than needed, either innocently or maliciously, both should be critcized.
</p>
<a name="OptingOut"></a>
<h2>"I can disable this feature!"</h2>
<p>
This criticisim states that because the software can be configured so that the spyware feature being criticised in the
article is disabled, that this criticisim of the spyware feature is no longer valid.
</p>
<p>
This is a very attractive criticisim, to say that it doesn't matter if a program comes with spyware as long as it can all be
disabled through configuration. The most important issue is that an opt-out is not acceptable, since it doesn't change the fact that the program does spy on a portion of its userbase that have not opted-out, and that the program is designed to collect information about its users. So even
if some minority of users opt-out from the spyware, it is still damaging the privacy of users who don't know about these spyware features.
</p>
<p>
There are a few programs that make the privacy implications of certain features in their software prominent and clear, and make the way
to disable those features easy and accessible. But the vast majority of programs that allow an opt-out from certain spyware features do this in
a way that is not accesible to the vast majority of users, and the developers of these programs do not make an effort to explain to their users
the privacy implications of certain spyware features in their programs. So, even though, if you know how to do it, you can successfully opt-out,
that doesn't mean that the majority of users are capable of doing that too.
</p>
<p>
Even if you can opt-out from certain features, the privacy concerned user won't be aware of many of these features until his privacy has already
been compromised, since most spyware found in modern programs is not explained in any prominent place for a user to understand before they begin
using the software. Lots of programs require the user to block the program from acessing the internet, for example, in order to disable all of the spyware, since to disable the spyware, you have to execute the program, but executing the program will also compromise your privacy... a totally
inadequate chicken-and-egg scenario.
</p>
</body>
</html>

21
guides/style.html Normal file
View File

@ -0,0 +1,21 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="/style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>Online Spyware Classification Project Article Style Guide</h1>
<p><a href="/">Back to Home</a></p>
<p>
This is a pretty old page, and I don't think it's linked anywhere on the site anymore. If you want a better style guide, look at /articles/example.html and try and
follow that in the spirit of this guide.
</p>
<p>
Articles should be submitted using only basic HTML features, and must include a link back to the article catalog at the top. The article should only contain information about why the software is spyware using the spyware classification guide as a reference. The article should list every spyware feature that the software includes and every spyware criteria that the software meets, and then describe in as much detail as neccessary how the spyware features work and what they do, as well as explain what level of contempt the ceators of the software should be held in based on past behaviors. Articles can include one 128 by 128 PNG image containing the logo of the software. Articles should be written with the example article as a refrence, so that all articles are uniform and easy to navigate. All articles should be submitted to <a href="mailto:spyware@aaathats3as.com">spyware@aaathats3as.com</a> for manual review.
</p>
</body>
</html>

BIN
images/1pw_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
images/PowerISO7-x64_1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
images/PowerISO7-x64_2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
images/amd_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
images/bg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
images/bing_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
images/blackbg.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
images/blocklist.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
images/brave_bat.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 785 B

BIN
images/brave_httpse.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 841 B

BIN
images/brave_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.3 KiB

BIN
images/brave_partners.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
images/brave_piwik.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
images/cc0.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1009 B

BIN
images/ccleaner_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
images/ccleaner_privacy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
images/cdex_bundling.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
images/cdex_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
images/chrome_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
images/ddg_logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
images/discord government requests.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 166 KiB

BIN
images/discord-no-way-2.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

Some files were not shown because too many files have changed in this diff Show More