commit 2cbcfc7786e73e21ff6dddb9cbca86e4703e8342 Author: anonymous Date: Fri Feb 7 02:12:15 2020 -0500 thy first commit diff --git a/articles/1password.html b/articles/1password.html new file mode 100644 index 0000000..a0407e9 --- /dev/null +++ b/articles/1password.html @@ -0,0 +1,42 @@ + + + + + + Spyware Watchdog + + +

1Password

Back to catalog

+1password is a password management service +

Spyware Level: Not Rated

+This article is a stub and sitll needs to be written. If you want to write it, email me so I dont duplicate effort. +

+ https://1password.com/legal/privacy/ +https://www.macworld.com/article/2996213/security/1password-is-still-secure-but-you-can-reduce-a-potential-risk.html +https://paul.reviews/privacy-password-managers-a-reality-check/ +

+ >Third-Party Data Processors +>Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us. +>Data needed to process payments is collected by our payment processor, Stripe, Inc., which conforms to a U.S.-E.U. Privacy Shield Framework. See https://stripe.com/privacy-shield-policy + +

+ This article was created on 6/16/2018 +

+ This article was last edited on 6/16/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/amd.html b/articles/amd.html new file mode 100644 index 0000000..b87686e --- /dev/null +++ b/articles/amd.html @@ -0,0 +1,68 @@ + + + + + + Spyware Watchdog + + + +

AMD CPU Family

Back to catalog

UNFINISHED ARTICLE - UNDER CONSTRUCTION - BAD FORMATTING

+Advanced Micro Devices, Inc. is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. This article is specifically about the CPU's that are produced by AMD and nothing else. The logo is one of many logos used by AMD, but the +article is not about any one specific CPU. No rating is given because this is not an article about any specific product, and the rating system is difficult to fit into this +article. +

+ Modern CPU models produced by AMD contain an embedded ARM co-processor called the Platform Security Processor (PSP). Nearly all AMD CPU's produced since 2013 operate under the supervision of this separate, more privileged, environment consisting of an integrated ARM processor with access to isolated resources as well as main system memory and I/O. + ^[1] +

+This article isn't complete. This is a work-in-progress and so this article is not formatted properly.. +

http://www.uefi.org/sites/default/files/resources/UEFI_PlugFest_AMD_Security_and_Server_innovation_AMD_March_2013.pdf (page 11)

While ARM and AMD tout the “Trusted Execution Environment” as useful for secure payment, anti-theft and malware protection, they also discuss content protection or DRM as a use case. https://www.owasp.org/images/c/c8/OWASP_Security_Tapas_-_TrustZone%2C_TEE_and_Mobile_Security_final.pdf

Possible uses … DRM

+ Researchers have already been able to identify exploits in AMD’s Platform Security Processor. In 2018 researchers published a vulnerability in which a specially crafted certificate could lead to a stack overflow in the PSP’s TPM firmware allowing for remote code execution. (https://seclists.org/fulldisclosure/2018/Jan/12) Another group goes on to detail how an attacker might leverage exploits RYZENFALL or FALLOUT to gain foothold in networks with Ryzen based systems. (https://www.techpowerup.com/242386/cts-labs-responds-to-a-techpowerup-technical-questionnaire) +

Please note that Family 16h and + +Family 15h-Models60h and later contain a PSP

NOT TRUSTED:

Kaveri (Steamroller “BDv3”) https://www.amd.com/system/files/TechDocs/51590_15h_Models_30h-3Fh_A-Series_PDS.pdf (page 6) + https://arstechnica.com/information-technology/2012/06/amd-to-add-arm-processors-to-boost-chip-security/
Carrizo/Bristol Ridge (Excavator “BDv4”) https://www.anandtech.com/show/8995/amd-at-isscc-2015-carrizo-and-excavator-details
All Zen based CPUs (17h family)

POTENTIALLY TRUSTED:

Jaguar (the only 16h family CPU that does NOT have PSP): http://support.amd.com/TechDocs/52128_16h_Software_Opt_Guide.zip (page 8) https://en.wikipedia.org/wiki/Puma_(microarchitecture)#Improvements_over_Jaguar
All K5-K10, Bobcat, Bulldozer (“BDv1”) and Piledriver (“BDv2”)
All K5-K10, Bobcat, Bulldozer (“BDv1”) and Piledriver (“BDv2”)

Sources

+ 1. + AMD Security and Server innovation + [web.archive.org] + [archive.vn]
+

+ This article was last edited on 1/10/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/bing.html b/articles/bing.html new file mode 100644 index 0000000..1ec4fbd --- /dev/null +++ b/articles/bing.html @@ -0,0 +1,89 @@ + + + + + + Spyware Watchdog + + +

Bing

Back to catalog

+Bing is a search engine created and owned by Microsoft. +

Spyware Level: EXTREMELY HIGH

+ Bing is yet another spyware search engine that collects your information and sells it to advertisers. It's strongly recommended that you + do not use Bing. +

+ At some point Bing had a privacy policy, but Microsoft doesnt seem to be hosting it anymore. So, this article will look at the + Microsoft Privacy Statement^[1] to help us understand what information Bing collects. + Similarly to the privacy policies of Google and Apple, the Microsoft privacy statement eclipses the entire spyware platform and does not help you understand + in great detail what kind of information one single program could be collecting. (although this policy is more specific) +

+ +

Bing collects your search history

+ +

From the Microsoft Privacy Statement^[1]:

+ +

+ "Microsoft collects data from you, through our interactions with you and through our products for a variety of purposes described + below...You provide some of this data directly, such as when you...submit a search query to Bing" +

+ +

Later in the Interactions -> Device and usage data section of this statement, it is clarified again that Microsoft collects your: + "Browse History. Data about the web pages you visit.", as well as your: "Images. Images and related information, such as + picture metadata. For example, we collect the image you provide when you use a Bing image-enabled service."

+ +

Microsoft claims to store this information for an unlimited amount of time, but it claims that it will eventually anonymize this information + in a process that takes 18 months to complete.

+ +

+ "Has Microsoft adopted and announced a specific retention period for a certain data type? For example, for Bing search queries, we de-identify + stored queries by removing the entirety of the IP address after 6 months, and cookie IDs and other cross-session identifiers after 18 months. " +

+ +

Bing uses your search history to profile you for advertising

+ +

From the Microsoft Privacy Statement^[1]:

+ "Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as Microsoft.com, MSN and Bing." +

+ So since your search history is part of the "data we collect", the natrual conclusion is that, your search queiries are being used to profile you for + advertising. And of course, this is confirmed in this section: +

+ +

+ "The ads that you see may be selected based on data we process about you, such as your interests and favorites, your location, your transactions, how + you use our products, your search queries , or the content you view. For example, if you view content on MSN about automobiles, we may show advertisements + about cars; if you search “pizza places in Seattle” on Bing, you may see advertisements in your search results for restaurants in Seattle." +

+ +

Bing sells your search history to other spyware platforms

+ +

From the Microsoft Privacy Statement^[1]:

+ "We may share data we collect with third parties, such as Oath, AppNexus, or Facebook (see below), so that the ads you see in our products, + their products, or other sites and apps serviced by these partners are more relevant and valuable to you. " +

Sources

+ 1. + Microsoft Privacy Statement + [web.archive.org] + [archive.li]
+

+ This article was last edited on 5/30/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/brave.html b/articles/brave.html new file mode 100644 index 0000000..c58d654 --- /dev/null +++ b/articles/brave.html @@ -0,0 +1,117 @@ + + + + + + Spyware Watchdog + + +

Brave Browser

Back to catalog

+ Brave Browser is a Chromium fork with many interesting features not found elsewhere, such as built-in Adblock and other extensions, fingerprinting protection, cleaner Preferences menu than other Chrome forks, and the (opt-in) ability to automatically support (pay) the websites you visit. The developers describe it as

"A browser with your interests at heart."^[1]

, and the built-in privacy protections would seem to agree with that, but let's see how it stacks up when we take everything into account. +

Spyware Level: High

+ Auto-updates that can be turned off only by hacky workarounds. Google as default search engine. Analytics on Brave's home page. Two other requests made at each start of Brave. Whitelisting spyware from Facebook and Twitter.^[5] Has some decent privacy protections built in, but uMatrix is still better. Some privacy features are there by default, but, it's still trying to work with advertisers (same as Mozilla did with their Sponsored Tiles). Despite claiming to be "A browser with your interests at heart."^[1], it has Google as default search engine, as well as shitty forced updates. Anyway, despite the privacy protections, you should stay away from this browser - it seems to have a "mission" to switch the internet to its version of "user-respecting" ads, (we know how that turned out for Mozilla), and that's slimy and suspicious. Beyond that it has repeatedly shown itself to be dishonest and disingenuous about what it's mission and goals and operations are. +

Whitelisting spyware from Facebook and Twitter

+ On it's website, Brave claims that "Brave fights malware and prevents tracking, keeping your information safe and secure. It’s our top priority."^[6]. Yet despite this claim, Brave actually disables its tracking protections for Facebook and Twitter's spyware + scripts that allow them to track people across the web.^[5] Brave's spyware protections, and any claims that it makes to work in the interests of + it's users, cannot be taken seriously. Brave is actively working against its users while lying to them about + supposed privacy protections that it offers. This problem becomes even more serious when you take into account Brave's response to this situation: +

+ "Loading a script from an edge-cache does not track a user without third-party cookies or equivalent browser-local storage, which Brave always blocks and always will block. In other words, sending requests and receiving responses without cookies or other means of identifying users does not necessarily create a tracking threat." + ^[7]

+ This statement is just, completely wrong. Just because a website isn't able to store cookies, does not mean that it cannot uniquely identify you. Executing JavaScript spyware from Facebook and Twitter is more than enough. Blocking cookies is not going to stop them from tracking you. This isn't even information that is difficult to verify. There are many websites that you can visit, right now, to see just how much information a JavaScript program designed to track you can get. Here are a few: +
+ https://browserleaks.com/
+ https://panopticlick.eff.org/ +

Auto-updates

+ Brave will check for updates every time you run it, and you CANNOT turn it off (except through fiddling with DNS and such) ! What is the devs' answer? From their GitHub page^[2]:

+ +

"We don't plan on adding in UI to disable updates, but users can easily adjust environment variables if they really want to put themselves at risk."

+ +

and

+ +

"i feel that being able to figure out how to do this is a sufficiently high bar for users who want to turn off autoupdating (to prove they know what they're doing and understand the security implications)"

+ +

So according to the devs, you have to hunt down random internet comments to be able to disable auto-updating. Brave will also update what looks like the list of its "partners" every time you run it. Extensions are also updated often. +

+ +

Anti-privacy search engine by default

+ Google is the default search engine of Brave, and the issues with it are well known and would take a book to describe them all. +

+ +

Brave's start page contains analytics

+ Brave will connect to its home page, https://brave.com, automatically on the first run of Brave, and that page contains Piwik's analytics scripts. This is the full request: It will also make a connection to Google to download some fonts. You can disable these on subsequent runs by changing the start page. +

Crash reports

Enabled by default, but can be disabled from the preferences menu.

Other requests

Brave will make a connection to every time it is started up. It probably has something to do with their project of working with advertisers to provide more relevant targeted ads, which sounds pretty disgusting, but can be turned off ("Notify me about token promotions"). You can read more about it here^[3].It will also make this request: , which downloads the rulesets for HTTPS Everywhere.

Brave's privacy protections

Brave Browser also contains in-built privacy protections such as HTTPS Everywhere, AdBlock, cookie blocking, script blocking, and fingerprinting protections - that are configurable site by site. This is commendable of course, but in the end, uMatrix outclasses them. Trackers, for example, easily avoid pure AdBlock (so you will be tracked by Facebook and such), and binary script blocking breaks sites. Nice effort on Brave's part though, and the fingerprinting protection I don't think is found in any other browser (but I didn't confirm if it actually works). +

Credits

+ This article was written by digdeeper.neocities.org
+ Formatting changes were done by the site maintainer. +

Sources

+ 1. + Brave's website + [web.archive.org] +
+ 2. + How to stop autoupdate of brave? + [web.archive.org] + [archive.li]
+ 3. + Basic Attention Token + [web.archive.org] + [wayback.archive-it.org]
+ 4. + Laptop Headers + [web.archive.org] + [archive.fo]
+ 5. + Facebook, Twitter Trackers Whitelisted by Brave Browser + [web.archive.org] + [archive.fo]
+ + 6. + Brave Browser Features + [web.archive.org]
+ + 7. + Script Blocking Exceptions Update + [web.archive.org] + [archive.fo]
+ +

+ This article was last edited on 2/13/2019 +

+ This article was created on 5/7/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/browsers.html b/articles/browsers.html new file mode 100644 index 0000000..86b10fe --- /dev/null +++ b/articles/browsers.html @@ -0,0 +1,142 @@ + + + + + + Spyware Watchdog + + +

Comparison between web browsers

Back to catalog

+It's important to notice that because web browsers and the services they access are built on top of using the spyware protocol HTTP, they CANNOT respect your privacy. +But beyond that, because we have to use web browsers, it's useful to list them by how much spyware they have in them. This purpose of this article is +not to rate each web browser in a vaccum, like articles on this website that focus on one specific web browser, but rather to compare all of the +web browsers that have been rated on this website against each other. This is a ranking that is based on how much Pirvacy a browser offers by default, as well as, how +much privacy can be gained by configuring it. +

Top Tier - Best Privacy

+ These are all browsers that require a minimal amount of configuration and can achive the required level of privacy needed to browse the modern web- compatibility with a + comperhensive suite of content-blocking extensions that can block spyware providers correctly and fully. Iridium and Pale Moon both are configured in a way that leaks + user information and thus require additional configuration. +

+ + + + + + + + + + + + + + + +


TOR Browser	GNU IceCat	Ungoogled Chromium	Iridium Browser Configuration Guide	Pale Moon Configuration Guide

High Tier - Good Privacy

+ These browsers do not have privacy issues, but they also do not have enough privacy features to make it to the highest tier. These browsers both have simple ad-blockers, and + do not have any privacy issues, however, these tools are not as good as the comperhensive privacy tools that Top Tier browsers offer. +

+ + + + + + + + + + + + + + + +


Otter Browser	Falkon

Mid Tier - Ok Privacy

+ These browsers do not have any big privacy flaws, but they also do not have sufficent privacy protections. Qutebrowser has a very basic adblocker in it. Both browsers don't + have access to extensions either. So, it's just not enough to be able to browse the modern web privately, despite the developers not putting spyware into their browsers. +

+ + + + + + + + + + + + + +


Qutebrowser	Sphere Browser

Low Tier - Poor Privacy

+ These browsers do not protect your privacy, but they are not in the lowest tier since they still have something to offer, although, they should not be used in general. +Vivaldi does not let you disable all of the spyware features, Brave whitelists trackers and has forced updates, and Firefox and Waterfox are loaded with spyware, to the point +where configuring them is so non-trivial that you might as well use a version of Firefox that respects your privacy +by default, rather than diving into the uncertainty of digging out all of the spyware features (and repeating the process every time the browser is updated). It's awalys +going to be better to pick a browser higher on this list. + + + + + + + + + + + + + + + +
Brave logo firefox Logo vivaldi Logo Dissenter Logo
Waterfox Brave Firefox Vivaldi Dissenter
+

Shit tier - No Privacy

+ These browsers are unashamedly designed to collect as much information about the user as possible (all are rated EXTREMELY HIGH by the site). Only SRWare Iron has it's source code availible, and all the developers have mistreated their users (complete disregard for privacy and / or false advertising) for a long time. These browsers are actively hostile against their users and thus should not be used at all. +

+ + + + + + + + + + + + + + + + +


Google Chrome	Opera	SlimJet	WebDiscover	SRWare Iron

CCleaner

Back to catalog

+CCleaner, developed by Piriform, is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer. +

Spyware Level: EXTREMELY HIGH

+CCleaner is spyware that collects your personal information to advertise to you. It also sells your information to third parties so that they can advertise to you. +It collects a huge amount of very personal information, like your physical location. CCleaner uses the technique of privacy policy obfusication +where it provides one privacy policy for every single product its company offers, making it more difficult to know what parts of the privacy policy apply to which program. +

CCleaner collects and sells user information to advertisers

+ CCleaner clearly shows in its privacy settings that it is collecting information about your comptuer and selling that information to + advertisers: +

Image Source: ^[2]

+ +

CCleaner tracks a huge amount of personal information

+ If we look at the privacy policy, we can see that CCleaner reports the following^[3]: +

IP Address +
Unique User ID +
Operating System +
Other Avast Products installed +
physical location +

+ Beyond this, CCleaner is integrated with the following spyware platforms, which all collect their own sets of information: +

Google Analytics +
Logentries +

+ It would be very time consuming to go through all of those privacy policies (especially because many of these are obfusicated), but it should be + enough to understand that CCleaner is full of third party spyware, as well as first party spyware. +

CCleaner sends you spam email

From the privacy policy^[3]:

+ "When we collect your email address, we may market our other products and services to you. You may choose to unsubscribe from future email marketing by following the instructions in the email." +

CCleaner tracks your physical location

+ According to the privacy policy, the ccleaner website tries to track your physical location.^[3] +

+ "Our websites use cookies to acquire data that may be used to determine your physical location via your Internet Protocol address (“IP Address”) and automated geolocation techniques, or to acquire basic information about the computer, tablet, or mobile phone that you use to visit us." +

+ "location data" is also mentioned when talking about the information that ccleaner itself collects about it's users. +

Past Security Flaws

+In the past, CCleaner has been compromised and backdoors have been added to it.^[1] +

Sources

+ 1. + + Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users + + [web.archive.org]
+ 2. + CCleaner Privacy Issue + [web.archive.org] + [archive.is]
+ 3. + What Happens to Your Data + [web.archive.org] + [archive.is]
+

+ This article was last edited on 8/21/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/cdex.html b/articles/cdex.html new file mode 100644 index 0000000..efc28a3 --- /dev/null +++ b/articles/cdex.html @@ -0,0 +1,46 @@ + + + + + + Spyware Watchdog + + +

CDex

Back to catalog

+ CDex is an Open Source Digital Audio CD Extractor. +

Spyware Level: Low

+ CDex's installer bundles it with spyware, and it will randomly suggest a spyware program to the user, with a chance to opt-out. + Usually it attempts to bundle itself with the webdiscover browser and one time I got it to try and offer me an antivirus program, but + I wasn't able to reproduce this. The program was tested on Windows 7 32-bit with Microsoft Network Monitor 3.4 and Wireshark 2.6.2. + The version of the program tested was 2.06. It did not make any connections to the internet that my + tests were able to find. To test the program I ripped the audio files out of a CD with both network monitoring programs open. +

Bundling with spyware

+ CDex attempts to bundle it self with the WebDiscover web browser. This is an Opt-out and not an Opt-in like it should be. + This program is spyware, because according to it's privacy policy^[1], it collects information about it's users. +

Sources

+ 1. + WebDiscover Privacy Policy + [web.archive.org] + [archive.is]
+

+ This article was last edited on 7/29/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/chrome.html b/articles/chrome.html new file mode 100644 index 0000000..1f39deb --- /dev/null +++ b/articles/chrome.html @@ -0,0 +1,116 @@ + + + + + + Spyware Watchdog + + +

Google Chrome

Back to catalog
+ Spanish Translation + [qorg.xyz] + [4knomcor76uif5na.onion] + [archive.is] +

+Google Chrome is a web browser developed and distributed by Google. +

Spyware Level: EXTREMELY HIGH

+This program is spyware because... +

Google Chrome is not fully open source

+Large parts of Google Chrome are open source, however not all of them are, and this prevents people from checking the entire software for potential spyware features that are not disclosed. +

Google Chrome tracks the user's search history

+Google Chrome contains several spyware features that reply on the user's search history being uploaded to Google servers. This is confirmed by the language in the privacy policy^[1], clarifying the spyware features that rely on this. +

+The first spyware feature is Google Chrome's integration with the "Google Account" spyware platform. " If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches you perform using the address bar in Chrome are stored in your Google account. " +

+Google Chrome also contains a spyware feature called "Search prediction service". It is explained that: "When you search using the address bar in Chrome, the characters you type (even if you haven’t hit "enter" yet) are sent to your default search engine. If Google is your default search engine, predictions are based on your own search history, topics related to what you’re typing and what other people are searching for." +

+There is also the spyware feature "Navigation Assistance" which states that: "When you can’t connect to a web page, you can get suggestions for alternative pages similar to the one you're trying to reach. In order to offer you suggestions, Chrome sends Google the URL of the page you're trying to reach. " +

Google Chrome profiles your computer usage

+In the privacy policy^[1], Google details the extreme spyware feature it labels "Usage Statistics and Crash Reports". What it does, is it sends very detailed information about your hardware and computer usage, which confirms that it definitely contains the following spyware features:

A tracker that records mouse input over time
A tracker that profiles memory usage

+But, it can also be extrapolated from the vauge language that Chrome could and probably does monitor what other programs you have open. Either way, it is an extreme amount of information being collected, since it can be used to recreate what the user is doing on their desktop at all times. Chrome clarifies that this information is being sent whenver a website is being "slow" or whenever Google Chrome crashes. +

Google Chrome is integrated with Google Payments

+Google Payments is a spyware service that records your banking information and sends it to Google.^[2] This service is integrated into the Google Chrome browser, which makes it another opt-in spyware feature in the software. +

Google Chrome contains a keylogger

+This was confirmed in multiple places^[3]^[4]. Basically, whenever you type into the search bar, that information is sent to Google. You can apparently turn it off by opting out of the "suggestion service". +

Google Chrome records your voice

+Google Chrome is confirmed to be constantly listening to any open microphones on your computer. This can be found in this statement^[5] in a privacy publication. "Voice & audio information may be collected. For example, if your child uses audio activation commands (e.g., "OK, Google" or touching the microphone icon), a recording of the following speech/audio, plus a few seconds before, will be stored to their account…" This feature is opt-in if you are using the "Google Accounts" spyware platform and specifically tell Google to build a profile of your child. It's unverified wether or not Google uploads information it listens too to its servers outside of this feature. +

Google Chrome saves user passwords on Google Servers

+Any password stored in Google Chrome's "password management" feature is uploaded to Google if you sign into the "Google Accounts" spyware platform. +

Google Chrome profiles users in other various ways

+According to the privacy policy^[1], Google Chrome profiles what kinds of web forms you fill out, as well as what kind of language the content you consume is primiarily in. Google Chrome also creates a unique identifier for each install you do. This unqiue identifier is sent to Google whenever you start the browser, so that Google can create a consistent user identity for you, unermining anonymity. Google also stores all of your settings on it's offical servers when using the "Google Accounts" feature. +

Google Chrome is self-updating software

+Google Chrome has an updater which is constantly running in the background and syncing with Google servers to check for updates. The updater will download and run unverified binaries from Google when it updates Google Chrome. It is impossible for an automatic updater service such as this to verify that the updates are not spyware and/or do not contain additional spyware features. +

Sources

+ 1. + Google Chrome Privacy Notice + [archive.is] + [web.archive.org]
+ 2. + Google Payments Privacy Notice + [web.archive.org]
+ 3. + Google Chrome – Spyware? Confirmed? + [web.archive.org] + [archive.li]
+ 4. + Google Chrome a Keylogger – Privacy Concerns + [web.archive.org] + [archive.li]
+ 5. + Privacy Notice for Google Accounts Managed with Family Link (“Privacy Notice”) + [web.archive.org] + [archive.li]
+

+ This article was last edited on 12/12/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/chrome_es.html b/articles/chrome_es.html new file mode 100644 index 0000000..ef909c4 --- /dev/null +++ b/articles/chrome_es.html @@ -0,0 +1,107 @@ + + + + + + Spyware Watchdog + + +

Google Chrome

Back to catalog (English)
+ Back to catalog (Spanish)
+ English Translation
+ Mirrors: + [qorg.xyz] + [qorglaofrwqdj4is.onion] + [archive.is]

Google Chrome es un navegador web desarollado y distribuido por Google

+ +

Nivel de spyware: EXTREMADAMENTE ALTO

+ +

Este programa es spyware porque...

Google Chrome no es completamente libre

Muchas partes de Google Chrome son libres, pero no todas de estas lo son. y esto no permite que se compruebe que no es spyware

Google Chrome rastrea el historial

+ +Google Chrome contiene mucho spyware que responden en el historial de la busqueda de usuario. Esto es confirmado en la política de privacidad de Google Chrome^[1]
+ +

La primera caracteristia de spyware de Chrome es la integración con la "Cuenta de Google" (Que es spyware en si). Explica que: "Cuando buscas usando la barra de direccion de google, los caracteres que has escrito (incluso si no has pulsado enter todavia) son enviados a tu motor de busqueda. Si Google es tu motor de busqueda por defecto, las predicciones estan basadas en tus busquedas +

+
+

+ Encima tiene otro spyware llamado "Asistencia de naveegacion" que dice que "Cuando no puedes conectarte a una página web, puedes obtener sugerencias para páginas alternativas (Vamos, que Google Chrome envía la dirección a la que has intentado entrar para darte otra

+Google Chrome recopila el uso de tu ordenador + +

En la política de privacidad Google admite el estupidamente alto spyware llamado "Estadisticas de uso y reportes de errores fatales" Lo que hace es recopilar (y enviar) informacion de tu ordenador extremadamente especifica sobre tu hardware y el uso de tu ordenador, y obviamente, tiene esto +

Un rastreador que graba el cursor
Un rastrador que graba el uso de memoría (RAM)

Google Chrome está integrado con Google Payments

+ +

Google Payments es un spyware que graba tus datos bancarios y los envía a Google^[2] Este servicio esta integrado en Google Chrome, lo que hace un spyware opt-in en el programa. +

Google Chrome contiene un keylogger

Esto fue confirmado en muchos sitios ^[3][4] Basicamente, cualquier cosa que escribas en la barra de busqueda será enviada a Google. se puede, aparentemente, desactivar. +

Google Chroome graba tu voz

Está confirmado que Google Chrome esta constantemente grabando micros en tu ordenador. Esto se puede ver en esta referencia ^[5] dice: "Audio y voz puede ser recolectada, por ejemplo, si su hijo usa comandos de activacion (Ejemplo, "Ok, Google" o tocando el icono del microfono) se grabara Tambien unos segundos despues " Esta caracteristica es Opt-in si usas las "Cuentas de Google" y si le dices a Google para hacer un perfil para tu hijo, es imposible saber si Google sube estos audios a sus servidores

+ +

Google Chrome guarda contraseñas en sus servidores

Cualquier contraseña guardada en el gestor de contraseñas de Chrome es subida a los servidores de Google si inicias sesión en Google Chrome

Google Chrome recolecta profiles de usuario de otras formas

Según su política de privacidad^[1] Google Chrome guarda lo que rellenarías en formularios de paginas, tambien el idioma en el que mas consumespaginas web, Google Chrome, encima, crea un identificador unico porcada instalación, esto se envía a Google cada vez que abres el navegador, esto quiere decir que Google crea una identidad tuya propia, Google tambien, como ya lo he dicho, mas de una vez, Google guarda todos tus datos si inicias sesión en Chrome con tu cuenta de Google

Google Chrome se actualiza automáticamente +

+ Google Chrome tiene un actualizador que constantemente va en segundo plano y sincronizandose con los servidores de Google en busca de actualizaciones. Esto lo que hace es descargar y abrir los binarios no verificados cada vez que Google actualiza Chrome. Es imposible para un software con actualizaciones automaticas verificar si es o no spyware +

Mas cosas

+ Reasons not to use Google + [web.archive.org] + [archive.is]
+ + Welcome to the Botnet. Or, The Case Against Google Chrome + [web.archive.org] + [archive.is]
+ +

Referencias

+ +

+ This article was created on 11/23/2018
+ This is a translation of the english article. It may become outdated- compare the dates on both articles. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/discord.html b/articles/discord.html new file mode 100644 index 0000000..ec29e0a --- /dev/null +++ b/articles/discord.html @@ -0,0 +1,244 @@ + + + + + + Spyware Watchdog + + +

Discord

Back to catalog
+ Spanish Translation + [qorg.xyz] + [qorglaofrwqdj4is.onion] + [web.archive.org] + [archive.is]

+ +

+Discord is an instant messaging application for MacOS, Windows, Linux, +Android, and iOS. Discord is used to communicate via voice chat and +text chat, and has image-sharing and file-sharing capabilities. +

Spyware Level: EXTREMELY HIGH

+ + Thanks to Richard Stallman for linking to our article here! The spotlight is very much appreciated. +
+

+Discord is spyware because it collects all information that passes +through its communication platform. As Discord is a centralized +communication platform, all communications have to go through Discord's +official servers, where all of that information can potentially be +recorded. The vast majority of said information has been confirmed +to be recorded, such as all communications between users. Discord has +also been confirmed to use other spyware features such as various forms +of telemetry. Discord's main source of income is from investment, from which + it has received over $279.3 million dollars^[4]. Discord cannot be built from +source and the source code for Discord is unavailable. +

Discord does not make its source code available

+It is impossible to download and examine Discord's source code, +which means that it is impossible to prove that Discord is not +spyware. Any program which does not make its source code available is + potential spyware. +

Discord confirms that it collects large amounts of sensitive user data

+Discord explicitly confirms in its privacy policy^[1] that it collects the following information: +

IP Address
Device UUID
User's e-mail address
All text messages
All images
All VOIP data (voice chat)
Open rates for e-mail sent by Discord

+Discord does not explictly confirm that it collects this information, but still collects it by default: +

Logs of all of the other programs that are open on your computer

+The implications of this information can be broken down like this: By +recording your IP address, Discord can track your general location +(about as precise as which county you are in). Discord can also tell +which devices you use, as it uniquely identifies each device, and how + much you use those devices, as it can record your device usage habits +(since Discord is usually open in the background so that it can receive +messages). Discord also records every single interaction you have with +other users through its service. This means that Discord is confirmed +to log every conversation that you have through Discord, and record +everything that you say on Discord, and view all images that you send + through Discord. Therefore, none of your interactions on Discord are +private. Discord's privacy policy also contains several occurrences of + phrases such as "including but not limited to," which is an explicit +confirmation that Discord contains more spyware features that are not +disclosed to the user. +

Discord contains features which allow integration with other spyware platforms

+Discord contains the opt-in spyware feature known as "social media +integration." This allows you to sync your persistent user identity +on Discord with your persistent user identity on other spyware +platforms, such as Facebook and Twitter. In its privacy policy^[1], + Discord has confirmed that if you opt in to this spyware feature, +Discord will obtain an undisclosed amount of access to information +obtained about you by the spyware platforms that you choose to sync +with. +

Discord contains a process logger

+Discord has been confirmed to monitor the open processes on your +operating system. This is a spyware feature known as a "process logger" +that is generally used to record your program usage habits. This was +confirmed by the CTO of Discord in a Reddit thread.^[2] + In the same thread, the CTO also elaborates that this spyware feature (the monitoring of processes) is +mandatory for several features of the platform. The CTO and a Discord engineer go on + to claim that Discord does not use the process logger to send records +of the open processes on the user's computer. +

+The test to prove that Discord logs processes was done again by the writer with procmon on 4/11/2019 with +the features: "Use data to customize my Discord Experience" and "Display currently running game as a status message" +turned off. Discord did NOT log all of the processes open this way. +However when setting the "Display currently running game as a status message" turned on, the behavior +described in^[2] was replecated. You can see that behavior here: +

Discord process logging as described in [2] confirmed with procmon

+ It turns out that this feature can be disabled through the UI. Because of the nature of closed-source + software it isn't possible for either this article or the Discord developers to prove how much information is being sent to + Discord's servers when the process logger is turned on. But it's at least possible to turn it off. +

Discord uses it's process logging for advertising

+ Discord shows this in it's privacy option here: +

+ That the process logging features of Discord are now being recorded on Discord's servers as a form of telemetry (spyware), + and removes speculation about why this feature exists. It is clarified by Discord that this spyware feature is used for advertising + to it's users.^[8] This means that Discord is recording the programs you have open to build + a statistical model of what programs you might buy/lisence in the future. +

Discord confirms process logging is used for advertising

+ +

Discord tries to force some users to give their Telephone numbers

+Discord will lock users out of it's service and will not allow them to continue using it without giving their phone number or contacting Discord +support. This kind of feature is designed to extract very personal information out of it's users (phone numbers). The criteria for locking out +users isn't known. +

+ +

Discord receives government requests for your information

+Discord has confirmed in an email correspondence^[6] + that it does receive government requests for information. So, we know +that the government potentially has access to all of the information +that Discord collects about you. You can read a copy of the email image +posted in the source here in case the link there dies. +

Speculation on Discord's future

+It's unknown whether Discord currently is or isn't selling user information. Currently Discord has been able +to consistently raise new invesment capital, which is at a level where it could reasonably be covering +all of its operating costs. However, Discord, like any other company, is not going to exist in a +constant state of investment. Discord is going to have to transition away from an investment-financed +business model to a revenue model that exclusively relies on generating revenue from the users of the +platform. +

+Discord has several ways of making money. It can lisence emoji's and other features of the program with +Discord Nitro^[5], or it can make money lisencing video games through it's +new online store, as a competitor to Steam. However both of these revenue +sources may not be enough. Discord has raised $279.3 million dollars^[4] +and it has to return on this investment. (which is more than 279.3 million dollars that has to be paid back) +

+If Discord is not able to satisfy it's obligation to it's investors, it has a third option- selling user information +to advertisers. Discord is already datamining it's users to produce it's recommendation system,^[8] which means that it +is already turning it's userbase into extremely valueble, sellable, advertising data. Discord has 130 million users^[7], +and it can produce a statistical model of what games each user (who does not opt-out of advertising) owns, plays, and wants to buy. +This is incredibly valueble information that Discord can sell if it cannot reach it's profit obligations with it's current +revenue model. If Discord is a successful games store, then it wont need to do this. But if Discord gets in financial trouble, +it probably will be forced to liquiate this asset. +

+ +

Sources

+ 1. + Discord Privacy Policy + [web.archive.org] + [archive.is]
+ + 2. + Why is Discord recording our open programs and uploading them? + [web.archive.org] + [archive.is]
+ + 3. + Discord + [wayback.archive-it.org] + [archive.is]
+ + 4. + Crunchbase + [web.archive.org] + [archive.is]
+ + 5. + Discord Nitro + [archive.is]
+ + 6. + Discord receives government requests. No plans on adding E2E Encryption any time soon. + [archive.is] + [web.archive.org]
+ + + 7. + Number of registered Discord users + [web.archive.org]
+ + + + 8. + Data Privacy Controls + [web.archive.org]
+

+ +

+ This article was last edited on 4/11/2019 +

+ This article was created on 11/23/17 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ \ No newline at end of file diff --git a/articles/discord_es.html b/articles/discord_es.html new file mode 100644 index 0000000..b598947 --- /dev/null +++ b/articles/discord_es.html @@ -0,0 +1,143 @@ + + + + + + Spyware Watchdog + + +

Discord

Back to catalog (English)
+ Back to catalog (Spanish)
+ English Translation
+ Mirrors: + [qorg.xyz] + [qorglaofrwqdj4is.onion] + [web.archive.org] + [archive.is]

+ Discord es un programa de mensajería instantanea disponible para MacOS, GNU/Linux, Android, Windows, Android e iOS. +Discord puede usarse para comunicarse vía voz y chat de texto, también se puede usar para compartir archivos e imágenes. +

Nivel de Spyware: EXTREMADAMENTE ALTO

+Discord es spyware por que recolecta toda la información que pasa por su plataforma de comunicacón. Discord es una plataforma de comunicaión centralizada, todas las comunicaciones deben ir por los servidores oficiales de Discord. Donde toda la información puede ser grabada, la gran mayoría de la información dada esta confirmada. Taén se ha confirmado que Discord usa mas spyware como formas de telemetría. La mayor fuente de ingresos de discord, que ha recibido $129 millones de dolares. Discord no puede ser compilado por que no es un programa libre. +

+Discord no hace su código fuente disponible. +

+Es imposible descargar y examinar el código fuente de Discord, lo que hace imposible probar queDiscord no es spyware. Cualquier programa que no haga su código fuente disponible es potencialmente spyware +

+Discord confirma que recolecta varia información de los usuarios. +

Discord does not make its source code available

Discord confirma en su política de privacidad ^[1] que recolecta la siguiente información

Direccion IP +
UUID del dispositivo +
E-Mail del usuario +
Todos los mensajes de texto +
Todas las imagenes +
Todas los mensajes de voz (Las llamadas) +
Los E-mails mandados por discord +

+Discord no confirma que recolecta esta informacion, pero lo hace +

Lista de todos los programas que estan abiertos en tu ordenador +

+La siguiente información puede usarse para: +Saber donde vives (El pais exacto) +Discord puede decir exactamente en que dispositivo estás +Puede saber todo lo que hace (Pues incluso en movil, discord corre en segundo plano, para recibir mensajes) +Discord tambien recolecta la información que le pasas a otros usuarios. Esto significa que Discord puede ver los mensajes, imagenes, y archivos enviados. +En otras palabras, ninguna conversacion mantenida en discord es privada. +

Discord tambien tiene integración con otras plataformas de Spyware

+Discord contiene "opt-in" conocido como "Integración con redes sociales" Esto hace que Discord sepa de tu identidad. +Plataformas como Facebook y Twitter, en su politica de privacidad. Discord confirma que si lo vinculas a el mismo, Discord obtendrá datos de tus redes sociales. +

Discord contiene un listado de procesos.

+Está confirmado que discord tiene un monitor para ver los procesor que que corren en tu sistema operativo. Este spyware es conocido como "Listador de procesos" +Se usa mas que nada para grabar tus habitos de uso de programas. +

+Esto ha sido confirmado por el CTO de Discord en un hilo de Reddit^[2] +En el mismo hilo, el CTO admite que es obligatorio este spyware y no puede ser removido. El CTO y un ingeniero de Discord dice que no es spyware, pero no puede ser confirmado. +

La mayoria de ingresos de discord viene de vender datos.

+ Discord esta esclusivamente confiado en la informacion que los usuarios generan. Esto significa que la mayor fuente de ingresos es recolectar datos de usuarios, otras fuentes son secundiaria. Discord tiene 4,2 millones de usuarios en su plataforma^[3] sin otras inversiones, esto es casi toda el dinero generado por la mineria de datos de sus usuarios, discord tiene $129 millones de dolares en inversion ^[4] desde 2012. Discord tiene 45 millones de usuario, por lo que pueden recolectar MUCHISIMOS datos. El "Principal" medio de llegada de Ingresos de discord es Nitro^[5] realisticamente, no puede ser la principal + fuente de ingresos de discord, especialmente por que Nitro es relativamente reciente.

+ +

Discord recibe peticiones de gobierno para tu informacion

+ Discord ha confirmado de una de sus correspondencia de E-mail ^[6] donde confirma que recibe peticiones del gobierno de informacion, asi que podemos saber que el gobierno tiene toda la informacion que Discord ha recolectado de ti aqui +por si el link muere. +

Mas cosas

Referencias

+ +

+ This article was created on 11/18/2018
+ This is a translation of the english article. It may become outdated- compare the dates on both articles. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ \ No newline at end of file diff --git a/articles/dissenter.html b/articles/dissenter.html new file mode 100644 index 0000000..f3c97ea --- /dev/null +++ b/articles/dissenter.html @@ -0,0 +1,100 @@ + + + + + + Spyware Watchdog + + + +

Dissenter

Back to catalog

+Dissenter is a web browser and plugin released by the social network company Gab. +

Spyware Level: High

+The Dissenter browser is a fork of the Brave web browser. It phones home to +Brave for autoupdates and safebrowsing, which is hosted by Brave. The default search engine is DuckDuckGo. +The browser has two extensions preinstalled. One extension, "Shields", blocks certain advertisment scripts. The other, +"Dissenter" allows you to access the Dissenter social network. This extension phones home to several places whenever you open it, +including Google and Twitter. The Dissenter social network also inherently must collect more information about the user's browsing +habits than the current alternatives that already exist. +

Phoning home

+When the Dissenter Browser is started, it will make several connections to Brave's autoupdate services: +

+Every once in a while, the Browser will send a request to Brave's instance of the Google safebrowsing service: +

+ Whenever the Dissenter extension is opened, it will phone home to several companies: +

+ This includes: +

Google
Twitter
Doubleclick (Google owned telemetry company)
FontAwesome
Cloudflare

+ This happens every time the extension is opened. +

Opt-out telemetry

+ Dissenter will sent crash reports to Gab automatically. This is on by default and you have to opt-out. +

+ "When Gab crashes, it creates a report that can be sent to us to help us fix whatever caused the problem. This report contains technical information about your computer system which is typically distinctive. You can choose whether to send us these reports. Even if you have chosen to send reports in the past, you can turn off future reports in settings. Crash reports may contain personal information." + ^[1].

Dissenter bypasses it's own tracker filter

+ Dissenter comes with it's own content blocker called Shields that is meant to block trackers as you browse the web. + This content blocker can block requests made by regular websites, but it does not block content that + is loaded by the Dissenter extension. The Dissenter extension makes requests to trackers that would have been + blocked by it's own filter- by it's own standards Dissenter makes connections to + tracking websites that are not necessary and not private. The spyware site googleads.g.doubleclick.net + is correctly blocked by Shields when a normal website tries to access it, but this connection is not blocked when Dissenter accesses it... + This is an interesting double standard when it comes to privacy. +

Inherent issues with Dissenter

+ Dissenter has the inherent problem that it associates the web pages you have visited with the discussions you are having or trying to have. + If you want to check an article's comments on Dissenter, you have to tell Gab that you visited that article. This gives Gab a very good profile + of what sites you visit and what articles you read. Currently alternatives exist to this model that are already in place. For example, you can + create a thread on an Imageboard, Reddit-like website, or other web forum format, which sets an archived link to the article as the topic of discussion. + This format is much more private because the parties involved have much less information about what their users did. The news website has no + idea who read it's article, because the traffic went to the archival service. The forum that you can freely comment on also doesn't know what + articles you looked at or what discussions you tried to have. If we only consider privacy, this method is a somewhat better way of acheiving this goal. +

Sources

+ 1. + Dissenter Privacy Policy + [web.archive.org] + [archive.is]
+

+ This article was last edited on 5/24/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 license to be accepted. +

+ + + + diff --git a/articles/duckduckgo.html b/articles/duckduckgo.html new file mode 100644 index 0000000..6068948 --- /dev/null +++ b/articles/duckduckgo.html @@ -0,0 +1,81 @@ + + + + + + Spyware Watchdog + + +

DuckDuckGo

Back to catalog
+ Spanish Translation

+DuckDuckGo is a search engine created by Gabriel Weinberg and owned by Duck Duck Go, Inc. +

Spyware Level: Possible Spyware

+ DuckDuckGo is a search engine that claims to protect the privacy of its users.^[1] Since this a centeralized service, there is no way to prove that it isnt spyware just by + looking at the technology that it uses. There are some red flags that could cause you to doubt that this service is truly private, and so this article will just list them + here to help you decide on whether or not to use this service. Ultimately there isn't proof that DuckDuckGo is spyware- but a few reasons to suspect it of being spyware. Even though, it's worth noting that + DuckDuckGo offers an onion domain... so you don't need to trust it to use it as long as you acess it through TOR. +

DuckDuckGo is hosted in the USA

+ Since the US Government has been known to compromise services similar to DuckDuckGo, its reasonable to fear that it might compromise DuckDuckGo.^[2]^[3] We dont know if DuckDuckGo has + been compromised by the US Government, but we do know that it is not a difficult task for the US Government to do that. +

DuckDuckGo has violated its privacy policy in the past

+ DuckDuckGo is not consistent with its prviacy policy and has directly violated it before.^[2] If a service cannot follow its own privacy policy, then you can't expect it to protect + your privacy. +

Tracking pixels and other spyware

+ DuckDuckGo uses clear gifs from the domain improving.duckduckgo.com. This is a tracking technique and can be used to collect analytics about your web browser. + Whenever you use DuckDuckGo, several requests will be sent to this domain.^[4] This is of course not the kind of behavior that you would expect from a privacy concerned website, but there it is. Do you trust DuckDuckGo to collect "anonymous" analytics about you? +

Futher Reading

+ /tech/ FAQs - DuckDuckGo + [web.archive.org] + [archive.is] + [www.webcitation.org]
+

+ +

Sources

+ 1. + DuckDuckGo Privacy Policy + [www.webcitation.org] + [arquivo.pt] + [archive.is]
+ + 2. + Still trust DuckDuckGo? (dead link) + [archive.is] + [web.archive.org]
+ + 3. + DuckDuckGo: The mistaken belief of the NSA-safe search engine*
+ + 4. + Site Improvements + [web.archive.org]
+

+ *This is a machine-translated mirror of an article written in German hosted here. Links to the original article can be found on that page. +

+ +

+ This article was last edited on 9/16/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/duckduckgo_es.html b/articles/duckduckgo_es.html new file mode 100644 index 0000000..c26358b --- /dev/null +++ b/articles/duckduckgo_es.html @@ -0,0 +1,63 @@ + + + + + + Spyware Watchdog + + +

DuckDuckGo

Back to catalog (English)
+ Back to catalog (Spanish)
+ English Translation

DuckDuckGo es un motor de busqueda creado por Gabriel Weinberg y mantenido or Duck Duck Go, inc

Nivel de spyware: Posiblemente spyware

DuckDuckGo es un motor de busqueda que jura proteger la privacidad de sus usuarios ^[1]debido a que es un servicio sentralizado, no es posible saber si es spyware viendo la tecnologia que usa. hay algunos avisos para dudar si es realmente privado. Este artículo es solo para hacerte decidir si usar o no este servicio. Ultimamente no hay prueba de que DuckDuckGo es spyware. Pero hay algunas razones para sospechar de ser spyware, de todas formas, esta bien saber de que DuckDuckGo Ofrece un dominio onion asi que no debes dudar en usarlo si estás en TOR

DuckDuckGo está alojado en Estados Unidos

Desde que el gobierno de Estados Unidos manipula servicios similares a DuckDuckGo, Es posible que tambien haya manipulado a DuckDuckgo^[2][3] Nosotros no sabemos si DuckDuckGo ha sido manipulado por el Gobierno de EEUU, pero si sabemos que es fácil para ellos hacerlo

DuckDuckGo ha violado su política de privacidad en el pasado

Se sabe que DuckDuckGo no ha cumplido con su política de privacidad en el pasado ^[2]Si un servicio no puede seguir su propia política de privacidad, entonces no puedes esperar que protegan tu privacidad

Seguimiento de pixeles y otro spyware

DuckDuckGo usa gifs en blanco para el dominio improving.duckduckgo.com esta es una técnica de seguimiento que puede ser usada para recolectar estadísticas de tu navegador. En cualquier caso, si usas DuckDuckGo enviara varias peticiones a ese dominio^[4]Esto no es, por supuesto, el tipo de comportamiento que esperas de un servicio que jura proteger tu privacidad

+ +

Mas

+ /tech/ FAQs - DuckDuckGo + [web.archive.org] + [archive.is] + [www.webcitation.org]
+

+ +

Referencias

+ This article was translated on 1/15/2019
+ This translation may become out of date. Compare dates with the english article. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/example.html b/articles/example.html new file mode 100644 index 0000000..df0be07 --- /dev/null +++ b/articles/example.html @@ -0,0 +1,45 @@ + + + + + + Spyware Watchdog + + + +

Example Article

Back to catalog

+This part of the article should have the name of the program and what it does, and who develops it. +

Spyware Level: Not Rated

+A breif explanation of what the software does, and a summary of the rest of the article, should go here. This paragraph is for readers +who don't want to read the entire article and it should assert all of the things that the rest of the article proves below. +

Spyware Feature X

+This program has spyware feature X in it. There should be some kind of proof here. If it doesn't contain original research, the source +should be cited like this: ^[1]. +

Sources

+ 1. + Example Source + [web.archive.org] + [archive.is]
+

+ This article was last edited on 7/30/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 license to be accepted. +

+ + + + diff --git a/articles/explorer.html b/articles/explorer.html new file mode 100644 index 0000000..43bb9c9 --- /dev/null +++ b/articles/explorer.html @@ -0,0 +1,57 @@ + + + + + + Spyware Watchdog + + +

Internet Explorer

Back to catalog

+Internet Explorer is a Web Browser distributed by Microsoft with most versions of the Microsoft Windows Operating system. +

Spyware Level: EXTREMELY HIGH

+Internet Explorer contains many serious spyware features, however all of these features appear to be "opt-out" features. It is not verified whether or not opting out will actually disable all of these features, or if there are other spyware features that are not known which cannot be opted out of. Internet Explorer can record your search history and location, and report that information to Microsoft. Internet Explorer is not the worst spyware, but it is still loaded with spyware features that can mine serious information from users. +

Internet Explorer does not have available source code

+Internet Explorer cannot be built from available source code. This means that it is impossible to prove that it is not a spyware program or that it does not have unknown spyware features inside of it. +

Internet Explorer is self-updating software

+Internet Explorer can be updated through spyware programs such as Windows Update^[1]. Automatic software updates are a spyware feature becuase they cannot be verified to be non-spyware by the user. Luckily, this spyware feature is opt-out and can be turned off. +

Internet Explorer sends your search history to Microsoft

+Internet Explorer contains a spyware feature called "flip ahead"^[1]. Flip ahead will periodically send your browsing history to Microsoft. This spyware feature is opt-out and can be disabled. Microsoft claims that the information it recevies is encrypted to protect user privacy and santized to prevent personal information from being stored. This is unverifiable. Microsoft confirms that it does use the information obtained from flip ahead to build statstical models of your browsing habits. Other spyware features such as "Smartscreen filter", and "Suggested Sites" also confirm that they send your internet history to Microsoft. +

Internet Explorer can track your location

+Internet Explorer has the spyware feature commonly referred to as "location services", which is a feature that allows it to track the location of the user. The privacy statement^[1] explains that your location is obtained through a "Microsoft Location Service". Which means that your location is sent to a Microsoft server. Microsoft does not elaborate on what it does with this data or whether it stores this data. This spyware feature is opt-out. +

Internet Explorer has an anti-privacy search engine by default

The default search engine is Bing which datamines its users and sells that information to advertisers.

+ +

Sources

+ 1. + Internet Explorer 10 privacy statement + [webarchive.loc.gov] + [web.archive.org] + [archive.is]
+

+ +

+ This article was last updated on 2/18/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/falkon.html b/articles/falkon.html new file mode 100644 index 0000000..1371bb9 --- /dev/null +++ b/articles/falkon.html @@ -0,0 +1,37 @@ + + + + + + Spyware Watchdog + + +

Falkon

Back to catalog

+Falkon is a KDE web browser using QtWebEngine rendering engine, previously known as QupZilla. +

Spyware Level: Probably Not Spyware

+ When another contributor tested this browser on linux, it made no unsolicied connections. When I ran it on windows, it connected to + a domain unrelated to the homepage (duckduckgo). But, i'm not sure what it was for, and it wasn't reproduced on linux. This browser is probably fine, but + you should run your own tests and email me about what you found or didn't find. +

Phoning Home?

+ On the first run of Falkon, using the 32-bit windows version, it connected to these addresses, even though I was on it's homepage, which seems to be + locally stored because it does not create any requests when I go to it normally. I don't know what these are for. + Maybe it's a form of phoning home? The first IP is for the domain: github.map.fastly.net which seems to be part of a CDN. +

+ This article was last edited on 8/24/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/firefox.html b/articles/firefox.html new file mode 100644 index 0000000..e627096 --- /dev/null +++ b/articles/firefox.html @@ -0,0 +1,268 @@ + + + + + + Spyware Watchdog + + +

Mozilla Firefox

+ Back to catalog
+ Mitigation Guide +

+ Mozilla Firefox is one of the most popular and longest existing + browsers. Its developers have earned it a reputation for being a "privacy and security-based browser, respecting the user" - but is it justified, or just marketing? In fact, over the years they have made several anti-privacy (and generally anti-user) decisions, but this article will focus exclusively on spying. Version tested: 52.5.0, with the default settings. Program used for testing requests: Mitmproxy. +

Spyware Level: High

+ After following the mitigation guide, this software is Not Spyware. +

It sends a lot of different data very often (some of which could + uniquely identify you). All the "services" that it provides, such as + its default search engines and Pocket, are anti-privacy. The rating isn't higher + because at least you can turn off or modify most of it, though + it often requires diving deep into about:config.

+ +

Phoning home

+ Whenever you start Firefox, it makes this request:

In fact, it makes it every time you go to a website, and even a few times in a row for a single website. So Firefox "phones home" all the time, without your knowledge. Can be disabled ONLY in about:config. But, since you've already started Firefox, it will make this request at least once. +

+ +

Automatic connections to some websites you've visited, including their trackers

+ Websites you visit most often are added to the New Tab panel. When you then open a new tab, Firefox will sometimes make requests to the sites in there, including some of their trackers. I haven't determined how it works yet. Sometimes it doesn't make the requests at all; other times you end up with hundreds of images, scripts, trackers, etc. loaded simply because you opened a new tab (without visiting any website explicitly). + Was NOT able to find a way to disable this, even in about:config. +

+ +

Firefox tracks users with Google Analytics

+Firefox has been integrated with the spyware platform called "Google Analytics"^[1]. Firefox has been confirmed to now send analytics to Google. According to a Firefox developer the spyware in Firefox is "extremely useful to us and we have already weighed the cost/benefit of using tracking." and that Firefox will not remove Google Analytics support entirely. Firefox's position on privacy is made very clear with this quote: +

"Wanted to address your position though: + +We don't give the "data directly to Google". See the discussion here: https://bugzilla.mozilla.org/show_bug.cgi?id=858839. The short version is: + +tl;dr: We now have an option to opt-out of Google doing anything with the data that Google Analytics collections on Mozilla websites. GA tracking is anonymous and at the aggregate level and we use it to improve the experience of our websites. +We are collecting aggregate and non-identifiable data in numbers to ensure our development/UX changes are met well. We can respect privacy and still have analytics; in fact Mozilla's aim is for an experience that values user privacy and usability (I'd say Apple also wants UX that fits that mold, as an example). We need some data, anonymised and aggregated, to do this. +"

+The best takeaway to this is that Mozilla wants to pretend that including spyware in their program is somehow not a breach of privacy, and that Firefox could possibly be respecting user privacy while simultaneously collecting data on users and sending it to Google. It's strongly suggested to read the github thread and the further anti-privacy statements the Mozzilla employee makes while defending the spyware features in Firefox. It's very dangerous to assert that there is somehow a middle ground between respecting user privacy and datamining the user. +

"Safe" Browsing?

+ Allegedly used to protect you from "phishing" websites, but in the end, it makes a bunch of requests to Google every 30 minutes (according to Mozilla), including a POST request with your Firefox version and a unique, persistent, hidden cookie. Since whenever the current URL matches an entry in the cached local blacklist a request is made to Google servers, ostensibly to test whether that website is still on the master online blacklist, it allows Google to monitor specific websites transparently to the user by putting the URLs of interest on the local but not the online blacklist.
Can be disabled ONLY in about:config. +

+ +

Firefox Health Report

+ From the horse's mouth: "For example, FHR sends data to Mozilla on things like: operating system, PC/Mac, number of processors, Firefox version, the number and type of add-ons. The data collected by FHR is tied to a Document ID that corresponds to a browser installation (explained above in question #4) so that the data can be correlated across a limited window of time."^[2] Also, according to Mozilla, new versions of Firefox will also collect telemetry data by default. Can be disabled through the GUI. +

+ +

Anti-privacy search engines by default

Old versions of Firefox had Google as the default search engine, + which is obviously anti-privacy. For example, from their privacy + policy: "When you use our + services or view content provided by Google, we automatically collect + and store certain information in server logs. This includes: details + of how you used our service, such as your search queries.". Then, it + was Yahoo, which isn't better: "The Yahoo Search History tool allows + you to see what you've searched for in the past. ". So it saves all + your searches. And deleting does nothing: "Even if you clear your + past searches or turn the Search History tool off, Yahoo still + collects and stores search user log data when you use Yahoo Search + technology." Firefox 57 is going back to Google again. If they really + cared about your privacy, the default search engine would be + StartPage (which gives the same results as Google, but anonymized) or + DuckDuckGo. Can be changed through the GUI. +

+ + +

Pocket - a privacy nightmare

+ Firefox has a Pocket button in its navigation bar, which allows you + to "save any article, video or page from Firefox" and "View in Pocket + on any device, any time." Let's see how it looks in terms of privacy + - quoting from Pocket's privacy policy^[3]: + + "In addition to the information that you provide to us when you + register for a user account, we collect information about the URLs, + titles and content of the web pages and other information you save to + Pocket." So everything you conveniently put in "your" Pocket is + being stored (of course, otherwise Pocket wouldn't work). "The types + of information we collect includes your browser type, device type, + device id, time zone, language, and other information related to the + manner in which you access the Pocket Technologies. " So anytime you + view a file in "your" Pocket, they know everything about the device + you used to do it. "We may also use "pixel tags," "web beacons," + "clear GIFs" or similar means (individually or collectively "Pixel + Tags") in connection with emails that we send to our users in order + to collect usage data." So, they are acting like any old tracking + website, even in ways that have nothing to do with their + functionality. "We may also share your device ID with third parties + in connection with advertising campaigns. " And they work with + advertisers too! Describing all of Pocket's + violations would take up this whole article. There are similar services with better privacy policies, but in the end, they still store the things you view in "the cloud". A real privacy-based browser would not be integrated with them by default. +

+ Can be disabled in about:config^[8] +

Automatic updates

+ Not that bad compared to all of the above, I guess - but still + installs something without your consent, with possible new privacy + nightmares in there. There is no excuse to at least not make "Check for updates, but + let me choose whether to install them" the default - it would still + give the security benefit, but not take control away from the user. + Can be disabled through the GUI. +

+ +

Other issues

+ Firefox also sometimes makes a request to "self-repair.mozilla.org" which looks like this: +
+ It includes "optimizelyEndUserID" which probably means it + uniquely identifies you. Can be disabled ONLY in about:config.^[7]
+ It also makes this request every time you open the default home page: +
+ The number after the Firefox version is, again, uniquely + identifying^[4] Can be disabled ONLY in about:config. +
+ Firefox has a file with list of blocked addons that it considers "malicious" and it makes a request to update it every day (even if you don't have any addons installed). The request includes a uniquely identifying browser installation ID. Can be disabled ONLY in about:config. + +

+ +

Firefox phones home about almost every single interaction you have with its UI

+ Firefox will send information about almost every basic operation that you do back to Mozilla. This is tagged with a unique client ID and an ID for your current session, and any relevant information related to this action. + By default, the following uses of the UI are reported to Mozilla^[5]: +

Performing a search
Clicking a top site item
Deleting an item from history
Blocking a site
Bookmarking a link
Removing a bookmark from a link
Opening a link in a new window
Opening a link in a new private window
Opening the new tab preferences pane
Closing the new tab preferences pane
Acknowledging a section disclaimer
Adding or editing a new TopSite
Requesting a custom screenshot preview
Session end
Impression stats
Click/block/save_to_pocket ping
Addon initialization failure
Domain affinity calculation

+ Essentially, while this feature doesn't broadcast your search history to Mozilla, it proives an incedibly detailed walktrhough of exactly how you use Firefox's user interface. This can be disabled and is an opt-out spyware feature. You can disable it through the GUI as described here: + Share data with Mozilla to help improve Firefox + [web.archive.org] + [archive.fo] +

Mitigating Firefox Spyware

+This reveiew is also accompanied by a page about how to configure Firefox to be more privacy respecting, and links to other projects that have been created to solve this +problem. You can read about that here. These are some of the flags in about:config mentioned earlier in the article, and the values that +they should be set too: +

+ + + + + + + + + + + + + + + + + + + + + + + + + +

Spyware Feature	about:config flag	about:config value	Source
Phoning home	network.captive-portal-service.enabled	False	Turn off captive portal + [archive.is]
Self-Repair	browser.selfsupport.url	""	How can I stop firefox from constantly connecting to self-repair.mozillia.org + [archive.is]
Pocket	pocket.enabled	False	Disable Pocket in Firefox + [archive.is]

Credits

+ This article was originally written by digdeeper.neocities.org
+ Formatting changes and some sections were written by the site maintainer.
+ Other Anonymous contributors have added pther sections and various changes to this article, as well. +

Sources

+ 1. + Google Analytics is used to track users + [web.archive.org] + [archive.li] + [via.hypothes.is]
+ + 2. + FAQ for FHR + [web.archive.org] + [archive.li]
+ + 3. + Pocket Privacy Policy + [web.archive.org] + [archive.is]
+ + 4. + Snippets Service Data Collection + [web.archive.org] + [archive.li]
+ + 5. + Metrics we collect + [web.archive.org] + [archive.li]
+ + 6. + Turn off captive portal + [archive.is]
+ + 7. + How can I stop firefox from constantly connecting to self-repair.mozillia.org + [archive.is]
+ + 8. + Disable Pocket in Firefox + [archive.is]
+ +

+ This article was last edited on 1/13/2019 +

+ This article was created on 11/23/2017 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/foobar2000.html b/articles/foobar2000.html new file mode 100644 index 0000000..3c73d8c --- /dev/null +++ b/articles/foobar2000.html @@ -0,0 +1,24 @@ + + + + + + Spyware Watchdog + + +

Foobar 2000

Back to catalog

+Foobar2000 is an advanced freeware audio player for the Windows platform. +

Spyware Level: Not Rated

+Foobar2000 does not make it's source code availible, which could be hiding spyware features. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/ftp.html b/articles/ftp.html new file mode 100644 index 0000000..bec6850 --- /dev/null +++ b/articles/ftp.html @@ -0,0 +1,27 @@ + + + + + + Spyware Watchdog + + +

File Transfer Protocol

Back to catalog

+FTP is a protocol used for transferring files over a computer network. +

Spyware Level: Not Spyware

+FTP does not collect any information than the absolute minimum needed to provide its service. As such you could say that FTP's information is only incidental to the service it provides. So, FTP is not a spyware protocol. You are only giving up your IP address, which of course is required can be hidden through proxies. FTP requires you to uniquely identify yourself as a user of a system to use its access control features, but beyond that it does not ask you for unncessary information about your computer, unlike the HTTP protocol. +

+ This article was last edited on 5/26/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/google.html b/articles/google.html new file mode 100644 index 0000000..7a75915 --- /dev/null +++ b/articles/google.html @@ -0,0 +1,51 @@ + + + + + + Spyware Watchdog + + +

Google

Back to catalog

+Google is an advertising company that produces and researches a huge amount of spyware products and services that permeate +the internet almost entirely. It is almost impossible for the naieve user to use the internet without running into Google +spyware, as they have deployed products on almost every level of the user's interaction with the internet infrasturcture. +

Technology

+The following articles on this website have been written about technology created by Google: +

+ Google Chrome
+ Google Search
+ YouTube
+

Privacy Statements and Policies

+The following documents are an incomplete list of policies Google uses for it's various products and +services when concerning user privacy. +

+ Google Privacy policy + [web.archive.org] + [wayback.vefsafn.is] + [archive.li]
+

Google Search

+ Back to catalog
+ Spanish Translation [qorg.xyz]
+ Turkish Translation
+

+Google Search is a search engine created and owned by Google. +

Spyware Level: EXTREMELY HIGH

+Google Search collects your personal information and is heavily integrated with other services that collect your personal information. +Google's privacy policy^[1] is written in a way that does not tell you which Google services are +collecting which types of information, and instead ties all of its services into one privacy policy. So the best that can be done is +to assume that by using any of Google's services at all, Google is trying to obtain all of the information detailed. +

+It's also important to note that this article only exists to provide a basic run-down on Google's spying, and is just here for completeness. It +does not at all represent the full extent of Google's breaches of privacy, just because it is not really a secret to anyone that Google collects +your information, so it is really not trying to be very detailed because it would not say anything new. +

Google Search records your searches

+ Searches made using Google Search are associated with your identity and recorded in Google's servers. From the + privacy policy^[1], Google makes it clear that: +

+ "We collect information about the services that you use and how you use them" +

+ Where "collect information" is clearly stated^[2] as such: +

+ "This includes information like your usage data and preferences, Gmail messages, G+ profile, photos, videos, browsing history, map searches, docs, or other Google-hosted content. Our automated systems analyze this information as it is sent and received and when it is stored. +

+ Google also confirms again that it stores your searches in its servers, in this quote: +

+ "When you use our services or view content provided by Google, we automatically collect and store certain information in server logs. + This includes: details of how you used our service, such as your search queries." +

Google uses your searches to build a profile of your interests, which is sold to advertisers

+ In this page of Google's privacy policy^[2], Google confirms that + they create profiles of their users interests: +

+ "For example, we may use...information in your web history cookies to provide you with more relevant search results." +

+ It's important to note that Google does not think that your search history is personal information, as long as it is not attached to your name. + It does share this information with advertisers, as long as it is "not identifiable": +

+ "We may share non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services." +

Google Search is integrated into the "Google Accounts" spyware platform.

+ Google search allows you to sign-in using an account made on the Google Accounts spyware platform. This platform + exists to collect personal information, and connects its users to other spyware services in the Google ecosystem. + It attempts to collect phone numbers, and helps Google attribute the information it collects though all of its services + to one user, increasing the accuracy of their internal profile of you. +

Sources

+ 1. + Google Privacy policy + [web.archive.org] + [wayback.vefsafn.is] + [archive.li]
+ 2. + Google collect information + [archive.li]
+

+ This article was last edited on 12/12/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/google_search_es.html b/articles/google_search_es.html new file mode 100644 index 0000000..34c0ecd --- /dev/null +++ b/articles/google_search_es.html @@ -0,0 +1,64 @@ + + + + + + Spyware Watchdog + + +

Buscador de Google

+Back to catalog (English)
+ Back to catalog (Spanish)
+English Version
+Turkish Version
+

El buscador de Google es un motor de busqueda creado y mantenido por Google

Nivel de spyware EXTREMADAMENTE ALTO

El buscador de Google recolecta tu información personal y está altamente integrado con otros servicios que también recolectan tu información personal. En la política de privacidad de Google^[1] está escrita de mandera que no dice que tipos de información recolectam por lo que miente. Así que lo mejor que puedes hacer, es afirmar que cada vez que usas un servicio de Google es saber que está haciendo lo posible para obtener toda tu información.

+ +

También es importante remarcar que este artículo solo da una mínima visión de lo que espía Google. Por lo que no muestra todo detalladamente.

Google recuerda tus búsquedas

Las búsquedas hechas en Google estan asociadas a tu identidad y guardada en servidores de Google. La política de privacidad^[1]indica:

+ Recolectamos información sobre los servicios que usas y como los usas +

Donde "Recolectamos información" indíca^[2]

+ "Esto incluye informacion como tu uso de datos y preferencia, mensajes de Gmail, perfil de Google+, fotos, vídeos, historial de navegacion, búsquedas de mapas, documentos, o otro servicio dado por Google. Nuestros sistemas automatizados automaticamente analizan esta información cuando son almacenadas". +

Google confirma nuevamente que almacena información de búsqueda en sus servidores, en esta cita:

+ "Cuando usas o vez un servicio que da Google, nosotros automaticamente recolectamos y almacenamos informacion en nuestros registros. Esto incluye: Detalles de como usas nuestro servicio, como tus búsquedas +

Google usa tus búsquedas para crear un perfil basado en tus intereses, el cual es vendido a anunciadores.

En esta página de la política de privacidad de Google^[2]Google confirma que crea perfiles de sus usuarios.

+ "Por ejemplo, usaremos está informacion: ... en cookies de tu navegador para proporcionar resultados de busqueda mas relevantes +

Es menester hacer hincapié en que a Google no le interesa si tu historial de busquedas contiene información personal, a menos de que tengan tu nombre. Se vende información a anunciadores hasta que no "Sean identificables":

+ "Posiblemente compartamos información no personal (Que sea identificable) con nuestros compañeros - como publicistas, anunciantes o sitios conectados. Por ejemplo, posiblemente compartamos tu informacion para crear estadísticas de nuestros servicios +

El buscador de Google está vínculado con las "Cuentas de Google"

Google te permite iniciar sesión con una cuenta de Google (Que es spyware). + Esto permite a Google recolectar mas información. Y conecta a los usuarios con otros servicios de Google. Estas cuentas intentan recolectar el numero telefónico. y ayuda a Google completar la información de un usuario a travez de todos sus servicios

Mas

+ Why Google's Spying on User Data Is Worse than the NSA's
+ Reasons not to use Google
+

Fuentes

+ 1. + Google Privacy policy + [web.archive.org] + [wayback.vefsafn.is] + [archive.li]
+ 2. + Google collect information + [archive.li]
+

+ This translation was created on 1/14/2019
+ Please keep this in mind when reading! It may become outdated in the future. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/google_search_tr.html b/articles/google_search_tr.html new file mode 100644 index 0000000..5250728 --- /dev/null +++ b/articles/google_search_tr.html @@ -0,0 +1,128 @@ + + + + + + Spyware Watchdog + + +

Google Arama

+ Kataloga dön
+ İspanyolca Çeviri [qorg.xyz]
+ English Version
+

Google Arama tarafından oluşturulan ve yönetilen bir arama motorudur. +

Casus Yazılım Seviyesi: AŞIRI FAZLA

Google Arama kişisel bilgilerinizi toplar ve sizin kişisel +bilgilerinizi toplayan diğer hizmetlerle de ilişkilidir. Google'ın +gizlilik politikası^[1] is size hangi +Google hizmetinin ne tür bilgileri topladığını belirtmez, bunun +aksine bütün hizmetleri tek bir gizlilik politikasına bağlı. Bu +nedenle yapılabilecek en iyi şey, Google’ın hizmetlerinden +herhangi birini kullanarak Google’ın ayrıntılı tüm bilgileri +edinmeye çalıştığını var saymaktır.

Ayrıca, bu makalenin yalnızca Google’ın +casusluğuyla ilgili temel bir rapor +sağlamak ve bunun tamamlayıcılık +açısından var olduğunu belirtmek önemlidir. +Bu yazı Google’ın gizlilik ihlallerini tam olarak yansıtmamakta, +çünkü Google’ın sizin hakkınızda bilgi topladığı gerçeği +kimse için bir sır değil, dolayısıyla bu yazı da ayrıntılı +olmaya çalışmamakta çünkü söylenecek yeni bir şey mevcut +yoktur.

Google Arama aramalarınızı kaydediyor

Google Arama kullanılarak yapılan aramalar kimliğinizle +ilişkilendirilip Google’ın sunucularına kaydedilmektedir.. +Gizlilik politikasından görüldüğü gibi^[1], +Google bu durumu netleştirmiştir: +

"Kullandığınız hizmetler ve bu hizmetlerin nasıl +kullandığınıza dair bilgi toplamaktayız" +

“Bilgi toplama” da şu şekilde açıklığa kavuşturulmuştur^+[2]: +

"Bilgiler kullandığınız veri ve tercihleriniz, Gmail +mesajlarınız, G+ profiliniz, fotoğraflarınız, videolarınız, +tarama geçmişiniz, harita +aramalarınız, belgeleriniz, ve diğer Google tarafından yönetilen +içerikleri bulundurmaktadır. Otomatikleştirilmiş sistemlerimiz bu +bilgiyi gönderilip alındığı gibi ve saklandığı zamanı da +içerecek şekilde analiz etmektedir. +

Google şu cümlesinde de sunucularında aramalarınızı +sakladığını onaylamaktadır : +

"Hizmetlerimizi kullandığınız veya Google +tarafından sağlanan içeriği görüntülediğiniz zaman, +otomatik olarak kesin bilgiyi toplayıp sunucu kayıtlarımızda +saklıyoruz. Bu neyi içerir: arama +kayıtlarınız gibi bizim hizmetlerinizi ne kadar +kullandığınıza ilişkin detaylar." +

Google, reklamcılara satılmak üzere +aramalarınızı ilgilerinize dair bir profil çizmek için +kullanıyor

Google’ın gizlilik politikası ile ilgili bu sayfasında ^[2], +Google kullanıcıların ilgisine göre onların profilini +oluşturduğunu kabul etmektedir: +

"Örnek olarak, web geçmişi çerezlerinizdeki… +bilgilerinizi size daha alakalı sonuçlar sunmak amacıyla +kullanabiliriz." +

Şunu altını çizmek gerekir, Google isminize +ilişkilendirilmediği sürece arama +geçmişinizin kişisel bilgi olduğunu düşünmez. Bu +bilgiyi reklamcılarla olabildiği ölçüde “tanımlanmamış” +olarak paylaşır: +

"Tanımlanmamış kimlikli bilgiyi açık şekilde veya +yayıncı, reklmcı veya bağlı siteler gibi ortaklarımızla +paylaşabiliriz. Örnek olarak, hizmetlerinizin genel kullanımına +ilişkin trendleri açık olarak göstmer için bilgiyi paylaşırız." + +

Google Arama “Google Hesaplar” casus yazılım +platformuna bağlıdır.

Google arama Google hesaplar casus yazılım platformuyla +oluşturulmuş hesap ile giriş yapmanıza izin verir. Bu platform +kişisel bilgi toplamak için vardır ve kullanıcılarını Google +ekosistemindeki diğer casus yazılım hizmetlerine bağlar. Bu +sistem telefon numaralarını toplama girişiminde bulunur ve +Google’a bu bilgiyi bütün hizmetlerinde tek bir kullancı üstünde +bilgi toplayabilmesi için verir, böylelikle onların size dair +oluşturduğu iç profilin kesinliği artar. +

Daha Fazla Okuma

Neden +Google’ın Kullanıcı Verisi Üstündeki İzlemesi NSA’inkinden +Daha Beter?
+Google’ı +kullanmamak için nedenler +

Kaynaklar

1. Google +Gizlilik Politikası [web.archive.org] +[wayback.vefsafn.is] +[archive.li]
+2. Google +bilgi toplama [archive.li]

Bu makale en son 12/2/2018’de düzenlendi +

Eğer bu makaleyi düzenlemek veya kendi makalenizle katkıda +bulunmak istiyorsanız, spyware@aaathats3as.com +adresime e-posta atabilirsiniz. Bütün katkılar kabul için CC0 +lisansı altında lisanslanmak zorundadır. +

This article was translated from english on 4/8/2019. Check the dates of the english article with this one in case any changes have been made. +This translation might become outdated in the future.

+ + diff --git a/articles/gzdoom.html b/articles/gzdoom.html new file mode 100644 index 0000000..17d05a4 --- /dev/null +++ b/articles/gzdoom.html @@ -0,0 +1,38 @@ + + + + + + Spyware Watchdog + + +

GZDoom

Back to catalog

+GZDoom is a source port of Doom based on an older source port, ZDoom. +

Spyware Level: Low

+GZDoom contains telemetry that it reports back to the developers containing general information about your Operating System, CPU Cores, and OpenGL compatiblity.^[1]. +GZDoom's developers do not seem to be very good at handling privacy concerns (After all, if this was privacy-concious, it would be opt-in...) and so if you decide to use this program, you +should make sure to compile it with the telemtery disabled, and you should make sure that this is the only spyware in the program- there may be more spyware implemented in the future. +

Sources

+ 1. + GZStats: A quick rundown + [web.archive.org] + [archive.is]
+

+ This article was last edited on 5/30/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/hexchat.html b/articles/hexchat.html new file mode 100644 index 0000000..3206caa --- /dev/null +++ b/articles/hexchat.html @@ -0,0 +1,25 @@ + + + + + + Spyware Watchdog + + +

Hexchat

Back to catalog

+HexChat is an IRC client based on XChat, but unlike XChat it's completely free for both Windows and Unix-like systems. +

Spyware Level: Not Spyware

+Hexchat is not spyware in and of itself, however you can use it to connect to services that may be spyware. Hexchat is also dstributed on spyware platforms such as the windows store. If you want to download Hexchat, download it from the developers website instead of the windows store. +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/http.html b/articles/http.html new file mode 100644 index 0000000..88ab561 --- /dev/null +++ b/articles/http.html @@ -0,0 +1,84 @@ + + + + + + Spyware Watchdog + + +

HyperText Transmission Protocol

Back to catalog

+HTTP is a protocol usually used for transferring HyperText Markup Language documents accross the internet. +

Spyware Level: Medium

+HTTP is a protocol that is not designed with the privacy of its users in mind. The language used in the HTTP specification explicitly says that +the protocol was designed with enabling the datamining of its users in mind, and contains features that are not absolutely necessary for the purpose of the +protocol, but allow the protocol compromise user privacy. +

"User-Agent" Datamining feature

+ Section 14.43^[1] of the HTTP specification details the "User-Agent" + spyware feature of the protocol that, when implemented, will attach information about your computing enviroment that can be used to track you. + The biggest danger of the User-Agent spyware is that there is no way to anonymously opt-out of this- even if you do not provide a user-agent, + because almost everyone else does, you will be tracked by the fact that you do not provide that information. There are many strategies + to mitigate this spyware, with only varying levels of success, but the problem is that this is the acceptable standard of how HTTP is used- + and not the forgotten feature that it should be. Not only does the User-Agent feature collect this unncessary information, its purpose is explicitly + stated in the protocol specifications to aid in datamining. +

+ "The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. " +

Acknowledgement of HTTP's privacy problem

+ In the HTTP specification, the W3C explicitly acknowledges the serious privacy violations that implementations of this protocol are capable of comitting. + Section 15.1^[2] of the HTTP specification has a very detailed analysis of + the implications of the comprimization of privacy that the User-Agent spyware allows to happen and suggests how to use the User-Agent feature: as an opt-in + feature where the privacy concerns of using such a feature are properly explained to the user. Even though this is a good section, it shows a very naieve + viewpoint from the W3C- the expectation that this feature would not be abused, and the expectation that implementers of this standard would respect the + privacy of their users and would not use these features of the protocol to datamine users. +

+ At best, you could call this mindset naieve. Or, you could call it negligent. If you want to hold the W3C in contempt, you could call it malicious. + It's easy to write in your standard that while you could use this protocol to monitor the behavior of users, you should ask for their permission. + But once that standard is widely implemented, and is widely used for the exact malicious purpose that was acknowledged in its specification, who's + fault is that? +

+ +

Sources

+ 1. + Section 14 of the HTTP/1.1 Specification + [webarchive.loc.gov] + [web.archive.org] + [archive.is] + [webarchive.nrscotland.gov.uk] + [www.webcitation.org] + [arquivo.pt] + [veebiarhiiv.digar.ee] + [webarchive.proni.gov.uk]
+ + 2. + Section 15 of the HTTP/1.1 Specification + [webarchive.loc.gov] + [web.archive.org] + [archive.is] + [webarchive.nrscotland.gov.uk] + [arquivo.pt]
+ +

+ + +

+ This article was last edited on 5/14/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/icecat.html b/articles/icecat.html new file mode 100644 index 0000000..050ea1e --- /dev/null +++ b/articles/icecat.html @@ -0,0 +1,44 @@ + + + + + + Spyware Watchdog + + +

GNU IceCat

Back to catalog
+ Spanish Translation

+ +

+GNU IceCat is a web browser that is a fork of Firefox. +

Spyware Level: Not Spyware

+GNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. IceCat 60 makes no unsolicited connections when you run it. Previous versions had privacy problems, but version 60 doesn't have these problems. You can read about the previous version here: IceCat 59 Review +

IceCat's privacy features

+ From gnu.org: +

LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.
Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.
AboutIceCat: Adds a custom "about:icecat" homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.
Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.

+ As of writing this the information on gnu.org is a little outdated. Read this for the most up to date look at it: + GNUzilla - News: IceCat 60.2.0 Pre-release +

+ This article was last edited on 9/18/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/icecat59.html b/articles/icecat59.html new file mode 100644 index 0000000..fcecea3 --- /dev/null +++ b/articles/icecat59.html @@ -0,0 +1,54 @@ + + + + + + Spyware Watchdog + + +

GNU IceCat (v59)

Back to catalog

+GNU IceCat is a web browser that is a fork of Firefox. +

Spyware Level: Low

+GNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. However it still contains a lot of the spyware features found in Firefox. So, while it's better than Firefox, it still has a lot of problems that Firefox has. +

This article is about an older version of Icecat (v59), and not the current verison. (anything v60 and higher)

Phoning Home

+ Even though IceCat has better privacy features out of the box than Firefox, it still phones home by default to GNU, Mozilla, and Google. + So, while it claims to respect your privacy, it doesn't take steps to stop spyware features like this. +

IceCat's privacy features

+ From gnu.org: +

LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.
Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure.
SpyBlock: Blocks privacy trackers while in normal browsing mode, and all third party requests when in private browsing mode. Based on Adblock Plus.
AboutIceCat: Adds a custom "about:icecat" homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites.
Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.

Sources

+ 1. + Dig Deeper + [original image link]
+

+ +

+ This article was last edited on 6/21/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/icecat_es.html b/articles/icecat_es.html new file mode 100644 index 0000000..45c6f53 --- /dev/null +++ b/articles/icecat_es.html @@ -0,0 +1,43 @@ + + + + + + Spyware Watchdog + + +

GNU IceCat

Back to catalog (English)
+ Back to catalog (Spanish)
+ English Translation

+ +

+GNU IceCat es un navegador web, derivado de Firefox. +

Nivel de Spyware: No es spyware

+ +

GNU IceCat es una derivación de Firefox que es mas seguro y privado que Firefox, contiene muchas características que protegen la privacidad del usuario. IceCat 60 No hace conexiones no solicitadas cuando lo abres. La versión anterior tuvo problemas, pero la versión 60 no parece tener estos problemas. Puedes leer sobre la versión anterior Icecat 59 [English]

Características de privacidad de IceCat

+ +

Fuente: gnu.org

LibreJS: Gnu LibreJS apunta al "Problema de JavaScript" descrito por el artículo de Richard Stallman "The JavaScript Trap."
HTTPS-Everywhere: Extensión que encripta tu comunicación con muchos sitios web, haciendo tu navegación mas segura.
AboutIceCat: Añade una propia página de inicio "about:icecat" en la que puedes habilitar y deshabilitar opciones de privacidad
Contramedidas de "Fingerprinting": "Fingerprinting" es una serie de técnicas que permiten identificar a un navegador con características especificas (Como las fuentes instaladas en tu máquina) a diferencia de las cookies, el usuario no puede borrarla.

Este articulo ha sido escrito (Y traducido), la información de gnu.org puede estar desactualizada, Lee esto para más información +

+ This article was translated on 1/31/2019
+ This translation might become inaccurate in the future. Compare the dates of the English and Spanish articles if you aren't sure. +

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/index.html b/articles/index.html new file mode 100644 index 0000000..06f7371 --- /dev/null +++ b/articles/index.html @@ -0,0 +1,95 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project Article Catalog

+ Back to Home
+ Spanish Catalog
+ Unfinished Articles
+

+All of the articles on this website are available here! If you want to edit any of these articles, or contribute your own articles, email me at spyware@aaathats3as.com +

+ +

Web Browsers

+ Comparison between web browsers

+ SRWare Iron
+ Slimjet
+ Google Chrome + [Spanish]
+ Opera
+ WebDiscover
+ Mozilla Firefox + [Mitigation Guide]
+ Vivaldi
+ Internet Explorer
+ Dissenter
+ Waterfox
+ Brave
+ Pale Moon + [Mitigation Guide]
+ Sphere Browser
+ Iridium Browser + [Mitigation Guide]
+ GNU IceCat + [Spanish]
+ Falkon
+ Otter Browser
+ Qutebrowser
+ Ungoogled Chromium
+ Tor Browser
+ +

Online Content Platforms

+ Snapchat
+ Instagram
+ YouTube
+ +

Messaging Clients/Services

+ Discord + [Spanish]
+ Mozilla Thunderbird
+ Telegram
+ Hexchat
+ + +

Search Engines

+ Google Search + [Spanish] + [Turkish]
+ Bing
+ Yahoo
+ DuckDuckGo + [Spanish]
+ +

Video Games

+ Steam
+ Red Shell
+ Unity
+ Razer + [Spanish]
+ Kerbal Space Program
+ GZDoom
+ +

Media Players

+ RealPlayer
+ iTunes
+ + VLC Media Player
+ +

Other

+ CCleaner
+ PowerISO
+ CDex
+ Paint.NET
+ HyperText Transmission Protocol
+ File Transfer Protocol
+ + + + \ No newline at end of file diff --git a/articles/index2.html b/articles/index2.html new file mode 100644 index 0000000..65c15cd --- /dev/null +++ b/articles/index2.html @@ -0,0 +1,36 @@ + + + + + + Spyware Watchdog + + + +

Online Spyware Classification Project Unfinished Article Catalog

+ Back to Home
+ Main Catalog
+

+This is a catalog of all of the articles that are currently works-in-progress. The articles here are either unfinished, or not accurate and need to be edited before they can be added to the normal catalog. If you want to edit any of these articles, or contribute your own articles, email me at spyware@aaathats3as.com. These articles need the most help, so feel free to contribute! +

The requested articles file also has a list of articles that have been requested, and the state of those + requests.

+ uTorrent
+ + Nvidia Drivers
+ + 1password
+ Foobar 2000
+ Comparison between web browsers
+ + Example Article
+ Classification Guide
+

+ + + + \ No newline at end of file diff --git a/articles/index_es.html b/articles/index_es.html new file mode 100644 index 0000000..4264ffd --- /dev/null +++ b/articles/index_es.html @@ -0,0 +1,34 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project Spanish Article Catalog

+ Back to Home
+ English Catalog
+ Unfinished Articles
+

+This is a catalog of all of the Spanish articles on this site. Some of these articles are translations of other English articles on the site and some +are only in Spanish. Thanks to one very helpful contributor, these articles have been translated. If you know English and Spanish, and want to make +this catalog larger, consider translating an article, or writing your own articles, in Spanish. It would be very much appreciated. +

+If you want to edit any of these articles, or contribute your own articles, email me at spyware@aaathats3as.com +

All Articles

+ Razer
+ Google Chrome
+ GNU IceCat
+ Discord
+ Google Search
+ DuckDuckGo
+ + + + \ No newline at end of file diff --git a/articles/instagram.html b/articles/instagram.html new file mode 100644 index 0000000..fdad90a --- /dev/null +++ b/articles/instagram.html @@ -0,0 +1,104 @@ + + + + + + + Spyware Watchdog + + + +

Instagram

Back to catalog

+Instagram, developed by Facebook is designed to be a free smartphone app that allows users to post pictures and videos to a feed, much like any micro-blogging platform. It is popular among teenagers and millennials. In fact businesses are now getting into the Instagram scene and creating their own Instagram profiles. +

Spyware Level: EXTREMELY HIGH

+Instagram is spyware because it identifies you with EXIF data, and demands direct access to excessive amounts of personal information that has nothing to do with the +service it provides.

+ +

It Logs Your GPS Locations from EXIF Data In Your Photos

+Whenever a user takes a picture on a modern smartphone, GPS Coordinates are stored in a photos. This is setting that one can easily turn off. However, many users don't even realize their phone is doing so. Instagram takes advantage of that. It will scan through all of the user's photos and look for this EXIF Data^[1]. When it does, it logs the GPS Coordinates into a database. This database shows exactly where the user has been and what pictures they have taken. The only way to turn this off is to turn off EXIF tags on your camera (You should turn it off due to the numerous privacy issues that emerge from EXIF data). +

+ +

It Demands Too Many Permissions and Punishes The User for Denying It Permissions

Instagram is pretty demanding when it comes to permissions. When I tested the app on my spare Android Phone, it wanted access to:

Phone owner's full name
Phone Contacts
Phone calendar
Send and receive SMS Messages (Which may cost money)
All files on phone and files on MicroSD card
Phone camera
Phone microphone
Identifying device information: IEMI number, carrier, SIM status, phone number
Control phone vibrator motor

Denying the app access to: the phone owners full name, contacts stored on the phone, the phones calendar, permission to send and receive SMS messages, and identifying device information resulted in annoying nags containing some excuse as to why they would they would like access to said permission.

However, if you deny it access to: All files on the phone and MicroSD card, phone camera, phone microphone, and phone vibrator motor, the app will punish the user by disabling various features in the app that will most likely operate just fine with that permission denied.

+ + +

Instagram Owns Any Content You Post on Their Service

Many users think that when they upload photos to Instagram, they retain all rights or it becomes public domain. This is far from the truth. When you upload a photo to Instagram. Instagram gains all rights to your work and they can anything they want to it^[2]. Since most users don't bother reading the terms of service, they are ignorant of this and will often use the work they uploaded to Instagram on other platforms; doing so is against international copyright law treaties. Basically, the user is breaking copyright laws for simply using their own work they posted to Instagram on other platforms

+ +

You Must Provide a Telephone Number or Email Address to Sign Up

In order to sign up for the app, you must provide either a telephone number or an email address. You will not be allowed to create an account if you don't provide a either one. This is obviously a method Instagram to uniquely identify you.

If you provided Instagram with a cellular telephone number and uninstalled the app, you will get constant nags to "see whats new on Instagram". Fortunately these nags will go away after about a month, and can be blocked by simply blocking the number

+ +

It Broadcasts What You Do In The App To Other Users

Introduced in January 2018, Instagram sports a new spyware feature that broadcasts what you doing in the app to anyone that DMs you in the app^[3]. But, it goes further, it reportedly also broadcasts what comments you read and what photos you like in the app. On microblogging platforms like Instagram, the majority of users like their actions to be private. A lot of users have complained about this feature and they stated that the feature is here to stay. Also, there is no way to disable this feature either.

+ +

It Might Spy in On Your Conversations

In September of 2017 users started reporting ads appearing on their Instagram feed that they spoke to another person about and never once looked it up online. While Instagram is known to use super cookies (cookies that can hop to different computers on a network and use certain techniques to avoid being deleted), this is next level. A person conducted a test where on a hike they randomly mentioned a projector^[4]. Before this hike they showed no interest in projectors. They than give Instagram about 15 hours and when the person checked their feed the next morning, there was an ad for a projector. Sadly, this is overwhelming proof that Instagram is indeed listening in. Of course, when questioned by various news outlets, Instagram said they never did this, despite their being overwhelming evidence that they are indeed tapping users microphones.

+ + +

Sources

+ +

+ 1 + Make Use Of - Ways Instagram Is Spying on You + [archive.is] + [archive.org] +
+ + + + 2 + Instagrams TOS + [archive.is] +
+ + + + 3 + HelloGiggles Article on the New DM feature + [archive.is] +
+ + + 4 + Instagram Listens In + [archive.is] +
+

+ + + +

+ This article was last edited on 2/24/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + + diff --git a/articles/iridium.html b/articles/iridium.html new file mode 100644 index 0000000..25e01bc --- /dev/null +++ b/articles/iridium.html @@ -0,0 +1,84 @@ + + + + + + Spyware Watchdog + + +

Iridium Browser

Back to catalog
+ Mitigation Guide

+ Iridium is a privacy-based fork of Google Chrome. From their website: "All modifications enhance the privacy of the user and make sure that the latest and best secure technologies are used. Automatic transmission of partial queries, keywords and metrics to central services is prevented and only occurs with the approval of the user." Unlike other browsers of its kind, this one is fully featured (has all the addons that are available for Chrome), and so is recommended for everyday usage. +

Spyware Level: Low

+ After following the mitigation guide, this software is Not Spyware. +

+ The only unsolicited request is for the Google SafeBrowsing feature, and can be easily turned off from the Preferences menu. Additionally, privacy enhancements unrelated to Google are added, such as blocking third party cookies by default, and deleting local storage on close. Full list of the differences between Chrome and Iridium can be found here^[1]. However this list is not accurate and each claim it makes should be verified by the user. +

Phoning Home

+ Iridium browser will make these requests to Google to update a blocklist of websites for its SafeBrowsing feature: +

+ Iridium browser will also download this blocklist from a mirror maintained by the developers. Since the web browser is + awalys "phoning home" to either google or the developers servers, this is a form of spyware that can be used to monitor + usage of the program, as well as collection of the User-Agent's of the program's users. (See the HTTP article) + This request is made 5 miniutes after the program is started, and then updated every 30 miniutes. +

Inaccurate Privacy Claims

+ The Iridium developers make the claim that as one of the privacy enhancements of Iridium, it uses the Google SafeBrowsing spyware feature, but with their own mirror of Google's database, meaning that you can + use the feature without constantly phoning home to google, but instead phoning home to the developers, which, while still being a form of spyware, is an increase in privacy + for the user^[1]. At least it would be if this section was actually true. You can see that from the "Phoning Home" section of this article, this claim is simply + not true, which is very bad because it undermines the crediblity of the other privacy claims that Iridium makes. +

+ According to another writer, in his tests the browser would only connect to iridiumbrowser.de. So it is possible that this privacy claim is true for some versions of Iridium, + and false for other versions of Iridium. The version of Iridium that phones home to Google is Version 2018.4 for 64-bit Windows, tested on Windows 7, if you want to see this + for yourself. +

+ Not only is this privacy claim inaccurate, but a pull request^[2] has been open on the developers github for OVER A YEAR with no response from the development team. + It's pretty dissapointing to see such a privacy concerned front to this project, but then a negligent additude with longstanding privacy issues once you pull back the curtain + and look a little deeper at the claims this browser makes. +

+ +

Sources

+ + 1. + Differences between Iridium and Chromium + [web.archive.org] + [archive.is] + [via.hypothes.is]
+ + 2. + Still access to google safebrowsing servers + [web.archive.org] + [archive.is] +
+ +

+ + +

+ This article was last edited on 5/16/2018 +

+ This article was created on 5/5/2018 +

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/iron.html b/articles/iron.html new file mode 100644 index 0000000..b80c03c --- /dev/null +++ b/articles/iron.html @@ -0,0 +1,178 @@ + + + + + + Spyware Watchdog + + + +

SRWare Iron

Back to catalog

+SRWare Iron is a free web browser, and an implementation of Chromium by SRWare of Germany. +

Spyware Level: EXTREMELY HIGH

+SRWare Iron claims to be a privacy respecting web browser that is an alternative to Google Chrome's +spyware, and specifically brands itself as a privacy respecting web browser that aims to give users +the Chrome experience without Google's spyware. However when examining this program, these claims +instantly melt away. SRWare Iron connects to an absolutely incredible amount of trackers and opens +connections to an enormous amount of servers on it's first run. It racks up a rough estimate of +~400-500 unsolicited connections, and it actually took several minitues for it to stop making new +requests and connections. SRWare Iron uses the spyware search engine Bing as it's default search +engine, however it goes beyond that and routes your requests to Bing through it's own servers +so that it can spy on your internet searches as well. The bottom line is that this browser is just +another false privacy initiative and is really no better than Chrome. +

+Version 69.0.3600.0 of SRWare Iron was tested on Windows 7 64-bit. MITMproxy, Microsoft Network Montior 3.4, +and Sysinternals ProcMon were used to monitor the behavior of this program. +

False Privacy Initiative

+SRWare Iron claims on it's website that it is: +

+ "Chrome thrilled with an extremely fast site rendering, a sleek design and innovative features. But it also gets critic from data protection specialists , for reasons such as creating a unique user ID or the submission of entries to Google to generate suggestions. SRWare Iron is a real alternative. The browser is based on the Chromium-source and offers the same features as Chrome - but without the critical points that the privacy concern." + ^[1]

+The reality is that you are merely trading in one spyware product for another. Where Chrome's spyware has been removed, +Iron's spyware is there to replace it. Which poision are you going to pick? The worst part is that people will read what is +claimed on SRWare's website and beleive it without doing any tests for themselves. Like +this article +[web.archive.org] +that just copies the comparison-list from Iron's website without any real investegation before delcaring it a privacy alterantive to Chrome. +The most audacious thing about it is this incredible quote on the FAQ section for the Iron browser: +

+ "Can i really check that Iron doesn't submit any private data, how you say? Yes, you can. There are tools like Wireshark, which scan the whole network-traffic. We could not recognize any obvious activity. But you can proof this by yourself." + ^[2]

+Which is just an amazing gem in the context of what is actually found when running tests on the software. +

Massive amount of connections on first startup

+When you first start SRWare Iron, it will immediately open the following two pages: https://iron.start.me/us and +https://www.srware.net/en/software_srware_iron.php. The most offensive page is the start.me domain +which begins loading in an enormous amount of spyware from all over the internet. I did not count the specific amount of requests +but it was somewhere in the 400-500 range (my software doesn't provide a great amount of automation... or maybe i'm not using it +as well as I could). This image (at 1.06 MB- almost 1/4 of the size of the entire site as of writing!) +should give you an idea of the amount of requests I was swamped by. It took a while for it to die down. On subsequent runs the +amount of requests it sent was far less. It connected to spyware platforms like Google Analytics and Piwik, and executed their JavaScript payloads. +There were a lot of redundant connections to Google Analytics so it's probable that multiple companies are able to send their own +analytics payloads through this homescreen. Thus throughly fingerprinting and profiling your web browser and computer the moment you +begin browsing the internet with your new "privacy respecting" browser- so that all of these advertising companies can track you +everywhere you go! +

+ When checking the browser's connections in Network Monitor 3.4, you could see that it connected to a huge amount +of servers, even though only two domains were ever contacted.This screenshot doesn't caputre +all of the IP addresses that it connected, but should give you an idea. +

+And just so that there is no ambiguity, this notice is shown when you load this homepage: +

+ "We use cookies to personalise content and ads, to provide social media features +and to analyse our traffic. We also share information about your use of our site +with our social media, advertising and analytics partners who may combine it +with other information you’ve provided to them or they’ve collected from your +use of their services." +

+Just so that there is no doubt- you are being served tracking cookies by advertising companies. +

Redirecting of internet searches through developer's domain

+After you've finished identifying your web browser to just about every single spyware company on the internet, you can begin +making internet searches with your new SRWare Iron browser. The default search engine is the spyware search engine Bing. +However it's not enough to just point you at a spyware search engine... when you try and actually run a search on Bing, this is what happens: +

SRWare Iron redirecting through it's own servers

+Basically, every time you make a search with this browser, your searches are sent through the developer's servers. +So, the developer can know exactly what your internet history is, in this way. Your searches are also being sent through +wisesearches.com, but I don't know who they are. So now instead of giving up your search history to one +spyware company, Google, you can give it to three spyware companies, by switching to this browser. This is a very similar +tactic to the one that the spyware browser Slimjet uses, where it routes searches to +Bing through it's own domains. +

Motivations of the SRWare Iron developer?

+ If you dig deeper into how SRWare Iron was created, you can find some interesting information from some of the developers of + Chrome about the motivations behind the creation of this fork. More specifically this very interesting conversation:^[3] +

+ +<Kmos> Iron: why not contribute to it, instead of forking ? +<Iron> because i removed all privacy-related code +<Iron> e.g. RLZ +<Iron> and URL tracking every 5 seconds after start +<Iron> the original chrome is heavily communitating to google...i hate that +<jamessan> all of those are supposed to have options to disable them, iirc +<Iron> yes but they haven't options yet +<Iron> and nobody knows when the next beta is released +<jamessan> so work on getting the options added so they'll be there for the next release +<mgreenblatt> Iron.. why not propose a patch based on preprocessor defines that disables the sections you dislike without forking the code? +<mgreenblatt> (assuming such a thing doesn't already exist) +<Iron> because a fork will bring a lot of publicity to my person and my homepage +<Iron> that means: a lot of money too ;) +<Kmos> rotflol +<Iron> what means rotful? +<mgreenblatt> Iron.. you're a large corporation that can dedicate the time to support a fork of something as complicated as chromium? +<Kmos> Iron: google about it +<Iron> yes there is enough time to support it +<jamessan> heh, you're expecting to make lots of money from making a fork of chromium? that's quite amusing +<Iron> i dont take money for my fork +<Iron> but i have adsense on my page ;) +<Iron> a lot of visitor -> a lot of clicka > a lot of money ;) +<Kmos> and do you think google should support your fork +<Kmos> lol +<mgreenblatt> Iron.. it's always good to have dreams ;-) +<Iron> we are here in germany +<Iron> the press will love my fork +<Iron> i talked to much journalists already +<DrPizza> Why are you forking? +<DrPizza> to do what? +<Iron> to remove all things in source talking to google ;) +<jamessan> to get fame and fortune +<Iron> nobody here trusts google +<Iron> the german people say: google is very evil +<jamessan> yet you use google's adsense + +

+ So, this could explain a lot... the motivation for this web browser to exist was to monetize + privacy concerns by generating traffic to his website, where he could make money by serving spyware + to the very users that wanted to escape from it. Then his fork gets loaded up with all sorts of + spyware from all sorts of other companies... which he probably makes some amount of money from as well. + (why else would he take the time to integrate these things into his browser? we can only speculate.) + At the end of the day it's pretty clear that this browser is a huge scam and you shouldn't use it. +

Sources

+ 1. + SRWare Iron: The Browser of the future - Overview + [web.archive.org] + [archive.is]
+ 2. + SRWare Iron: The Browser of the future - Frequently asked questions + [web.archive.org] + [archive.is]
+ 3. + The story of Iron + [web.archive.org]
+

+ This article was last edited on 11/20/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/itunes.html b/articles/itunes.html new file mode 100644 index 0000000..20675d7 --- /dev/null +++ b/articles/itunes.html @@ -0,0 +1,89 @@ + + + + + + Spyware Watchdog + + +

iTunes

Back to catalog

+iTunes is a media player, media library, Internet radio broadcaster, and mobile device management application developed by Apple Inc. +

Spyware Level: EXTREMELY HIGH

+iTunes is a spyware music player developed by Apple that collects an enormous amount of information about its users. iTunes is riddled with numerous spyware features and types of information collection, and is integrated with Apple's spyware platforms. Apple is not subtle about its spyware- it explains what it does plainly and clearly, so there is no deception about the scope and level of privacy violations comitted by its software. +

Itunes is integrated into the Apple ID spyware platform

+Itunes is integrated with the "Apple ID" spyware platform, which it requires for you to use certain features of the app. +This spyware platform collects the following information from you^[1]: +

Name
Mailing address
Phone Number
E-Mail address
Credit card information

Phoning Home

+Whenever you open Itunes, these two requests are immediately made: +

+Here^[2] is a list of all of the domains that Itunes will connect too. +So, whenever you start up Itunes, you are immediately checked into the botnet. It's not clarified exactly what Itunes is +connected to for what reason. The only hint we have comes from this passage in the privacy policy^[1]: +

+ "We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising." +

+So, we can only assume that Itunes is collecting all of this information, or at least as much of it as it can get, from you and sending it back to apple. +

Apple sells your personal information

+Apple is very up-front about this in its privacy policy^[1]: +

+ "Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys." +

+So, there can be no illusion or mistake about what happens to the information you provide to Itunes- it will be sold to datamining companies. +

+ +

Sources

+ 1. + Apple Privacy Policy + [webarchive.loc.gov] + [web.archive.org] + [www.webcitation.org] + [webarchive.nrscotland.gov.uk] + [arquivo.pt] + [collection.europarchive.org] + [archive.is]
+ + 2. + About macOS, iOS, and iTunes server host connections and iTunes background processes + [web.archive.org] + [webarchive.loc.gov] + [archive.is]
+ +

+ + +

+ This article was last edited on 5/12/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/ksp.html b/articles/ksp.html new file mode 100644 index 0000000..c582512 --- /dev/null +++ b/articles/ksp.html @@ -0,0 +1,184 @@ + + + + + + Spyware Watchdog + + +

Kerbal Space Program

Back to catalog

+ Kerbal Space Program is a space flight simulation video game developed and published by Squad, and currently owned by Take-Two Interactive. +

Spyware Level: EXTREMELY HIGH

+ Kerbal Space program is a spyware program that mines large amounts of personal information of its users^[1]^[2], + to use for its own advertising, and to sell to other advertisers. On its face, it is a video game, but it is loaded with a huge amount of spyware that makes it completely unusable from a privacy standpoint. + If you MUST use this program, run it in a VM with no internet connection. KSP collects so much information, that it has managed to catapult itself into the highest ranks of + this webiste and can only be described as a uniquely malicious datamining platform. KSP at one point was integrated with the Redshell spyware platform.^[3]⁺

+ +

Kerbal Space Program collects vast amounts of personal information

+ +

+ KSP collects or attempts to collect or reserves the right to collect the following information about its users^[1]: +

+ +

First and/or last name
E-mail address
Phone number
Photo
Mailing address
Geolocation (physical location)
Payment information
Age
Gender
Date of birth
Zip code
Hardware configuration
Console ID
Software products played
Purchases
IP address
Systems you have played on
Other Information from integrated services
Other Information from social media

+ +

+ Anyone who is framiliar with privacy violating software can notice that compared to most spyware out there, this is a MASSIVE amount of personal information that is being collected. + It's further clarified that not only does this program collect all of your information, but it uses this information to build a unique profile of you by correlating that information + together. +

+ +

Kerbal Space Program is integrated with other spyware platforms

+ +

+ KSP is integrated with social networking websites such as Facebook^[1], which allows it to collect a lot of personal information about you from any sort of social media profile that you + have on that website. If you're wondering how it could collect your date of birth, gender and photo if the program doesn't explicitly ask you, this is probably how it does it. + When you give KSP access to your facebook account by logging in through spyware platforms such as Facebook, it collects as much information from your profile as it possibly can. This includes: +

+ +

Your profile picture
Your friends list
Your name

+ +

+ As well as all other information that KSP claims it collects in the previous section. As you can see, this feature is a way for KSP to collect huge amounts of your personal information, + which it does not show and restraint in collecting. +

+ Not only is KSP integrated with Facebook's spyware platfrom, but it is also integrated with other spyware platforms as well: +

+ "When you use a third-party authentication service or link your Company account with a third-party account, you will be asked to provide account information associated with that third-party account. Certain membership information may be transferred automatically to the Company when you register to join an Online Service from a third-party gaming network system or link your Online Service membership with a third-party service, such as your friends list on that gaming network or social network service." + ^[1]

+ "When you use Facebook Connect, OpenID or another multisite ID to log in to an Online Service, those ID services will authenticate your identity and provide you the option to share certain personal information with us to pre-populate our sign up form. Depending on your account settings, multisite IDs may also provide other information to us. Please check the terms of those services before using them to log into an Online Service." + ^[1]

+ "If you use, purchase, or register for an Online Service through a third-party service such as a gaming console's network service, an internet based gaming service, or a social network website, or request that we associate a Company account with a third-party service account, then limited user account personal information may be transferred to the Company as part of the registration process and we may be able to collect information about your use of the Online Services." + ^[1]

+ +

Kerbal Space Program allows advertisers to collect personal information seperately

+ +

+ In addition to tracking its users, KSP allows advertisers to track its users as well^[1]. These advertisers are: +

+ +

DoubleClick
Facebook
Google
Conversant
Nielsen/Netratings
Omniture
Yahoo

+ +

+ Which of course, all have their own seperate privacy polcies about how they handle your information. So, not only is KSP tracking you, but a huge amount of advertisers are + also tracking you when you use their services. +

+ +

Kerbal Space Program sells your information to advertisers

+ +

+ KSP's privacy policy uses more vauge language here, but its clear that your information is being sold to advertisers. See the following quotes: +

+ +

+ "In the event we offer services or promotions where your personal information is separately collected and used according to the privacy policy of a third party, we will inform you of that at the time of collection and you may elect not to participate in the service or promotion." + ^[1]

+ +

+ "In addition, we may share aggregate and other information regarding Online Service usage statistics and user demographics with third parties." + ^[1]

+ +

+ Is "other information" personal information? There isn't any transparency here, so we cant know, but its clear that KSP uses its massive datamining platform to collaborate with other datamining platforms. +

+ +

Kerbal Space Program uses your personal information for its own advertising

+ +

+ It's clearly stated in the privacy policy^[1] that this information is used to target users for promotions, and to analyse for marketing purposes: +

+ +

+ "The Company uses this information to send you promotional materials...We also use your personal and other information for our internal marketing and demographic studies, so we can constantly improve the products and services we provide you and to better meet your needs." + ^[1]

+ +

Kerbal Space Program does not make its source code availible

+ +

+ Its impossible to discern the level and scope of privacy violations done by this software beyond what they tell us in the privacy policy. The source code could potentially be hiding + more spyware, but nobody can audit it, and nobody can go into the source code and disable all of the spyware. If KSP had nothing to hide, you would be able to build the game from its + source code. +

+ + +

Sources

+ 1. + TAKE-TWO INTERACTIVE SOFTWARE, Inc. PRIVACY POLICY + [web.archive.org] + [archive.is]
+ + 2. + Does KSP v1.4 really have spyware in it? + [web.archive.org]
+ + 3. + [PSA] RED SHELL Spyware - "Holy Potatoes! We’re in Space?!" integrated and removed it after complaints +[snew.github.io] +[archive.is] +
+

+ +

+ This article was last updated on 5/30/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/nvidia.html b/articles/nvidia.html new file mode 100644 index 0000000..263c9e0 --- /dev/null +++ b/articles/nvidia.html @@ -0,0 +1,67 @@ + + + + + + Spyware Watchdog + + +

Nvidia Graphics Card Drivers

Back to catalog

+ +

UNFINISHED ARTICLE- UNDER CONSTRUCTION

+ +

This article is about the graphics card driver software used for modern Nvidia graphics cards. It is not about any one specific driver.

+ +

Spyware Level: Not Rated

+ +

+ Nvidia produces graphics cards, and of course to use this hardware you need to install their drivers. Unfortunately Nvidia's drivers are riddled with + spyware and the installation process is a minefeild of serious privacy pitfalls, with options selected by default that have serious privacy + implications they have if actually enabled. It isn't possible to install any of their drivers without bundled spyware being installed onto your computer, + which needs to be cleaned up after the install. +

Nvidia's installer is bundled with other spyware programs

+ When attempting to install an Nvidia graphics card driver you will be shown an option to install the spyware program GeForce Experience onto your computer. + This program is malware that is also developed by Nvidia as well, and has a huge range of serious privacy issues, including scanning and uploading information + about the files onto your comptuer to Nvidia. (An article about GeForce Experience is planned) +

Nvidia drivers install telemetry services onto the host machine

+ When the installation is finished, these services will show up (This is on windows 7): +

+ These can at least be disabled like so: +

Sources

+ + +

+ This article was last edited on 7/22/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/opera.html b/articles/opera.html new file mode 100644 index 0000000..c00a699 --- /dev/null +++ b/articles/opera.html @@ -0,0 +1,83 @@ + + + + + + Spyware Watchdog + + +

Opera

Back to catalog

+ A web browser made by Opera Software, using the Blink engine. Has some interesting features like mouse gestures, a built-in ad blocker and VPN. It is the sixth most popular browser. But how does it look like in terms of privacy? +

Spyware Level: EXTREMELY HIGH

+ Opera makes 55 unsolicited requests upon its first run. By default, it spies on all your browsing history. Works closely with advertisers and trackers. Is integrated with Facebook, one of the biggest privacy violators in the world. Has Google as the default search engine. Closed source. +

+ +

Geolocation

+ +

The first request Opera makes is the geolocation request: which includes your country and the precise timestamp.

+ +

Homepage request

+ +

If this is the first time you run Opera, it makes this request: which will redirect you to their homepage. Then, that homepage will make a bunch of other requests, including to google analytics, facebook (if you're logged in, they now know who you are), and even yandex.ru. The yandex request will set a uniquely identifying cookie.

+ +

Cxense analytics

+ +

Later, it will make a few requests to cxense.com. What is Cxense?

+ +

We are Cxense. We help hundreds of leading publishers and marketers across the globe transform their raw data into their most valuable resource. Built on the premise of 1:1 analytics and communication; allowing you to both gain unprecedented insight about your individual customers, and to action this insight real-time in all your marketing and sales channels.

+ +

This request seems to include a unique ID

+ +

Search engines

+ +

Opera will also download a list of search engines, which you cannot delete, only add new ones (at least from the GUI). Apparently, there are some convoluted methods of deleting the search engines, but I haven't confirmed them. Of course, the default search engine is the anti-privacy Google.

+ +

OCSP querying

+ +

Opera will query OCSP servers (ocsp.comodoca.com) to check if SSL certificates expired. + +

Malware / Phishing protection

Anytime you visit a website, Opera will make a request like this: to check if it is malicious. So it is literally spying on your whole browsing history. Fortunately, this can be turned off.

+ +

Other requests

+ +

Other requests include ones to googletagmanager, google ads specific for your country, more requests to yandex (these include your screen size, encoding, and the page you came from), more geolocation, etc. Together, Opera made 55 unsolicited requests in my first run of it. Analyzing them all would probably take a book.

+ +

Facebook integration

+ +

Opera has a Facebook chat button on the sidebar, and Facebook is one of the most anti-privacy organizations out there.

+ +

Opera's "Partners"

Opera has a list of "partners" - those are the websites that are in the Speed Dial by default. If you click on one of them from there, they will know you visited from Opera's Speed Dial. Those requests also include unique user IDs. + What happens if you close Opera and run it again? The websites in the Speed Dial will change to the ones from your country! And the same rule about them knowing where you came from applies.

+ +

Opera is closed source

And it will stay that way. From their FAQ (the message used to be there in 2017, they must have deleted it somewhere in 2018):

+ +

Opera has no current plans to open source its browser.

+ +

Therefore, some other spyware might be hiding in there.

Credits

+ This article was written by digdeeper.neocities.org
+ Formatting changes were done by the site maintainer. +

+ This article was last edited on 6/8/2018 +

+ This article was created on 11/25/2017 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/otter.html b/articles/otter.html new file mode 100644 index 0000000..3e504c8 --- /dev/null +++ b/articles/otter.html @@ -0,0 +1,29 @@ + + + + + + Spyware Watchdog + + +

Otter Browser

Back to catalog

+ From their website: "Otter Browser aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5." Their motto is: "Controlled by the user, not vice versa". Version tested: 0.9.12 (SlackBuild from slackbuilds.org). Program used for testing requests: Mitmproxy. +

Spyware Level: Not Spyware

+ Otter Browser makes no unsolicited requests at all. It is fully open source. The developers, also, don't plan to include any spyware "features" in the future. This seems like a true privacy-based web browser (at least for now). +

+ +

+ This article was created on 11/25/2017 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/paint.net.html b/articles/paint.net.html new file mode 100644 index 0000000..6fe7e9a --- /dev/null +++ b/articles/paint.net.html @@ -0,0 +1,51 @@ + + + + + + Spyware Watchdog + + +

Paint.NET

Back to catalog

+Paint.NET is a freeware image editor program for Microsoft Windows. +

Spyware Level: Low

+Paint.NET contains some spyware features, but also claims in its privacy information^[1] to not be spyware. +

Paint.NET is closed source software

+It's impossible to build Paint.NET from source and read its source code to verify that it is not spyware. Therefore, it is impossible to prove that Paint.NET is not spyware. +

Paint.NET is self-updating software

+Paint.NET contains an updater that downloads new version of Paint.NET. This updater also downloads a file from paint.net's website to check for new versions, which is a form of phoning home. +(I didn't check what protocol or kind of request it makes, though) This can be disabled, however, and you should disable it. Paint.NET also will phone home when you install or upate the software.^[1] +So the only way to avoid this is to block the program from accessing the internet, and disabling all updates. +

Sources

+ + 1. + Privacy Information + [web.archive.org] + [archive.is] + [arquivo.pt] +
+ +

+ +

+ This article was last edited on 6/1/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/palemoon.html b/articles/palemoon.html new file mode 100644 index 0000000..ef03ea7 --- /dev/null +++ b/articles/palemoon.html @@ -0,0 +1,69 @@ + + + + + + Spyware Watchdog + + +

Pale Moon

Back to catalog
+ Mitigation Guide

+ Pale Moon is a fork of an old Firefox version, before the user interface change that put off many people. Version 28.4 was used to + write this article. This article replaces an old article (here). +

Spyware Level: Medium

+ After following the mitigation guide, this software is Not Spyware. +

+ Connects to analytics services, and these requests can only be avoided on subsequent runs. Has block lists, search suggestions, and auto-updates. + Sends SSL certificates from the sites you visit. +

Google Analytics on Homepage

+ By default, Pale Moon's home page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run. + This page connects to Google Analytics, which can fingerprint and track you across the internet. +

Google Analyics requests sent by Pale Moon's default homepage

Blocking privacy-enhancing addons

+Pale Moon by default won't allow you to install the privacy-enhancing addon noscript, citing this rationale for +blocking such an imporant addon: "NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited, +NoScript will cause display issues and functional issues. "^[1] +To disable this blocklist, set extensions.blocklist.enabled to false in about:config. +

Auto-updates

+ Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config. +

+ +

Search Suggestions

The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar. +

+ +

OCSP querying

Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.

Sources

+ + 1. + This Add-on to your browser has been blocked or disabled. + [web.archive.org] + [archive.is] +
+ +

+ This article was created on 3/19/2019
+

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/palemoon_old.html b/articles/palemoon_old.html new file mode 100644 index 0000000..95c9bbb --- /dev/null +++ b/articles/palemoon_old.html @@ -0,0 +1,96 @@ + + + + + + Spyware Watchdog + + +

Pale Moon

Back to catalog
+ Mitigation Guide

+ Pale Moon is a fork of an old Firefox version, before the user interface change that put off many people. But is it a worthy alternative to FF in terms of privacy? Versions 27.7.2 and 28.1.0 were both tested for this article. +

Spyware Level: Medium

+ After following the mitigation guide, this software is Not Spyware. +

This article talks about the older behaviors of the spyware services that Pale Moon was connecting too, which have changed. This article is oudated.

+ Connects to a MASSIVE amount of trackers, and these requests can only be avoided on subsequent runs. Has geolocation, search suggestions, and auto-updates. Sends SSL certificates from the sites you visit. Together made 169 unsolicited requests upon my first run of it, but again, most of them can be avoided on subsequent runs. Pale Moon, in the end, has less privacy issues than Firefox, aside from its terrible start page, so the rating is Medium. +

First run

+ If this is your first run of Pale Moon, it will automatically connect to its first run webpage (http://palemoon.org/firstrun.html), which in turn will make a bunch of requests for location-aware Google Ads. +

Pale Moon's start page

+ By default, Pale Moon's start page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run. That page will then (again) make a bunch of requests for various trackers - here is a list: +

Google Ads (location-aware)
Facebook (so if you're logged in, they know who you are)
Quantserve ("Quantcast is an American technology company, founded in 2006, that specializes in audience measurement and real-time advertising.")
Amazon Ads
Criteo ("Criteo is a personalized retargeting company that works with Internet retailers to serve personalized online display advertisements to consumers who have previously visited the advertiser's website.")
Scorecardresearch ("ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet")
HubSpot ("HubSpot is an inbound marketing and sales platform that helps companies attract visitors, convert leads, and close customers.")
Alexa Metrics
Twitter Ads and Analytics
A few others

+ All these requests contain the Pale Moon start page referrer, so they know where you came from. They also all set uniquely idenfifying cookies, so if you come across another website with these trackers included, they will know you're the person from the Pale Moon's start page, and could start building a profile from your browsing habits. You can easily delete the cookies and change the start page so that it never appears again, but there is no way to avoid the requests being made upon Pale Moon's first run. + +

Blocking privacy-enhancing addons

+Pale Moon blocks privacy enhancing addons like noscript, citing this rationale for +blocking such an imporant addon: "NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited, +NoScript will cause display issues and functional issues. "^[1] So, it looks like Pale Moon's developers are actively working against the intrests of its +privacy-concerned users, and would rather allow websites to execute malicious ECMAScript programs on unsuspecting user's machines, than to be blamed for a broken website. +To disable this blocklist, set extensions.blocklist.enabled to false in about:config. +

Auto-updates

+ +

Search Suggestions

+ +

Geolocation

Pale Moon connects to Mozilla's geolocation services.

+ +

OCSP querying

Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.

Sources

+ + 1. + This Add-on to your browser has been blocked or disabled. + [web.archive.org] + [archive.is] +
+ +

Credits

+ This article was written by digdeeper.neocities.org
+ Formatting changes and some sections were written by the site maintainer. +

+ This article was created on 6/7/2018
+ This article was last updated on 10/14/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/poweriso.html b/articles/poweriso.html new file mode 100644 index 0000000..5867a1b --- /dev/null +++ b/articles/poweriso.html @@ -0,0 +1,73 @@ + + + + + + Spyware Watchdog + + + + +

PowerISO

Back to catalog

+PowerISO is a CD / DVD / BD image file processing tool. +

Spyware Level: Medium

+The PowerISO software itself, after you have installed it, does not seem to have a lot of serious privacy problems and would probably be listed +as "Not Spyware" or "Low". However, downloading and installing this software requires careful attention because it attempts to install serveral spyware +programs and otherwise violates your privacy at every step of the installation process. So it's received this higher rating because of how bad this +process is for user privacy. Also, keep in mind that this is for the free version of the software and the paid version might be slightly better for +user privacy, however because there are so many problems with the free version you would have to do your own tests to make sure. +

+To talk more specifically about the software itself, it will check off "automatically check for updates" by default in the installer which is bad, but you can uncheck it. +When I actually ran it after installing, it did not make any unsolicited requests so it didn't have any problems. When I asked it to check for updates, +it used HTTP to talk to some server. HTTP is a little excessive and not good for privacy. But at least it doesn't phone home or anything, which is really +not something I expected after seeing the absolute disregard for user privacy when trying to install the program. +

+Microsoft Network Monitor 3.4, ProcMon, and NoScript were used to check this program and it's installation process for spyware. +

Unsolicited connections in installation process

+When you try to download this program off of the developer's website (http://www.poweriso.com/download.php), the download link, +which appears to be a link to: http://www.fettcedob-nero.com/vf6o1o5/PowerISO7-x64.exe, is actually a redirect to a website that tries to run a third +party script (spyware) on your browser. +

PowerISO install button running scripts- caught by noscript.

Attempting to install a chrome extenison

+I could not manage to download this program with a Firefox-based browser so I used a Chrome-Based browser to download it. Once I had enabled JavaScript and executed all of the +spyware involved, it attempted to get me to install this chrome extension: +

PowerISO attempt to install a chrome extension

+While this is not a review of search manager, it's worth noting that this extension is known adware at least, and who knows what else it does. Any searches about this +extension should explain this. But at the very least, assuming that you didn't install any spyware yet, you at least have the PowerISO installer... +

Attempts to Install spyware in the PowerISO installer

+ Once you run the PowerISO installer, it will attempt to install the following progams on your computer: +

+ Which both look very shady. CDex also seems to be using this same tactic and installer software.
+ Now, to top it all off, the PowerISO installer will also phone home to some Amazon Servers: +

+ This article was created on 10/7/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/qutebrowser.html b/articles/qutebrowser.html new file mode 100644 index 0000000..742bbd6 --- /dev/null +++ b/articles/qutebrowser.html @@ -0,0 +1,29 @@ + + + + + + Spyware Watchdog + + +

Qutebrowser

Back to catalog

+ From their website: "qutebrowser is a keyboard-focused browser with a minimal GUI. It's based on Python and PyQt5 and free software, licensed under the GPL." Program tested: v1.3.0 for Windows 7 64-bit. Mitmproxy was used to check for connections. +

Spyware Level: Not Spyware

+Qutebrowser makes no unsolicited requests at all. It is also fully open source. This web browser is a great choice to use, and there is +nothing to complain about from a privacy standpoint. (although I don't really know how to use the User Interface that well... ) So far this browser looks like it can stand tall in the ranks of the other privacy-respecting web browsers out there. +

+ This article was created on 5/10/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/razer.html b/articles/razer.html new file mode 100644 index 0000000..3c4a6d8 --- /dev/null +++ b/articles/razer.html @@ -0,0 +1,63 @@ + + + + + + Spyware Watchdog + + +

Spyware de Razer

Back to catalog (English)
+ Back to catalog (Spanish)
+ English Translation

Razer es una compañía que hace programas y hardware para videojugadores

Nivel de spyware: EXTREMADAMENTE ALTO

Información que recolecta

Razer confirma^[1] que recolecta estos datos:

Correo electrónico
Nombre
Información de contacto
La información que envias cuando los contactas (mensaje y demás)
El tiempo que usas sus productos/servicios
Los datos que envias en encuestas
Dirección IP, geolocalización, sistema operativo, navegador

Razer tambien admite^{[1] [2]}que vende los datos de los usuarios

También dice que los empleados pueden ver esos datos.

Razer te obliga a crear una cuenta para usar sus productos

¿Dónde está el botón para iniciar sesión en otro momento?

Sin una cuenta, no puedes configurar ni tu teclado ni tu ratón, no puedes cambiar el DPI del ratón (A no ser que haya un botón en el ratón para eso)

Basicamente, cada vez que abras el software para cambiar el color del ratón o lo que sea, Razer recibirá tus datos.

Estás obligado a conectarte a "la nube" para cargar configuraciones, esto quiere decir que las configuraciones de tu hardware están en el ordenador de otra persona, y saben quien las tiene (las configuraciones)

+ +

Mas lecturas

+ The Razer Synapse 2.0 spy ware +

Crédito

This article was written by: + qorg11 +

Referencias

1. Razer - Privacy Policy | Razer United States [archive.is]
+ 2. The Razer Synapse 2.0 spy ware [archive.is]

+ + + + +

+ This article was created on 3/4/2019 +

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 license to be accepted. +

+ + + diff --git a/articles/razer_en.html b/articles/razer_en.html new file mode 100644 index 0000000..63e27cc --- /dev/null +++ b/articles/razer_en.html @@ -0,0 +1,68 @@ + + + + + + Spyware Watchdog + + +

Razer's spyware

+ Back to catalog
+ Spanish Article +

Razer is a company that makes software and hardware for gamers.

+ +

Spyware level: EXTREMELY HIGH

+ +

Data collection

Razer confirms that they collect this data:

E-mail
Full name
Contact info
Info you send when you contact them (texts and such)
The time you use their services and products
Info you send via polls
IP, geolocation, OS and browser version

+ +

+ Razer also admits^[1][2] that they sell users' info. They also claim that the employees can see this data. + Razer FORCES you to create an account to use YOUR products. +

+ Where is the option "Sign in later" at? Without an account, you CAN'T configure your keyboard, + change your mouse DPI and RGB configuration and such, this means that the configurations you set to your (Razer) peripherals are in somebody's + elses PC, and Razer knows who has that (your) info. +

+ +

Credit

This article was written by: + qorg11 +

References

1. Razer - Privacy Policy | Razer United States [archive.is]
+ 2. The Razer Synapse 2.0 spy ware [archive.is]

+ +

+ This article was translated on 3/10/2019
+ This is a translation of the Spanish article. It may become outdated in the future. Check the dates on both articles. +

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 license to be accepted. +

+ + + diff --git a/articles/realplayer.html b/articles/realplayer.html new file mode 100644 index 0000000..8c207d5 --- /dev/null +++ b/articles/realplayer.html @@ -0,0 +1,120 @@ + + + + + + Spyware Watchdog + + +

RealPlayer

Back to catalog

+RealPlayer, formerly RealAudio Player, RealOne Player and RealPlayer G2, is a cross-platform media player app, developed by RealNetworks. +

Spyware Level: EXTREMELY HIGH

+RealPlayer is spyware that reports all of the media you consume using it to its developers. It uses information that it obtains through this spyware +to build detailed profiles of its users, such as what media they consume and what physical locations they visit, fingerprints of their computers, etc., as well as using information +from other spyware services like Facebook and Twitter to build these profiles. Realplayer knows what media you watch, what your physical location is, what computers you use, and it uses this information for advertising. +

+No actual tests of the software were done to write this article since there isn't really a point... RealPlayer doesn't seem to be hiding anything, +since the privacy policy is so open about what it does. There probably is more spyware hidden in it, but it's really at such a point where it can't +receive a higher rating or a diffrent advisory: Do not use this program. +

RealPlayer records the media you own and consume with it

+ In the same way that a web browser can spy on you by recording all of your internet history and showing it to the developers, RealPlayer spies on you + by recording all of media history and showing it to it's developers. It is very clearly stated in the privacy policy^[1] that + RealPlayer collects the following information about you: +

+ "Such information can include...Information relating to your use of our products and services, for example information relating to photographs or videos you upload to RealPlayer or add to RealTimes, content you download using RealPlayer including domains associated with such content, geo-location information or patterns associated with photographs or videos to enable features in RealTimes, and activities on our websites such as pages visited;" + ^[1]

+ So, because of this vauge wording, it can only be assumed that RealPlayer has access to all of the media that you consume using it. +

+ +

RealPlayer tracks the physical locations of its users

+ What is especially agregious about this policy is that is designed to create detailed profiles of the user. RealPlayer specifically mentions that when it + uses it's spyware to access your photos, it will search for "geo-location information", as well as "patterns associated with photographs or videos". + This is worded in a (somewhat) innocent way but it tells a lot about what this spyware is for. "Patterns" associated with media implies that RealPlayer is + using the information it collects on its users for facial recognition. +

+ RealPlayer also fingerprints the hardware you use: +

+ "Such information can include...Information about your computer or mobile device such as your unique device ID (persistent/ non-persistent, MAC or IMEI), hardware, software, platform, and Internet Protocol (IP) address." + ^[1]

+ Since we also know that RealPlayer scrapes the geolocation information from your images, this is more information that RealPlayer can use to collect information about + your physical location. And this is only further confirmed by this statement later in the privacy policy: +

+ "we sometimes receive information from third parties such as...Service providers that help us determine your device’s location based on its IP address to customize certain products to your location" + ^[1]

+ So, this is proof that RealPlayer is designed to track your physical location. +

+ +

RealPlayer colludes information with other spyware services to profile its users

+ RealPlayer uses all of the information it collects in combination with information that other spyware platforms and services use + to build a more accurate profile of it's users. It clearly states in its privacy policy that it colludes information with^[1]: +

+ "Social networks (like Facebook and Twitter) and similar third party services, that make users’ information available to others;" +
+ "Partners with which we offer co-branded services or engage in joint marketing activities" +
+ "Advertisers about your experiences or interactions with their offerings." +

+ +

RealPlayer uses the information it collects to advertise to its users

+ RealPlayer uses the information that it collects to sell to advertisers and to advertise to its users itself. The privacy policy^[1] makes no secret of this: +

+ "RealNetworks uses information to...Provide personalized content recommendations, language and location customization, and/or personalized help and instructions" +
+ "RealNetworks uses information to...Communicate with you, such as sending you messages concerning your account and customer service issues; asking you to participate in surveys; and delivering news, updates, targeted advertising, promotions, and special offers." +

RealPlayer sells the information it collects to third parties

+ RealPlayer clearly states that all of the information that it collects about its users are sold to advertisers: +

+ "When you visit our website or use our products or services, certain third-party companies can collect information as part of serving ads, providing analytics services, or delivering content or plug-ins." + ^[1]

+ The quotes that have been shown here are really only the tip of the iceberg and for more information the actual privacy policy itself should be read since there is so much + more information on it. +

Sources

+ 1. + Privacy Policy REALNETWORKS, INC., AND AFFILIATED ENTITIES + [web.archive.org]
+

+ This article was last edited on 8/13/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/redshell.html b/articles/redshell.html new file mode 100644 index 0000000..f6400e8 --- /dev/null +++ b/articles/redshell.html @@ -0,0 +1,86 @@ + + + + + + Spyware Watchdog + + +

Redshell

Back to catalog

+Redshell is a spyware platform that is integrated into many video games. +

Spyware Level: EXTREMELY HIGH

+Redshell is a spyware platform. It's purpose is to collect huge amounts of information about its user's computers +to try and connect marketing data (collected through other spyware platforms) to actual results. It fingerprints +any computers it is attached too and phones home. It also collects information about how a player has been interacting +with the video game that it is embedded in. It's strongly recommended that any programs that embed this spyware are +avoided entirely. +

Redshell collects a huge amount of information from its users machines

+ Redshell has confirmed that it collects the following information^[1]: +

Operating System
Installed Browsers
Availible Fonts
Screen Resolution
IP Address
Timezone
System Language
Game-Specific UUID

+ This is obviously a very large amount of information being mined. The purpose of this is to fingerprint the user as well + as possible, destroying any kind of anonymity. It goes beyond most spyware programs in the information it collects, by + scanning your computer for installed programs and collecting various demographic information about the user. It's very clear + that this is a huge amount of personal information to be collecting, despite all of the claims on the official website about how + innocent this data is. +

Phoning home

+ Redshell is designed to phone home at its client's (the game developer) whim. Any program using Redshell will phone home with + personal information in a way perculiar to that program. +

Sharing Information with third parties

+ Redshell clearly says that it shares any kind of marketing data with third parties^[1]: +

+ "For example: Studio X wants to run ads through Google AdWords. When a potential customer clicks on an that ad, they are sent through our tracking link and redirected to the destination set by the studio (in the same way a bitly link works) - usually their game's Steam page. AdWords provides us with unique id for that user and if they end up playing the game, we tell AdWords so they know the ad was effective." +

+ Of course, the words "integrated partner" are used to describe these third parties. The bottom line is that other people are being + given this information. There is also an important distinction to make when talking about this: as Redshell's spyware is a product, + Redshell does not actually have control over what the buyers of that product can do. So, just because Redshell doesn't sell the + the information it's spyware collects about it's users to third parties, that doesn't mean that the buyers of the product do not or + will not sell the information that they collect through Redshell to third parties. +

Sources

+ 1. + Hi there, we're Red Shell. + [web.archive.org] +
+

+ This article was last edited on 7/16/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/slimjet.html b/articles/slimjet.html new file mode 100644 index 0000000..6e9c75d --- /dev/null +++ b/articles/slimjet.html @@ -0,0 +1,93 @@ + + + + + + Spyware Watchdog + + +

Slimjet

Back to catalog

+Slimjet is a clone of the SlimBrowser web browser from FlashPeak that uses the Chromium as a base. +

Spyware Level: EXTREMELY HIGH

+Slimjet's website claims that it is very committed to user privacy, and that it blocks Google tracking, unlike Google Chrome^[1]. However this claim is not true. Slimjet is constantly sending information to google and connecting to google +services. Slimjet claims to be concerned about privacy but ultimately retains just about all of the spyware features found in Google Chrome, as well as additional spyware added on by FlashPoint. In this way, Slimjet manages to implement all of the spyware that is found in browsers like Google Chrome, except instead of one company having this information, it's split up among several companies... +

Phoning Home

+ Even though on its site, FlashPeak claims that: "Slimjet doesn't send any usage data back to Google like Chrome."^[1] + the moment I turn it on with MITMproxy running, I am greeted with this: +

Slimjet sending requests to all sorts of google services

+ So, this claim just isn't true at all. It's still got a lot of Google's spyware in it, if it's still connecting to so many Google services. What's kind of surprising is that it didn't seem connect to any servers explicitly operated by FlashPeak when I was testing it. Even though, it claims to collect information about it's users for internal usage.^[2] So, it must be phoning home as well as sending information to Google. Maybe it sends information through some kind of Google web service? +

Default Search Engine is Spyware

+ The default search engine is Bing, which sells your information to advertisers. If that isn't enough, it's + "served from fpseek.com" which means that not only are you exposing your information to Bing, this is also being logged by fpseek, which + has it's own privacy policy^[3]. Whenever you search something using the default search engine, requests are sent to both Bing and fpseek. +

+ So, not only are you sharing everything with Microsoft, now there is another company looking at all of your searches. This is a uniquely bad + default search engine because of how much information it leaks out. Fpseek itself is a company that seems to be tracking how users interact + with advertisments and it says that it uses information it collects about it's users to: +

+ "...maintain and improve the quality and operation of the Software & Services, including, monitoring viewability of and interaction with advertisements, search results and other products and services provided by Company." + ^[3]

+ So, it looks like your searches are sent to two advertising companies instead of just one. At the very least when the search engine is changed to + an alternative like DuckDuckGo the requests to fpseek stop. +

Collecting Information about Users

+ Slimjet claims to collects "some anonymous feature usage statistics information", and claims not to record your IP or sell that information + to advertisters. However it is still opt-out spyware. +

Using the Microsoft BITS service to upload search history to Google servers

+ When you start Slimjet, it will begin using the BITS (Background Intelligent Transfer Service) which is designed to use spare bandwidth to transfer + updates and other information. These requests are sent between Slimjet and a Google server, with confirmation from Process Monitor and MITMproxy: +

+ Personal information was censored from these images. It's unclear what this is for specifically but this is probably being done to implement the + "CLOUD SYNC OF BOOKMARK & DATA" that is advertised on Slimjet's website. This is probably how they upload all of your search history and bookmarks into their cloud services, which seem to be provided by Google. There are no other features or requests made that would require large amounts of data to be sent too an external server in this way, so by process of elimination this is my theory as to how it's implemented. +

+ Obviously you can tell that any kind of service to sync your search history "in the cloud" is a privacy nightmare. Now both Google and Slimjet have access to your search history... +

Sources

+ 1. + Fastest web browser that automatically blocks ads + [web.archive.org] + [archive.is]
+ 2. + Privacy Policy + [web.archive.org]
+ 3. + Privacy Policy – Fpseek + [web.archive.org] + [archive.is]
+

+ This article was last edited on 8/4/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/snapchat.html b/articles/snapchat.html new file mode 100644 index 0000000..3a2b786 --- /dev/null +++ b/articles/snapchat.html @@ -0,0 +1,95 @@ + + + + + + + Spyware Watchdog + + + +

Snapchat

Back to catalog

+Snapchat, developed by Snap Inc is designed to be a free, and fun smartphone app to send messages as "Snaps" to your friends. It is popular among teenagers and millennials, however older people have started using the app too. +

Spyware Level: EXTREMELY HIGH

+Snapchat is spyware because it identifies you with your IP, demands too many permissions and punishes the user for not allowing it certain permissions. Furthermore, it logs your GPS location constantly, makes you provide a phone number or email to use it after a set grace period, and you are forced to use the offical client

+ +

It Identifies You With Your IP

+Snapchat constantly logs your IP even if the app is closed and not running on the phone^[1]. Furthermore, it combines all these logged IP addresses to build a log on the person. This log can help identify what cities/countries the user has visited or are residing in. Furthermore it can help pinpoint the users home without using the GPS. This feature is mandatory and there is no way you can disable it, however one might be able to use a VPN or the TOR network, although it has been reported that Snapchat is now blacklisting VPN networks and TOR exit nodes^[2] claiming that they "detected suspicious activity", forcing the user to reveal their real IP address. +

+ +

It Demands Assess to Too Many Permissions and Punishes The User For Not Granting It Permissions

+For a simple social media app, Snapchat demands too many permissions. When I tested it on my spare Android phone, it wanted access to:

Phone owner's full name
Phone Contacts
Phone calendar
Exact GPS location
Send and receive SMS Messages (Which may cost money)
All files on phone and files on MicroSD card
Phone camera
Phone microphone
Identifying device information: IEMI number, carrier, SIM status, phone number
Control phone vibrator motor

To top all of that off, Snapchat will punish the user for denying it too many permissions. When I was testing the app, it would lock me out of the app if I didn't give permission assess all my files. It also it would not let me record video if I didn't give it assess to the microphone.

+ +

It Contains a GPS Location Logger

As well as keeping track of IP's, Snapchat logs locations taken from the phones GPS at random times^[4]. If that wasn't scary enough, Snapchat even sells this data to third party advertisers. Also, Snapchat has introduced SnapMap, a feature that shows where your friends are located. People have reported having their location broadcasted to all their friends^[5] even though they didn't accept any prompts. This is dangerous as this can broadcast your location to potential stalkers and the user doesn't even realize it.

+ +

You Must Provide a Phone Number or Email

If logging IPs and GPS Locations wasn't enough, Snapchat will now lock out accounts that haven't provided an email or phone number^[3]. Snapchat will let you use thier app for a grace period before it locks you out and demands an email or phone number in order to get your account back. The length of this grace period is unknown.

+ +

You Must Use the Official Client

If a user is fed up with the the vast amount of information the official Snapchat client collects about you, they CANNOT change to the 3rd party client. Doing so is strictly prohibited. Snapchat has a service that is designed to catch users using 3rd party clients and permanently lock your account. This forces the user to use the official client which contains the spyware.

+ +

Sources

+ 1. + Snap Inc's Privacy Policy + [web.archive.org] +
+ + 2. + Snapchats Troubleshooting Guide + [archive.fo] +
+ + 3. + Player One's Article On Locked Snapchat Accounts + [web.archive.org] +
+ + 4. + Snapchat Request Data + [archive.fo] +
+ + + 5. + Verge's Article On Snapmap + [web.archive.org] +
+

+ +

+ This article was last edited on 2/23/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + + + diff --git a/articles/sphere.html b/articles/sphere.html new file mode 100644 index 0000000..f346e96 --- /dev/null +++ b/articles/sphere.html @@ -0,0 +1,51 @@ + + + + + + Spyware Watchdog + + + +

Sphere Browser

Back to catalog

+Sphere Browser is a privacy-focused web Browser made by Tenebris. +

Spyware Level: Possible Spyware

+This program was tested with MITMproxy on Linux. Sphere Browser itself does not contain any telemetry and really has removed all of +the spyware from the chromium codebase that it is based on. However, it has two red flags- the default homepage has analytics, and you have to run +analytics on your browser to download it. The software is fine. Just the settings and the way you have to +download it and the lack of source code hold it back from the title of "Not Spyware". You can easily configure it to not connect to the default homepage, at least. +

Tracking pixel on the default homepage

+ Sphere Browser is based around an "identities" feature that lets you change how your browser appears to the rest of +the internet in a rather easy way- and then it by default loads the site f.vision which can identify your new identity in a pretty +centeralized way, and even includes a tracking pixel from the getclicky analytics service. If you want to use this browser, you really +should not be using this default homepage. It contrasts with the privacy features of the browser rather poorly. +

getclicky tracking pixel on the sphere browser default homepage

JavaScript from an Analytics company on the download site

+Another problem is, you need to load JavaScript to download the browser itself at sphere.tenebris.cc/, which tries to load JS code from Tenebris +as well as JavaScript from the same analytics company that has the tracking pixel on f.vision. Why are these analytics here if the browser +is so focused on privacy? +

getclicky tracking JS on the sphere browser download page

+ + +

+ This article was last edited on 12/12/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/steam.html b/articles/steam.html new file mode 100644 index 0000000..e67b5da --- /dev/null +++ b/articles/steam.html @@ -0,0 +1,113 @@ + + + + + + Spyware Watchdog + + +

Steam

Back to catalog

+Steam is a video game launching service, digital content store, DRM platform, file sharing platform, and Social Network created by Valve. +

Spyware Level: EXTREMELY HIGH

+This program is spyware because it collects huge amounts of user information, including but not limited to your Home Address, Telephone Number, Credit Card Number, and Internet Search History. Steam also profiles your hardware, communciations through Steam's social networking features, and contains a mandatory self-updater. Steam will not work without an internet connection. +

Steam's source code is unavailible

+Steam cannot be built from an availible copy of the source code. This means that it is impossible to prove that Steam is not spyware or does not use certain spyware features that it potentially has. +

Steam collects and shares huge amounts of sensitive user information

+In Steam's privacy policy^[1], Steam details that it collects the following user information: +

Name
Address
Credit Card Number(s)
e-mail
Age
IP Address
Device Unique ID
Chat logs
Fourm posts
Voice Chat Recordings
Hardware Enumeration

+Steam also confirms that it shares this information with third parties. The implications of this are as follows: Steam knows your name, age, where you live, your banking information, and what your e-mail is. Steam shares this information with other companies (at least, to the extent allowed by law). Steam can use your IP Address to track where you are to the nearest county and can use your Device Unqiue ID provided by the fingerprinting spyware features inside Steam to track your usage habits across devices that you use. Steam also records all of your communications with others through its social networking and instant messaging services, such as all chat logs, voice conversations, and forum posts, and can share all of this information with third parties as well. +

Steam has been and may still be recording your internet history

+It was proven that Steam's VAC system records your internet history and uploads it to an offical Valve server^[2]. Valve has subsequently denied^[3] that they store user's internet history, but it is impossible for Valve to prove that they do not store internet history. What we do know is that Valve does have the ability to spy on a users internet history, the spyware feature is programmed into Valve's software and the internet history is processed by Valve's servers. It is up to you to decide wether or not you trust Valve when they say that they have turned this feature off or not. +

Steam records and publicly broadcasts your program usage habits

+Steam records your program usage habits for all programs launched through Steam's program launching service. This spyware feature is mandatory and has no opt-out. Steam also uses its social network features such as the user profile and friends list to broadcast a users program usage habits publicly. This spyware feature can be partially disabled by setting your profile to private, but it cannot be opted-out of if you are using the "friends" social networking feature. +

Steam attempts to collect your telephone number

+Steam has the spyware feature which allows you to "opt-in" to certain features of the Steam service by providing Steam your telephone number. This is done through a pop-up that cannot be turned off. This spyware feature is currently not required, but is being encouraged by Steam. Steam in fact will lock out certain features and privledges to users who want to protect their privacy- for example, access to the "steam store" which is an online marketplace run by valve requires you to give you your phone number. So it is impossible to use all features of the software without giving up this kind of information. +

Steam "phones home" and requires and internet connection

+Steam will "phone home" whenever the Steam client is opened or a program is launched through Steam. This spyware feature is mandatory and cannot be turned off. Steam provides an offline mode which is not an opt-out because users must still connect to Steam Servers every 30 days or so. +

Steam is self-updating software

+Steam contains spyware features that allow it to update itself without user verification. This is not an opt-out feature because eventually Steam will stop working until it is updated. Self-updating software is a form of spyware because it can be used to install new spyware features or force users to agree to new agreements that force them to explicitly give up more information to continue using the spyware program. +

Sources

+ + 1. + Privacy Policy Agreement + [web.archive.org] + [archive.is] + [wayback.archive-it.org] + [arquivo.pt] +
+ + 2. + VAC now reads all the domains you have visited and sends it back to their servers hashed + [web.archive.org] + [archive.is] +
+ + 3. + Valve, VAC, and trust + [web.archive.org] + [archive.is] +
+ +

+ +

+ This article was last edited on 8/3/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/systemd.html b/articles/systemd.html new file mode 100644 index 0000000..3224ca7 --- /dev/null +++ b/articles/systemd.html @@ -0,0 +1,55 @@ + + + + + + Spyware Watchdog + + +

systemd

Back to catalog

This aritcle is not accurate and needs to be rewritten

Spyware Level: Not Rated

+A lot of people asked me to write this article, so here is my attempt at writing it. Lots of people have lots of reasons to dislike systemd, and a lot of them wonder if +there is also a privacy reason to dislike systemd. But I have not ever heard of any kind of telemetry, phoning home, or any other kind of spyware in the systemd software +suite. systemd is free software so anyone can look at the code. And a lot of people have spent a lot of time cataloging why they don't like systemd. But if you read their +reasons, none of them mention any kind of spyware hiding inside of systemd's codebase that can be actually proven. So, I can't write that systemd is spyware until someone +can prove that it is spyware. If you have proof then feel free to email me and I will be happy to change this rating. +

+This line of reasoning for giving systemd a "Not Spyware" rating has some flaws, and the most obvious one is that it isn't reasonable to audit the 1 million lines of systemd +code for spyware. But this is still too generic of a critisim to make about it, because while in theory it is true, there needs to be real proof. Maybe the take-away is +that while there are many reasons to not like systemd, it's really probably not violating anyones privacy, just because of how much scrutiny it has gotten. Maybe it should be +rated "Potential Spyware" or a lower, "Probably Not Spyware"? I think that the rating should be taken with a grain of salt because of this. +

+I have personally never used systemd and I don't have the skills to actually audit it or run tests on it myself. So this isn't a very good place to look when looking for reasons +to dislike systemd. At the very least, I can point to anti-systemd web pages that I am sure would be the first to report on systemd potentially violating the privacy of it's users. +But I don't want to call them "sources" or anything because what they talk about is beyond the scope of this website. +

Anti systemd web pages

+ systemd is the best example of Suck. + [web.archive.org] + [archive.is]
+ + Arguments against systemd + [web.archive.org] + [archive.is]
+ + Is systemd an NSA attempt? + +

+ This article was last edited on 8/7/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/telegram.html b/articles/telegram.html new file mode 100644 index 0000000..2ac0846 --- /dev/null +++ b/articles/telegram.html @@ -0,0 +1,57 @@ + + + + + + Spyware Watchdog + + +

Back to catalog

+Telegram is an instant messaging program that allows you to send text, images, videos and also any other files to other Telegram users. +

Spyware Level: Medium

+Telegram has some spyware features in it such as the telephone number verification, and routing communications through official Telegram servers in most cases. However, Telegram contains privacy features and claims to not collect any user information^[1]. +

Telephone Number Required

+Telegram features the more modern spyware feature that requires the user to associate their persistent user identity with a telephone number. This is obviously a breach of privacy, because Telegram requires the user to disclose this personal information. +

Centralized communication routing

+Telegram does not use peer-to-peer or private servers for the majority of its communications. This means that Telegram is capable of logging all of the communications you send through its service, unless you opt to only use the Peer-to-Peer features of Telegram. Centralized communication routing has a high potential to be spyware. Telegram attempts to use Peer-to-Peer communication for Voice Calls, but it may disclose IP address to the counterpart. Telegram claims in its privacy policy^[1] that it does not collect any information, but it is impossible to prove this. +

+Telegram's server software is closed source and Telegram does not distribute its server software. There is no way for other people to host their own Telegram services because +of this, meaning that the servers that the developers operate are the only choice for using this messaging platform. +

Telegram does not follow its GPLv2 Obligations

+Telegram clients are advertised as free software, but in practice the source code is not immediately accessible^[2], the delay sometimes being up to 5 months. So, unknown spyware features could be in the official Telegram client binaries that you download, without you knowing. It's recommended that you build an outdated version of telegram from its source code, since its not provable whether or not the binaries that are distributed have unknown spyware or not. +

Sources

+ 1. + Telegram Privacy Policy + [web.archive.org] + [archive.is]
+ + 2. + Where are the sources of the latest releases? + [archive.li]
+

+ +

+ This article was last edited on 2/18/2019 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + diff --git a/articles/thunderbird.html b/articles/thunderbird.html new file mode 100644 index 0000000..bda2522 --- /dev/null +++ b/articles/thunderbird.html @@ -0,0 +1,74 @@ + + + + + + Spyware Watchdog + + +

Mozilla Thunderbird

Back to catalog

+Mozilla Thunderbird is an email, newsgroup, news feed, and chat client that was developed by the Mozilla Foundation, who are also the developers of Firefox. +

Spyware Level: Medium

+Thunderbird contains a lot of spyware features, however all of these can be opted-out of and most of the spyware is connected to the web-browsing capaiblities of Thunderbird. Thunderbird contains some minor spyware protection to its users and does not attempt to collect any information that is extremely sensitive, however it is spyware and does share and collect user information by default that it does not need to share. +

Thunderbird shares your E-Mail address with other parties

+ From the Thunderbird privacy policy^[1]: +

+ Thunderbird may try to contact external DNS servers, standard autoconfiguration URIs, and Mozilla's configuration database to try and work the settings needed for your account. This may involve sending part or all of your email address, but never involves sending your password. When Thunderbird does this, the parties contacted may retain logs of those requests. +

Thunderbird allows other websites to track you

+Thunderbird contains web browsing spyware features, including compatiblity with tracking cookies and javascript, which can both be used to allow other parties to spy on users. As such, all of the spyware concerns of browsing the web are relevant when using Thunderbird. However, these features can be turned off. They are not spyware in and of themselves but they are attack vectors for other spyware programs to be downloaded and executed by the user. Thunderbird however provides some basic protections by default such as blocking all remote content in HTML E-Mails. +

Thunderbird profiles its users and tracks the add-ons and personas they have installed

+Thunderbird details in its privacy policy^[1] that it updates Mozilla with the add-ons that users have installed, and then uses that information to recommend other add-ons to its users. Thunderbird will also track which "personas" a person installs and uses (these are like themes) when the user is using Mozilla's centeralized "personal gallery". These spyware features can be opted-out of or not used. +

Thunderbird shares your web browsing information with other parties

+ From the Thunderbird privacy policy^[1]: +

+ When you visit a secure website or access secure remote content via emails, Thunderbird may check the identity of that secure remote service using any status provider mentioned in the certificate provided by that service. Thunderbird sends only the certificate identification to the certificate provider, not the exact URL you are visiting. Sending these verification requests to third parties is sometimes important to ensure your connection to a site is secure; to help maintain your security, Thunderbird may deny access to the site if it can't verify your connection using the third party. +

+ Keep in mind that this only applies to web browsing activity that happes on Thunderbird, and not web browsing activity that happens on any other program. This feature can be opted-out of. +

Thunderbird is self-updating software

+Thunderbird will try and download new versions of itself using its update system. Since new versions of programs means that there could be new forms of spyware hidden in the program after updating, this is a form of spyware. This feature has an opt-out. +

Thunderbird contains other opt-in spyware

+Thunderbird contains several forms of opt-in spyware that only collects information when the user specifically authorizes it. This includes crash reports and detailed user analytics. Mozilla says that it anonymizes this information if you choose to share it. +

Sources

+ + 1. + Mozilla Thunderbird Privacy Policy + [web.archive.org] + [archive.is] + [arquivo.pt]
+ +

+ This article was last edited on 6/2/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/tor.html b/articles/tor.html new file mode 100644 index 0000000..1eed56a --- /dev/null +++ b/articles/tor.html @@ -0,0 +1,51 @@ + + + + + + Spyware Watchdog + + + +

Tor Browser

Back to catalog

+Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.^[1] +

Spyware Level: Not Spyware

+The Tor browser is a privacy focused web browser that is used to access the internet either normally or through the Tor Network. +Connections through the Tor network are much more private than normal connections as you do not have an IP address that is +associated with you. While spyware services can tell that you are connecting from the Tor network, their ability to identify and profile you is +greatly reduced. Tor browser is Not Spyware and is the best web browser to use for privacy. +

+One thing that complicates this review is that most browsers are chastized for sending auto-update requests. However the Tor browser is doing +this over the Tor network... so while it's definitely "phoning home", it's doing so in an anonymous way. +

Sources

+ 1. + Tor Browser Official Site + [web.archive.org] + [wayback.archive-it.org] + [webarchive.loc.gov] + [swap.stanford.edu] + [arquivo.pt] + [archive.is] + [wayback.vefsafn.is]
+

+ This article was last edited on 11/20/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/ungoogled_chromium.html b/articles/ungoogled_chromium.html new file mode 100644 index 0000000..62dae6f --- /dev/null +++ b/articles/ungoogled_chromium.html @@ -0,0 +1,45 @@ + + + + + + Spyware Watchdog + + + + +

Ungoogled-Chromium

Back to catalog

+Ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, +control, and transparency (almost all of which require manual activation or enabling).^[1] +

Spyware Level: Not Spyware

+Ungoogled-chromium is a fork of Chrome that has all of Google's spyware removed. It was tested with MITMproxy and makes +no unsolicited requests, and is therefore not spyware. Ungoogled-chromium is the highest-rated +browser based on Google Chrome, and is probably one of the best choices if you can compile it. +Otherwise configuring Iridium to a sufficient privacy standard might be a good choice if you are +looking for a Chrome-based browser to switch too without taking the time to compile any software. +

Sources

+ 1. + Ungoogled-Chromium + [web.archive.org] + [archive.is]
+

+ This article was last edited on 11/1/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + + diff --git a/articles/unity.html b/articles/unity.html new file mode 100644 index 0000000..a93ef78 --- /dev/null +++ b/articles/unity.html @@ -0,0 +1,66 @@ + + + + + + Spyware Watchdog + + +

Unity

Back to catalog

+Unity is a game engine developed by Unity Technologies SF. +

Spyware Level: EXTREMELY HIGH

+Unity collects user information and uses it in a dubious and malicious way and is a classic example of how analytics are a framework for anti-user behavior. It should not be trusted. It also is integrated with other spyware programs, like the .NET runtime provided microsoft, and Visual Studio. You can use alternatives to these, though. +

Unity Editor collects user activity

+ Some users have found that the Unity Editor, left idle for some time, will elicit an email from Unity support + asking for a reason for their inactivity.^[1] + Unity support have also been known to contact developers suspected to be earning over the $100,000 revenue limit with the gratis Unity Editor (against Unity EULA) to pressure them into purchasing a Pro license. Several of these developers were not active on services, or did not even have accounts on said services, which Unity support claimed to have "discovered" their projects.^[2] Additionally, Unity Editor analytics can no longer be disabled unless users purchase the Pro edition.^[3] +

Unity games and system data collection

+ Many Unity games have been found to report telemetry at first launch and have telemetry enabled by default, sometimes with no option to disable it. With no way to disable data collection, players are left to blacklist the game through their firewall.^[4] Exported Unity projects collect anonymized statistics about a system’s hardware configuration to monitor and report to developers which type of devices are used to play their Unity engine games. ^[5] +

Credits

+ This reveiew was written by Alia Sarmor.
+ Formatting changes were done by the site maintainer. +

Sources

+ 1. + Jesse / Dr. Spacezoo (twitter) + [web.archive.org]
+ 2. + Hard sell and coercive tactics from Unity + [web.archive.org]
+ 3. + Can't disable editor analytics since Unity 5.2.3p1 it's now pro only + [Need archive- cant manage to do it...!]
+ 4. + Games w/ potentially telemetry + [web.archive.org]
+ 5. + Tasharen’s Games: Privacy Policy
+

+ This article was last edited on 9/10/2018 +

+ This article was created on 8/24/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/utorrent.html b/articles/utorrent.html new file mode 100644 index 0000000..4cdc02b --- /dev/null +++ b/articles/utorrent.html @@ -0,0 +1,43 @@ + + + + + + Spyware Watchdog + + +

uTorrent

Back to catalog

+uTorrent is a proprietary adware BitTorrent client owned and developed by BitTorrent, Inc. +

Spyware Level: Not Rated

+This article is a stub. Someone needs to write it. Email me if that person is you. The rest of this page is just the template for writing new +articles. +

Spyware Feature X

+This program has spyware feature X in it. There should be some kind of proof here. If it doesn't contain original research, the source +should be cited like this: ^[1]. +

Sources

+ 1. + Example Source + [web.archive.org] + [archive.is]
+

+ This article was last edited on 8/3/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/vivaldi.html b/articles/vivaldi.html new file mode 100644 index 0000000..0d5fa42 --- /dev/null +++ b/articles/vivaldi.html @@ -0,0 +1,92 @@ + + + + + + Spyware Watchdog + + +

Vivaldi

Back to catalog

+ Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). But how does it look in terms of privacy? Versions 1.15 and 2.0 were tested to make this article. Program used for testing requests: Mitmproxy. +

Spyware Level: Medium

+ Vivaldi makes a bunch of requests to Google upon startup and after (malware protection requests can be turned off, but extension updates don't appear to?). Phones home every 24 hours with a unique ID using Piwik, an analytics service. Anti-privacy Bing as the default search engine. Not fully open source. Connects to an analytics platform that spies on its users. +

Vivaldi's developers do not respect your privacy

+Vivaldi connects to the analytics platform Piwik^[1] that it uses to spy on its users, which is discussed in greater detail in other sections of this page. +What is most notable about this is the additude of Vivaldi's developer team: Developers that belittle privacy concerns, and insult their users further when they speak out about being spied on, +are not developers you can trust. Below is an anti-privacy rant from a moderator on Vivaldi's forums: +

+@dib_ Stop spreading FUD. Piwik as employed by Vivaldi is not "spyware." Piwik is not a "spyware company" (unless Google, Facebook, Yahoo, TVGuide, Microsoft, Apple, NYT, Huffpo, Ancestry.com, WaPo, CenturyLink and McAfee are "spyware companies" - in which case just disconnect your computer and go to bed). It is irresponsible and malicious of you to lie about Vivaldi in this fashion. If you want to know what a connection does, ask. But don't sling around reckless accusations.^[2] +

Addon updates

+
+
+ These are the Chrome webstore requests, supposed to update your extensions. But with a new Vivaldi install, you don't have any, so they only accomplish spying. And the first request includes "x-googleupdate-appid" which is most likely uniquely identifying. Can't be disabled. +

Google Safe Browsing

+
+
+ Vivaldi is downloading the lists for Google's Malware and Phishing protection, which is enabled by default, but can be disabled from the Settings menu. +

+ +

Phoning home

+ From Vivaldi's privacy policy: "When you install Vivaldi browser ('Vivaldi'), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.". So they (claim to) delete "the last octet" of your IP. How generous of them. This is the full request: +

+ +

Anti-privacy search engine by default

The default search engine is Bing, whose privacy policy states: "Microsoft will collect the search or command terms you provide, along with your IP address, location, the unique identifiers contained in our cookies, the time and date of your search, and your browser configuration.". To make it worse, that data is shared with third parties: "We share some de-identified search query data, including voice queries, with selected third parties for research and development purposes." (you have no proof it has been "de-identified", by the way). Vivaldi has other engines preinstalled, and you can easily change it - but still, the default is all we can judge it by. +

+ +

New tab sites

By default, Vivaldi contains some websites in its new tab page that have a lot of spyware in them, but does not automatically make any connection, and those sites can easily be deleted.

+ +

Cannot be built from source code

+"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."^[3] +

Sources

+ 1. + Get Matomo + [web.archive.org] + [archive.is]
+ + 2. + Return of Vivaldi spyware + [web.archive.org] + [archive.li]
+ + 3. + The Vivaldi source code license and the EULA appear to conflict with each other... + [web.archive.org] + [archive.li]
+

+ This article was last edited on 10/14/2018 +

+ This article was created on 11/25/2017 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/vlc.html b/articles/vlc.html new file mode 100644 index 0000000..09bed52 --- /dev/null +++ b/articles/vlc.html @@ -0,0 +1,45 @@ + + + + + + Spyware Watchdog + + +

VLC Media Player

Back to catalog

+VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. +

Spyware Level: Not Spyware

+VLC Media Player is not spyware, but it does have notable features in it that could be possible forms of spyware. However all of these features are opt-in, and the software explicitly informs the user about the risks associated with these features. VLC is a model program that has convenience features in it that could compromise privacy, while still respecting user privacy. +

VLC Media Player has been distributed with spyware programs by third parties

+While VLC's creators do not distribute their player with spyware, it has been distributed with spyware^[1] by other parties. If you download VLC Media Player, make sure you download it from VideoLAN's web site. +

VLC Media Player contains some opt-in spyware features

+VLC Media player searches through online databases to find complete album covers / metadata for songs. This implicitly means that it sends requests to external servers, and those servers could log information about specific users music libraries. VLC Media player also has a self-updater, however this does not update without the user's consent, and while there is no precedent for the developers to add spyware in its updates, it's still notable. This is the notice that users are presented with when first installing VLC, which adequately explains the implications of these features. The only improvement would be to not have them checked off by default. +

Sources

+ 1. + Companies bundling spyware, adware with open-source media player + [web.archive.org] + [archive.is]
+

+ This article was last edited on 7/30/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/articles/waterfox.html b/articles/waterfox.html new file mode 100644 index 0000000..fae2fe8 --- /dev/null +++ b/articles/waterfox.html @@ -0,0 +1,145 @@ + + + + + + Spyware Watchdog + + +

Waterfox

Back to catalog

+Waterfox is a web browser that is a fork of Firefox. +

Spyware Level: High

+Waterfox is a fork of Firefox that claims to be more private and secure +than Firefox. However, Waterfox contains telemetry and shares +information about you with Mozilla, and has other spyware features. +

Waterfox connects to spyware services when it is first run

+ If you start up Waterfox for the first time, it will make 109 requests^[5] to several spyware platforms, most notably + Google Analytics, and Mozilla online services like its Geolocation service, and several other Mozilla services, as + well as Waterfox's own update service. You can look at a list of these requests + here or a on mirror here. +

Waterfox has a communication problem

+ There has been some controversy over Waterfox's privacy policy^[1]. + At the time of writing, it claims that Waterfox sends "Webpage data + to Google's SafeBrowsing service," meaning that at one point, both Google +and Waterfox were spying on all of your internet activity. However, +according to this reddit thread^[2], + this is no longer true: therefore, Waterfox's privacy policy does not + necessarily reflect what information the browser currently collects. + The lack of detail and clarity in the privacy policy is also very + concerning. For example, in the abovementioned section titled "Webpage + data to Google's SafeBrowsing service," there are links to a Firefox + Knowledge Base article and Google's privacy policy, neither of which + actually explain what data is sent by Waterfox to Google. If this were + still accurate, it would have some serious privacy implications (and + would certainly bump up the spyware rating of this program). An + inaccurate and outdated privacy policy - i.e. one that does not + correctly explain what information is being shared - is + a serious red flag for any privacy-conscious user. +

Waterfox "phones home" with information about your computer whenever you start it up

+According to its privacy policy^[1], Waterfox collects the following information by default: +

Waterfox version
Operating system
Language settings
Installed Waterfox Add-ons

+Waterfox shares this information with Mozilla and will collect this information every time you launch Waterfox. +

Waterfox offers spyware search engines to its users and uses Bing as its default search engine

+By default Waterfox is using the spyware search engine Bing. +Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google, +which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). Luckily there are some more private search engines offered, +like StartPage and DuckDuckGo. What is concerning is the additude that the developer of waterfox has towards these spyware search engines: +

+ "Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009)."^[3] +

+It's very clear that while the browser advertizes itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim. +

Waterfox sends all website notifications through Mozilla's servers

+If you enable notifications on a website, all of those messages will +be sent through Mozilla's servers. According to Waterfox's privacy policy^[1], +Mozilla cannot see the content of said messages. However, Mozilla will +receive the following information: +

Number of Waterfox subscriptions and unsubscriptions to website notifications
Number of messages sent
Timestamps
Senders (which may include specific website providers)

+So, Mozilla can see who is sending notifications, when these notifications +are being sent, how many notifications are sent, and how many websites you +have enabled notifications on. Waterfox collects all of the above, and +additionally sees your IP address for each notification sent. +

Waterfox is integrated into the "Firefox Accounts" spyware platform

+The "Firefox Accounts" platform allows you to sync a lot of sensitive +information, such as your internet history, across all of your devices. +This is, of course, all being stored on Mozilla's servers.^[4] +This feature +is opt-in spyware, but it should still be mentioned. +If you don't want your internet history to be uploaded to Mozilla servers, +don't use this feature. +

Waterfox is self updating software

+Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way +where the user can understand what they are giving up when they download the update. Given Waterfox's bad communication, this is especially likely to happen. +

Sources

+ + 1. + Improve security for users everywhere + [web.archive.org] + [archive.li]
+ + 2. + What happened to Waterfox's devotion to user privacy? + [web.archive.org] + [archive.li]
+ + 3. + Waterfox and Ecosia - Privacy Concerns + [web.archive.org] + [archive.is]
+ + 4. + Access Mozilla Services with Firefox Account + [archive.li]
+ + 5. + How to choose a browser for everyday use? + [web.archive.org] + [archive.is]
+ +

+ This article was last edited on 6/2/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ \ No newline at end of file diff --git a/articles/webdiscover.html b/articles/webdiscover.html new file mode 100644 index 0000000..39d4dfd --- /dev/null +++ b/articles/webdiscover.html @@ -0,0 +1,115 @@ + + + + + + Spyware Watchdog + + +

WebDiscover

Back to catalog

+WebDiscover is a web browser made by WebDiscover Media. +

Spyware Level: EXTREMELY HIGH

+WebDiscover uses the spyware search engine Yahoo as it's default search engnine, but on it's website it says it uses the spyware +search engine Bing as it's default search engine. It is hard to review since every time I run it, +it messes up MITMproxy so I can't see what it's doing. The privacy policy explains that it collects a large amount of personal information from it's users, so it is at least not a secret that this browser is spyware. This program acts in a very suspicious way and +the privacy policy contains a lot of language in it about the use of the information it collects that elevates it +to a uniquely bad stance on user privacy and use of user information, so I would recommend staying far away from it. +

WebDiscover installs itself onto users computers through installer bundling

+ WebDiscover is mostly installed through other programs as an opt-out. This means that most users did not want to install this browser, and + were tricked into doing it by other software's installer programs. For example^[2]: +

+ [1] [2] [3] [4] + [5] [6] [7] [8] + [9] [10] +

WebDiscover collects a large amount of information about its users

+According to its privacy policy^[1], WebDiscover collects the following information about its users as its browser is downloaded and used: +

Web Browser type
Operating System type and version
Domain Name
Browser version
Browser usage and statistics

+Some of this information is typical of the kind of info that is collected by developers who write programs that phone +home using the HTTP protocol. However, WebDiscover also collects the following information about it's users which is +more concerning: +

+ "We may collect Personal Data and Anonymous Data when you download the Browser. We may also collect Personal Data when you send us information or communications directly. “Personal Data” means data that allows someone to identify or contact you including, without limitation, your name, physical address, electronic mail (email) address, phone number, and credit card information (collectively, your “Personal Data”) for the purposes of recording the transaction when you engage in activities on the Site or through use of the Browser." + ^[1]

+ So, WebDiscover will profile your computer, and WebDiscover Media will use every oppotunity they get to collect + information about you. +

WebDiscover sells information about it's users

+ In this quote from the privacy policy: +

+ "We may share Anonymous Data with selected third parties and business partners..." +

+ Confirming that the information that WebDiscover collects about you will be sold to advertisers. +

WebDiscover uses your personal information in a malcious way

+ WebDiscover sells your information to advertising companies that will send you junk mail seperately from + WebDiscover's discretion- it also DOES NOT comply with requests to stop contact, and requires you to seperately + request each company that it has sold your information to, to stop contacting you. I didn't check if they would comply + with those requests or not. The following quotes from the privacy policy should explain this: +

+ "To opt-out of having future third-party marketing communications sent to you, you will be required to unsubscribe with the applicable third party providers. Despite your request to no longer receive future newsletters or promotional and marketing communications from us, we reserve the right to continue to send you notices of any updates to the Browser, our Software End User License Agreement, and our Privacy Policy." + ^[1]

+ WebDiscover also claims that anyone who acts in a way that "damages the reputation" of their company will have all of the + personal information that WebDiscover has collected about them disclosed to any party at their discretion. +

+ "If we determine, in our sole discretion, that you have engaged in conduct which might be considered, unlawful, fraudulent, or which might harm or damage the reputation or standing of WebDiscover Media with either the general public or with a business partner or potential business partner of WebDiscover Media, we reserve the right to release your Personal Information to such persons or third parties as we consider necessary in order to prevent you from causing injury to, or otherwise injuring or interfering, now or in the future, with WebDiscover Media' rights, property or operations or otherwise the rights, property or operations of anyone else who could be harmed by such conduct." + ^[1]

+ Which is basically threatening their users that they will use the information they collect to dox anyone who says bad things about their software. + This is possibly the most anti-user statment that I have read in a privacy policy. +

Phoning Home

When WebDiscover is started, it will begin making requests to this domain:

ec2-54-191-159-75.us-west-2.compute.amazonaws.com

+ This is presumably how it collects a lot of the personal information about its users. + This was discovered using Microsoft Network Monitor 3.4. +

Sources

+ 1. + WebDiscover Privacy Policy + [web.archive.org] + [archive.is]
+ 2. + WebDiscover removal instructions + [archive.is]
+

+ This article was last edited on 8/4/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/yahoo.html b/articles/yahoo.html new file mode 100644 index 0000000..a2c7506 --- /dev/null +++ b/articles/yahoo.html @@ -0,0 +1,75 @@ + + + + + + Spyware Watchdog + + +

Yahoo! Search

Back to catalog

+Yahoo! search is a search engine made by Yahoo. +

Spyware Level: EXTREMELY HIGH

+Yahoo! search is integrated into the Oath spyware ecosystem, which is a merger between Yahoo and AOL. When you use Yahoo! Search, your +internet history is sent to Oath, and Oath will track you across the internet. This tracking is then sold to advertisers. The Oath Privacy Policy makes it difficult to know which parts of it refer to Yahoo! search, and which parts of it refer to other Oath services, so it's difficult to quantify the extent of data collection done by Yahoo! search specifically. (combining privacy policies is a common tactic to obfusicate privacy information) +

+ It's important to notice that this is just scratching the surface at the extent of spying that the Oath + spyware platform does to it's users, and only includes information collection aspects of the Oath spyware platform that could be reasonably attributed to Yahoo! search. +

Integration into the "Yahoo Account" spyware platform and tracking internet history

+Yahoo's privacy policy is actually called the "Oath" privacy policy, so it's not as simple to find. Yahoo search +is integrated into the "Yahoo Account" spyware platform, which shares all of the information it collects with it's parent company, Oath, including your browsing history. When you have an account connected to Oath, which would be an AOL account or a Yahoo account, your internet history is colleted and associated with a unique user identity obtained through browser fingerprinting.^[1] +

+ It's important to notice that this information will be collected whether you are signed in or not. The Oath Privacy Policy makes it clear that + they fingerprint your computer and so can uniqley identify you no matter what. What is probably happening is that Yahoo will fingerprint your + use of it's services, so that you will be tracked through your usage of them, whether you have an account or not. +

Tracking users

+ The Oath Privacy Policy makes a lot of statements about how it tracks it's users across their devices and across the internet: +

+ "We collect information from your devices (computers, mobile phones, tablets, etc.), including information about how you interact with our Services and those of our third-party partners and information that allows us to recognize and associate your activity across devices and Services. This information includes device specific identifiers and information such as IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data."^[1] +

Selling user information to advertisers

+ The Oath privacy policy clearly states that the information it collects from you is shared with advertisers: +

+ "We may recognize your devices to provide you with personalized experiences and advertising across the devices you use." + ^[1]

+ "We also may use the information we have about you for the following purposes: ...
+ Help advertisers and publishers connect to offer relevant advertising in their apps and websites.....
+ Match and serve targeted advertising (across devices and both on and off of our Services) and provide targeted advertising based on your device activity, inferred interests and location information....
+ Create analytics and reports for external parties, including partners, publishers, advertisers, apps, third-parties and the public regarding the use of and trends within our Services and ads, including showing trends to partners regarding general preferences, the effectiveness of ads and information on user experiences...." + ^[1]

+ A LOT more could be written but this is probably enough to understand that Yahoo! search is spyware. If you want any more, the privacy policy should speak for itself. +

Sources

+ 1. + Welcome to the Oath Privacy Center + [web.archive.org] + [archive.is]
+

+ This article was last edited on 8/3/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/articles/youtube.html b/articles/youtube.html new file mode 100644 index 0000000..ee7192f --- /dev/null +++ b/articles/youtube.html @@ -0,0 +1,96 @@ + + + + + + Spyware Watchdog + + +

YouTube

Back to catalog

+YouTube is an American video-sharing website headquartered in San Bruno, California. It is owned by Google. +

Spyware Level: EXTREMELY HIGH

+Google’s business strategy with Youtube relies on tracking user’s device identifiers, location, search history, IP addresses and other personally identifying data to provide to advertisers. Google discloses in their Youtube privacy policy that it collects many types of personal information, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services.^[1] +

Integration with Google Tracking

+YouTube is integrated with Google’s suite of advertising technologies and services, including AdWords, DoubleClick, and Google Preferred. DoubleClick is “an advertising serving and tracking company that uses web cookies to track browsing behavior online by their IP address to deliver targeted ads. Other DoubleClick ad technologies used to target YouTube users include the Campaign Manager, which helps advertisers “identify, locate and understand your customers, wherever they are.”^[2] +

+ You can find that Google operates tracking domains active on the Youtube page, “pubads.g.doubleclick.net” and “googleads.g.doubleclick.net” in addition to three cookies requested by *.youtube.com. Youtube serves a particular tracking cookie, “VISITOR_INFO1_LIVE” in order to continue monitoring users that have signed out of their account and to continue serving recommended videos related to that session. Of course, while you are logged in to any Google service, Google can track you with absolute precision. ^[3] +

+The Youtube app for android additionally uses the Google Firebase Analytics tracker which provides methods for logging events and setting user properties. The full app report finds that the Youtube app employs three trackers and requires 33 permission, 14 of which are considered dangerous such as access to the the user’s location and contacts. +^[4]^[5] +

Taking down more private alternatives

+ For some time, a popular Youtube tracking sanitizer, Hooktube.com was a useful resource for accessing Youtube videos without being subjected to Google’s surveillance techniques in full. Hooktube was also useful for circumventing region blocking. However, Google, not to be stopped in their spying endeavors, served Hooktube’s operators with a cease and desist over their use of the Youtube API. Hooktube was effectively forced to use Youtube’s official embedded player if they wished to continue to operate, nullifying Hooktube as a viable means for privately viewing Youtube content.^[6]^[7] +

Youtube Requires non-free JavaScript

+ It is also worth noting that, in order to function, Youtube requires visitors to run non-free JavaScript. As with any proprietary software, these programs can be doing just about anything with almost no way to determine exactly what.^[10] For example, there has been some speculation as to whether Youtube’s compulsory JavaScript might be useful for Youtube to track your device’s unique MAC address. ^[8]^[9] +

+ All that said, it would be wise to avoiding using any of Google’s services. If you must access Youtube, we recommend doing so through one of the remaining sanitizers such as Invidious (https://www.invidio.us). +

Credits

+ This reveiew was written by Alia Sarmor.
+ Formatting changes were done by the site maintainer. +

Sources

+ This article was created on 9/10/2018
+ This article was laste updated on 12/12/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/contact.html b/contact.html new file mode 100644 index 0000000..ceccd76 --- /dev/null +++ b/contact.html @@ -0,0 +1,16 @@ + + + + + + Spyware Watchdog + + +

Contact

+ My E-Mail is spyware@aaathats3as.com
+ My XMPP is spyware@openxmpp.org
+

+ + + diff --git a/extra.html b/extra.html new file mode 100644 index 0000000..a696d71 --- /dev/null +++ b/extra.html @@ -0,0 +1,26 @@ + + + + + + Spyware Watchdog + + +

Extras Page

+ This page is for content on the site that doesn't belong anywhere else. +

Fan Made Pins

+ These pins were created by fans of the site for linking to pages on the site. They're pretty cool, so I thought I would host them. You can download the ones you want + for your website here: +

+ You can also visit the creator's websites:
+ https://floppys-lounge.neocities.org/
+ https://computerdemons.neocities.org/
+

+ + diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 0000000..d675995 Binary files /dev/null and b/favicon.ico differ diff --git a/guides/articles.html b/guides/articles.html new file mode 100644 index 0000000..f517bcd --- /dev/null +++ b/guides/articles.html @@ -0,0 +1,88 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project - Contribution Guide

Back to Home

+ +

+ This guide is to share how these articles are written for readers of this website who want to contribute to it + but don't know how, or would like some resources on how to write these articles. So, it should help ease the burden + of writing new articles for writers who don't know about things that can make the articles easier to write and more + accurate. +

+ +

Common Privacy Policy Pitfalls

+ +

+ Lots of software today contains a privacy policy - and a great starting point for understanding how a program invades your privacy + is to read the privacy policy so that you know what kinds of things the developers admit that the software does. However it is a + big mistake to take a privacy policy by its word, as many privacy policies are obfusicated, omit information, or lie. There are + several common pitfalls that most privacy policies are guilty of: +

+ +

Organization-Wide Privacy Policies

+ +

+ This is a common obfusication tactic that many organizations use when writing privacy policies (if you want to give them the + benefit of the doubt, it could be laziness). Instead of writing a privacy policy that explains what kind of information is + being collected about you for each individual software, a privacy policy is written for all of the software that that company + produces and operates. This obviously makes it very hard to find out what one particular software does, and it means that + understanding the privacy policy and how it applies to the software you are trying to find information about will take longer + and will rely on more speculation because of how uncertain the information is. +

+ +

"We aren't spyware so we dont need a privacy policy"

+ +

+ This category is where it's more difficult: programs that are not spyware do not have privacy policies- they don't need them if they + dont violate your privacy. This is OK but there is a category of programs that do not contain privacy policies but still have privacy + concerns. You can't take a developers word that their program is not spyware: you have to actually run the program and inspect any kind + of packets it sends out and what features it has. A lot of people have a lot of diffrent ideas about what is and isnt spyware- so you + might have a developer who thinks that phoning home, etc, isn't a privacy issue that they need to make their users aware of. +

+ +

Outdated/Inaccruate Privacy Policies

+ +

+ Some privacy policies are very outdated and report privacy violations in the program that dont exist anymore, or fail to report new privacy + violations, just because the developer of the software cannot be bothered to keep his privacy policy up to date. In this case such a + privacy policy should be heavily criticized because it shows that the developer cannot properly communicate to his users the privacy implications + of installing his software. So it's really like rolling the dice... who knows what the program will actually do? It's like not having a + privacy policy at all, except worse, because it can fool people into thinking that the program does things that it doesn't do. +

+ +

+ Ultimately the take away is that privacy policies are meaningful, but they also can't be the only thing to prove a program's innocence. + You have to verify all of the claims made on a privacy policy, and if you can't, you have to doubt them. When a privacy policy is not + enough to make a final decision, you need to use other methods of finding privacy issues in the program. +

+ +

Checking a program with MITMproxy

+ +

+ Ultimately the only way to prove and discover what a program is actually doing to invade your privacy is to look at what kinds of + network activity it is doing when you run it. A great guide is written about how you can check a program's network activity with + MITMproxy to discover spyware by a writer for this site who has written many of the articles on here. It's linked right here: +

+ Lifting the veil - how to test browsers for spyware. + +

Citing Sources

+ +

+ Sources should be cited at the bottom of the article as a list of links, with links to archived versions of these links next to them. + There should be at least two archive links, from two diffrent archiving services, but ideally you should provide alterante links to as many + archives as you can. If you can't find an archived version of the page you want to save on a service that allows you to submit a link for + archiving, you should submit it and use that. That being said, there is a useful online service that lets you find archived links + by searching multiple archive sources for links. http://timetravel.mementoweb.org/ will usually + automate the process of finding all of these archive links and make citing sources much easier- but it's still important to update web.archive.org + and archive.is copies of these links. +

+ + + + diff --git a/guides/classify.html b/guides/classify.html new file mode 100644 index 0000000..76e5897 --- /dev/null +++ b/guides/classify.html @@ -0,0 +1,52 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project - Spyware Classification Guide

Back to Home

This page needs to be re-written should be disregarded for now

+This guide specifies how the articles on this website classify programs as spyware, and assign scores. Programs given an amount of points for every spyware feature that the program contains and every spyware criteria that the program meets. It is important to note that not every feature and critera is proof that a program is spyware, but proof that the program could be spywre. Since we are holding all programs in contempt, programs that might not be spyware, but cannot be proven to not be spyware, are given spyware scores above 0 (not spyware) until they can be proven to not be spyware. If you want to amend/change this document, please follow the instructions in the FAQ. +

+This guide is written in a format where the name of each spyware feature or critera and the number of points given from containing said feature or meeting said critera is written in a header, and then a short description explaining why this feature or criteria is a spyware feature or criteria; and justifying the score given. There are diffrent severities of data collection or potential data collection, so it is important to outline how many points should be given for each type of feature. This document starts out by explaining what types of spyware criterias or features are given what scores, and then lists actual features and criterias and their classifications. +

Types of Spyware Features and Criterias and their scores

Low Potential For Data Collection - 1

Potential For Data Collection - 2

High Potential For Data Collection - 3

+The Spyware Feature or Criteria does not prove that data collection is happening, but proves that we cannot prove that data collection is not happening. The creators of the software have created spyware programs in the past and/or there is evidence that there may be or is a data collection feature inside of their program, but they have claimed that their software is not using this feature. An example is a known data collection feature in a program that the creators of the program have claimed is no longer active, but have not proven that said feature is no longer active. Another example is software creators who do not claim to include spyware features in their programs, but have failed to disclose spyware features in past programs that they have created. +

Normal Potential Amount of Possible Data Collection - 3

+The Spyware Feature or Criteria proves that data collection is possible, in the normal way. I thought about creating a classification "Low Potential Amount of Possible Data Collection", but I realized that such sandboxed programs simply do not exist in today's userlands. The program has access to all availible files in the user's file system, enumeration of the hardware, access to the keyboard and mouse input, and any other input from other peripherals, as well as the enumeration of these peripherals, and access to the internet. The program has access some or all of these and has no access to anything described in "High Potential Amount of Possible Data Collection", and we are unable to prove that the program will never record and report information using this access. +

High Potential Amount of Possible Data Collection - 10

+The Spyware Feature or Criteria proves that the program may be accessing an elevated amount of features that normal programs are unable to access. The program may require or ask the user to run it as a superuser (i.e. the program must be run as "root" on Unix-based systems and as "Administrator" on Windows-based systems). The program may install a kernel module or otherwise run in security levels higher than userspace, such as "ring 0". +

Confirmed Low Amount of Data Collection - 5

+The Spyware Feature or Criteria proves that the program is collecting a small amount of information on the user. This information may be information that the user might want to share. For example, a user might want to use a program to provide credentials to an online service, like a client to a subscription based video game. This means that the user's login activity is being collected by the creators of the program. This is different from client software where the user is giving credientials to people who are probably not the creators of the program, like an e-mail client. +

Confirmed Medium Amount of Data Collection - 15

+The Spyware Feature or Criteria proves that the program is collecting an substantial amount of information on the user. This information can include but is not limited to hardware profiles, e-mail addresses, fingerprinting, and basic usage information. This is generally known as "telemetry", which is a more sanitized term people use to refer to spyware. +

Confirmed High Amount of Data Collection - 25

+The Spyware Feature or Criteria proves that the program is collecting a high amount of information on the user. This information can include but is not limited to keylogging, screen capture or any form of screen recording, chat logs, search history, webcam access, filesystem scanning and/or profiling, and recording information from the microphone. +

+ + \ No newline at end of file diff --git a/guides/faq.html b/guides/faq.html new file mode 100644 index 0000000..ec68778 --- /dev/null +++ b/guides/faq.html @@ -0,0 +1,82 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project - Frequently Asked Questions

Back to Home

What is spyware?

+Spyware is a classification of programs which collect information about their users. Any program which collects any kind of information about its users is spyware. Programs are held in contempt (guilty until proven innocent) when evaluating spyware features. Spyware features include but are not limited to unavailable source code, telemetry of any kind, presistent user identities, network connectivity, and information collection on users, such as asking for a telephone number. +

How does this website classify spyware?

+At a glance, this website will give spyware programs a spyware rating and then a summary of why it has that rating, followed by a detailed rationale for giving the program that rating. The ratings that are present on the website right now are: +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Spyware Rating	Category Rationale
EXTREMELY HIGH	Reserved for the most invasive spyware programs, that collect the most amount of data, and the most sensitive data, with no opt-out's. These programs should be avoided entirely.
High	For spyware that collects high amounts of data, but doesn't collect as much data, or data that is as important as the worst spyware out there.
Medium	For spyware that collects some data, but is transparent and doesn't collect a lot of data, or any important data. You should be able to disable all spyware features for a program to get this rating.
Low	For software that has some form of data collection that is extremely limited.
Potential Spyware	For software that cant be proven to be not spyware, and have red flags that make them suspicious without definite proof of spying.
Probably not Spyware	For software that doesnt seem to be spyware, but can't be absolutely proven to not be spyware.
Not Spyware	For software that completely respects the privacy of its users.
Not Rated	For software that has an article, but does not have a complete article. The color of the text indicates what spyware score the incompelte article is leaning towards.

How do I support this website?

+You can support this website by submitting or translating articles and referring to articles already on the site to other people in your regular internet discussions. This will encourage other people to read this website and contribute to this website as well. You can also encourage your friends or other people online that you are aquainted with to use and submit articles to this website. As more people submit and refer to the content here, this website will become much better. +

How do I submit articles to this website?

+Articles can be submitted by emailing me at spyware@aaathats3as.com. Any article that is submitted must follow the article style guide and the spyware criteria guide correctly to be accepted into the website. If you want to make changes to an article please download and edit that article, and resubmit your version of the article in an email, explaining what the changes are and why you made those changes. If your version of the article is conforming to the article style guide and spyware criteria guide and has justified changes it will be accepted as a replacement to the previous article. Your submissions will be manually reveiwed and added to the website at this time. I will reply to all submissions explaining if the submission was accepted or not, and if the submission was declined, why it was declined. +

What language do the submissions need to be in?

+Any language should be fine. Currently there are only English and Spanish articles on the site, but it doesn't matter what language you want to submit articles in. +

I want to amend/change the style guide and/or the spyware classification guide.

+Send an email to me at spyware@aaathats3as.com with a new version of the guide in question, detailing the changes you have made and the reasons for these changes. If I agree with these changes then I will either replace the current document(s) with your version(s) or edit the document(s) myself to incorporate the new ideas, and send you a follow-up email explaining what I did. If I disagree with you, I will send you an email explaining why I don't want to amend/change the guide(s) in such a way. +

Spyware and Software Licensing

+To be able to know if a program has absolutely no spyware features, you have to be able to compile it from source- it does not need to meet any of the other requirements that it would need to meet to be called "Free Software" or "Open Source Software" according to the definitions of the FSF or OSI. So, I don't like to use the words "Free Software" or "Open Source Software" on my website because it implies that a program needs to meet all of the requirements set by those organizations to be called "Free" or "Open" for spyware concerns to be alleviated. If you can compile it from source, that is the only thing needed. +

+Although, I don't want to say that just because a program allows you to compile it from source, it isn't spyware. It just ensures that you can be aware of all spyware features, and that there is no spyware hidden inside of a binary blob. Also, programs that do not distribute their sources can be analyzed even though they are only dstributed as binaries, which is in fact how we know about some of the more underhanded spyware features that Steam and Discord have, for example. +

+ + + diff --git a/guides/firefox.html b/guides/firefox.html new file mode 100644 index 0000000..6e1ed15 --- /dev/null +++ b/guides/firefox.html @@ -0,0 +1,277 @@ + + + + + + Spyware Watchdog + + + +

Mozilla Firefox Spyware Mitigation Guide

+ Back to Home
+ Back to Firefox +

+ After configuring Mozilla Firefox according to this guide it's rating changes like so: +

Spyware Rating: High => Not Spyware

+ Before beginning this guide it is important that you try and cross-reference it with other guides, + to see which prespective on this topic is the best way to do it for you. At the bottom of the page are links + to other guides and projects like this one. You should strongly consider this as + you may find other guides more useful than this one. +

+ Mozilla Firefox has a huge amount of spyware features, but they all can be disabled by using predefined profile settings. + To do this you need to create new Firefox profile: +

Run firefox -no-remote -ProfileManager
Create a new profile
Exit.

+ Then open your Firefox user profiles directory. It should be located at: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

OS	Path
Windows 7	`%APPDATA%\Mozilla\Firefox\Profiles\XXXXXXXX.your_profile_name`
Linux	`~/.mozilla/firefox/XXXXXXXX.your_profile_name`
OS X	`~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name`
Android	`/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name`
Sailfish OS + Alien Dalvik	`/opt/alien/data/data/org.mozilla.firefox/files/mozilla/XXXXXXXX.your_profile_name`
Windows (portable)	`[firefox directory]\Data\profile\`

+ Delete everything from the new profile and create in this folder "user.js" file with such content:
+ + user_pref("network.connectivity-service.enabled", false); + user_pref("browser.startup.homepage", "about:blank"); + user_pref("browser.newtabpage.enabled", false); + user_pref("browser.newtab.preload", false); + user_pref("browser.search.geoip.url", ""); + user_pref("app.update.enabled", false); + user_pref("extensions.update.enabled", false); + user_pref("app.update.auto", false); + user_pref("extensions.update.autoUpdateDefault", false); + user_pref("app.update.service.enabled", false); + user_pref("app.update.staging.enabled", false); + user_pref("app.update.silent", false); + user_pref("extensions.getAddons.cache.enabled", false); + user_pref("lightweightThemes.update.enabled", false); + user_pref("browser.search.update", false); + user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); + user_pref("dom.ipc.plugins.reportCrashURL", false); + user_pref("extensions.getAddons.showPane", false); + user_pref("extensions.webservice.discoverURL", ""); + user_pref("toolkit.telemetry.unified", false); + user_pref("toolkit.telemetry.enabled", false); + user_pref("toolkit.telemetry.server", "data:,"); + user_pref("toolkit.telemetry.archive.enabled", false); + user_pref("toolkit.telemetry.cachedClientID", ""); + user_pref("toolkit.telemetry.newProfilePing.enabled", false); + user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); + user_pref("toolkit.telemetry.updatePing.enabled", false); + user_pref("toolkit.telemetry.bhrPing.enabled", false); + user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); + user_pref("toolkit.telemetry.hybridContent.enabled", false); + user_pref("datareporting.healthreport.uploadEnabled", false); + user_pref("datareporting.policy.dataSubmissionEnabled", false); + user_pref("breakpad.reportURL", ""); + user_pref("browser.tabs.crashReporting.sendReport", false); + user_pref("browser.crashReports.unsubmittedCheck.enabled", false); + user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); + user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); + user_pref("browser.aboutHomeSnippets.updateUrl", "data:,"); + user_pref("browser.chrome.errorReporter.enabled", false); + user_pref("browser.chrome.errorReporter.submitUrl", ""); + user_pref("extensions.blocklist.enabled", false); + user_pref("extensions.blocklist.url", ""); + user_pref("services.blocklist.update_enabled", false); + user_pref("services.blocklist.onecrl.collection", ""); + user_pref("services.blocklist.addons.collection", ""); + user_pref("services.blocklist.plugins.collection", ""); + user_pref("services.blocklist.gfx.collection", ""); + user_pref("browser.safebrowsing.malware.enabled", false); + user_pref("browser.safebrowsing.phishing.enabled", false); + user_pref("browser.safebrowsing.downloads.enabled", false); + user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); + user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); + user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); + user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); + user_pref("browser.safebrowsing.provider.google.updateURL", ""); + user_pref("browser.safebrowsing.provider.google.gethashURL", ""); + user_pref("browser.safebrowsing.provider.google4.updateURL", ""); + user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); + user_pref("browser.safebrowsing.downloads.remote.enabled", false); + user_pref("browser.safebrowsing.downloads.remote.url", ""); + user_pref("browser.safebrowsing.provider.google.reportURL", ""); + user_pref("browser.safebrowsing.reportPhishURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportURL", ""); + user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); + user_pref("browser.safebrowsing.allowOverride", false); + user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); + user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); + user_pref("browser.safebrowsing.blockedURIs.enabled", false); + user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); + user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); + user_pref("network.allow-experiments", false); + user_pref("app.normandy.enabled", false); + user_pref("app.normandy.api_url", ""); + user_pref("app.shield.optoutstudies.enabled", false); + user_pref("shield.savant.enabled", false); + user_pref("extensions.systemAddon.update.enabled", false); + user_pref("extensions.systemAddon.update.url", ""); + user_pref("browser.ping-centre.telemetry", false); + user_pref("extensions.pocket.enabled", false); + user_pref("browser.library.activity-stream.enabled", false); + user_pref("extensions.screenshots.disabled", true); + user_pref("extensions.screenshots.upload-disabled", true); + user_pref("browser.onboarding.enabled", false); + user_pref("extensions.formautofill.addresses.enabled", false); + user_pref("extensions.formautofill.available", "off"); + user_pref("extensions.formautofill.creditCards.enabled", false); + user_pref("extensions.formautofill.heuristics.enabled", false); + user_pref("extensions.webcompat-reporter.enabled", false); + user_pref("network.prefetch-next", false); + user_pref("network.dns.disablePrefetch", true); + user_pref("network.dns.disablePrefetchFromHTTPS", true); + user_pref("network.predictor.enabled", false); + user_pref("captivedetect.canonicalURL", ""); + user_pref("network.captive-portal-service.enabled", false); + user_pref("browser.send_pings", false); + user_pref("browser.send_pings.require_same_host", true); + user_pref("network.protocol-handler.external.ms-windows-store", false); + user_pref("network.predictor.enable-prefetch", false); + user_pref("network.trr.mode", 0); + user_pref("network.trr.bootstrapAddress", ""); + user_pref("network.trr.uri", ""); + user_pref("network.file.disable_unc_paths", true); + user_pref("browser.search.suggest.enabled", false); + user_pref("browser.urlbar.suggest.searches", false); + user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); + user_pref("browser.urlbar.usepreloadedtopurls.enabled", false); + user_pref("browser.urlbar.speculativeConnect.enabled", false); + user_pref("security.ssl.errorReporting.automatic", false); + user_pref("security.ssl.errorReporting.enabled", false); + user_pref("security.ssl.errorReporting.url", ""); + user_pref("dom.push.enabled", false); + user_pref("dom.push.connection.enabled", false); + user_pref("dom.push.serverURL", ""); + user_pref("dom.push.userAgentID", ""); + user_pref("beacon.enabled", false); + user_pref("browser.uitour.enabled", false); + user_pref("browser.uitour.url", ""); + user_pref("permissions.manager.defaultsUrl", ""); + user_pref("webchannel.allowObject.urlWhitelist", ""); + user_pref("browser.startup.homepage_override.mstone", "ignore"); + user_pref("startup.homepage_welcome_url", ""); + user_pref("startup.homepage_welcome_url.additional", ""); + user_pref("startup.homepage_override_url", ""); + user_pref("media.gmp-gmpopenh264.autoupdate", false); + user_pref("browser.shell.shortcutFavicons", false); + user_pref("media.gmp-eme-adobe.autoupdate", false); + user_pref("media.gmp-manager.url", "data:text/plain,"); + user_pref("media.gmp-manager.url.override", "data:text/plain,"); + user_pref("media.gmp-manager.updateEnabled", false); + user_pref("media.gmp-widevinecdm.autoupdate", false); + user_pref("devtools.webide.autoinstallADBHelper", false); + +

+ If you want to disable OCSP as well, you should also add this to your user.js. These settings are seperated + because while OCSP is a privacy breach it is also a security feature, and so whether to have it on or off should + be thought about before continuing. You can read about OCSP here: + https://scotthelme.co.uk/revocation-is-broken/ + [web.archive.org] . The problem is, that OCSP is a form of phoning home, and you might not want to make those requests. +


+  user_pref("security.ssl.enable_ocsp_stapling", false);

+  user_pref("security.OCSP.enabled", 0);

+  user_pref("security.OCSP.require", false);

+

+ With this installation method, if you change any of user.js settings through about:config or Firefox preferences dialogs, + they will be reset to the user.js defined values after you restart Firefox. + This makes sure they're always back to secure defaults when starting the browser. + At the end you need to delete several default plugins in Firefox directory at \Mozilla Firefox\browser\features\ that can violate privacy: +

firefox@getpocket.com.xpi - Pocket
followonsearch@mozilla.com.xpi - Follow On Search
activity-stream@mozilla.org.xpi - Activity Stream
screenshots@mozilla.org.xpi - Screenshots
onboarding@mozilla.org.xpi - Onboarding
formautofill@mozilla.org.xpi - Autofill
webcompat@mozilla.org.xpi - Web Compatibility Reporter

+ +

+ It is highly recommended to also check other user.js template settings from ongoing "ghacks-user.js project"^[1] for further hardening Firefox privacy, security and anti-fingerprinting. +

+ +

Other Guides

+These are other guides and projects to help protect your privacy using Firefox. It's important to look at +other prespectives instead of reading JUST this guide. So you should be comparing all of the +guides that you can find to hear everyone's ideas about how this should be done, before you +finish setting Firefox up. Librefox is less of a guide and more of a project and series of tools and settings +you can download to help you make Firefox private. +

+ Firefox: Privacy Related "about:config" Tweaks + [web.archive.org] + [archive.is]
+ Firefox Privacy – The Complete How-To Guide + [web.archive.org] + [archive.is]
+ Librefox: Firefox with privacy enhancements + [web.archive.org] + [archive.is]
+

Sources

+ 1. + ghacksuserjs/ghacks-user.js + [web.archive.org] + [archive.is] +
+ +

+ This guide was created on 10/8/2018
+ This guide was last updated on 12/26/2018 +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + \ No newline at end of file diff --git a/guides/iridium.html b/guides/iridium.html new file mode 100644 index 0000000..ef62cba --- /dev/null +++ b/guides/iridium.html @@ -0,0 +1,36 @@ + + + + + + Spyware Watchdog + + +

Iridium Browser Spyware Mitigation Guide

+ Back to Home
+ Back to Iridium +

+ After configuring Iridium according to this guide it's rating changes like so: +

Spyware Rating: Low => Not Spyware

+ Iridium only has one spyware feature, so the only thing that needs to be removed is google safebrowsing. + You have to turn off your internet connection or otherwise stop Iridium from connecting to the internet + while you turn it off, so it doesn't make any requests before you opt-out. Then uncheck "protect you and + your device from dangerous sites" in the advanced settings menu. +

disabling safebrowsing from the advanced settings menu

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/guides/palemoon.html b/guides/palemoon.html new file mode 100644 index 0000000..9fed2b6 --- /dev/null +++ b/guides/palemoon.html @@ -0,0 +1,77 @@ + + + + + + Spyware Watchdog + + +

Pale Moon Browser Spyware Mitigation Guide

Back to Home
+ Back to Palemoon +

+ After configuring Pale Moon according to this guide it's rating changes like so: +

Spyware Rating: Medium => Not Spyware

+ The first thing to do, after you have downloaded Pale Moon, is to turn off your internet connection. Then + install the browser and change the homepage to something else. In the "options" dialog: +

+ The next step is to disable update checking, you can do that like this: +

+ Finally, these settings should be changed in about:config: +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Spyware Feature	about:config flag	about:config value
Addon Blocklist	extensions.blocklist.enabled	False
OCSP querying	services.sync.prefs.sync.security.OCSP.enabled	False
OCSP querying	security.OCSP.GET.enabled	False
OCSP querying	security.OCSP.require	False
OCSP querying	security.OCSP.enabled	0
Geolocation	geo.enabled	False

+ +

+ If you want to edit this article, or contribute your own article(s), email me at spyware@aaathats3as.com. All contributions must be liscenced under the CC0 liscence to be accepted. +

+ + + diff --git a/guides/responses.html b/guides/responses.html new file mode 100644 index 0000000..82cff32 --- /dev/null +++ b/guides/responses.html @@ -0,0 +1,128 @@ + + + + + + Spyware Watchdog + + +

Answers To Common Criticisms Of This Website

+Sometimes I read criticisims of this website online, where the author finds a reason +to "debunk" or otherwise invalidate (to them) the concerns or evidence that is brought +up in the articles on this website, when this criticisim does not actually invalidate or +debunk what is discussed in the articles on the website. So, I thought it would be +useful to write a page that lists common criticisims of the website and an adequate +response to each type of criticisim. Please understand that this page is not meant to +write off people who have serious criticisms, and of course if you email me with those +you can exect a serious answer back. +

"I know that the program does this!"
"I'm OK with these spyware features!"
"I don't agree with your definition of Spyware!"
"Lots of people use this software!"
"The developers had a reason to add this feature!"
"I can disable this feature!"

+ +

"I know that the program does this!"

+ This criticisim is probably the simplest kind: that because such a spyware feature is + known about a program, that this criticisim of the spyware feature is no longer valid. +

+ The obvious response is that just because you KNOW that a program does something doesn't + validate what it is doing or sheild it from criticisim. If you KNOW a program is spying on + you, that doesn't change anything about the situation or make it less of a problem. Just + because you know that a program can do certain things also doesn't mean that other people + know these things too, like someone who has not used the program before and is using the + articles on this website to evaluate whether he should use that program or not. +

+ +

"I'm OK with these spyware features!"

+ This criticisim acknowledges the features of the program as spyware, but then claims that + because the critic is okay with using a spyware program, that the criticisims of the program + in the article are no longer valid. +

+ But just because you are OK with using spyware, doesn't mean that everyone else is OK with + that. The articles on this website can only say: "This is what the program is doing.". And, + it's up to you if you're OK with that or not. Being OK with using spyware might invalidate + the criticisims of the spyware for you as an individual. But it doesn't invalidate it for + anyone else who might think diffrently about using spyware. +

+ +

"I don't agree with your definition of Spyware!"

+ +

+ This criticisim disagrees in the articles labeling of the program as spyware, but doesn't talk + about the actual spyware feature in question, just the label assigned to that feature. +

+ The point of the articles are not really the Spyware label that it assigns to everything, but + rather to raise awareness of features that can be used to invade user privacy. Even if the + definition of spyware that this website uses is wider than someone elses definition, that + doesn't change the facts about what is happening: it just changes the label we use to describe + those facts. Instead of thinking about "Is this Spyware?", we should consider: "Is this OK?" +

+ +

"Lots of people use this software!"

+ This criticisim states that because so many people use the software being criticised, that it + is safe to use and is not spyware. +

+ This is a very obvious appeal to popularity fallacy- as if the collective "Trust" (ignorance) + of a massive userbase changes the facts about what a program is doing to its userbase. The + existence of a massive userbase of course changes nothing about the facts about what such a + program is actually doing, and what information it is actually collecting. +

+ +

"The developers had a reason to add this feature!"

+ This criticisim states that because the developers of the software in question had a reason to + add a spyware feature, that this makes the spyware feature okay. +

+ The question here is whether spyware can be justified by a "really good reason". How else will the + developer have feature X without it, after all? To anyone who is concerned with their privacy, the answer to + this is an obvious NO. Just because there are (spyware) features that can be implemented into a program that + require the exposure of user information, this does not justify their implementation into any program. +

+ It's also important to notice that a lot of spyware features are designed in a way where they collect more information + than they need to collect in order to function. In fact, a lot of these features could function without spying on the + user! So a lot of the time it's not even a feature that NEEDS spyware to function that is being criticized. + Lots of developers come up with reasons to implement features into their program that collect way more information + than needed, either innocently or maliciously, both should be critcized. +

+ +

"I can disable this feature!"

+ This criticisim states that because the software can be configured so that the spyware feature being criticised in the + article is disabled, that this criticisim of the spyware feature is no longer valid. +

+ This is a very attractive criticisim, to say that it doesn't matter if a program comes with spyware as long as it can all be + disabled through configuration. The most important issue is that an opt-out is not acceptable, since it doesn't change the fact that the program does spy on a portion of its userbase that have not opted-out, and that the program is designed to collect information about its users. So even + if some minority of users opt-out from the spyware, it is still damaging the privacy of users who don't know about these spyware features. +

+ There are a few programs that make the privacy implications of certain features in their software prominent and clear, and make the way + to disable those features easy and accessible. But the vast majority of programs that allow an opt-out from certain spyware features do this in + a way that is not accesible to the vast majority of users, and the developers of these programs do not make an effort to explain to their users + the privacy implications of certain spyware features in their programs. So, even though, if you know how to do it, you can successfully opt-out, + that doesn't mean that the majority of users are capable of doing that too. +

+ Even if you can opt-out from certain features, the privacy concerned user won't be aware of many of these features until his privacy has already + been compromised, since most spyware found in modern programs is not explained in any prominent place for a user to understand before they begin + using the software. Lots of programs require the user to block the program from acessing the internet, for example, in order to disable all of the spyware, since to disable the spyware, you have to execute the program, but executing the program will also compromise your privacy... a totally + inadequate chicken-and-egg scenario. +

+ + + + diff --git a/guides/style.html b/guides/style.html new file mode 100644 index 0000000..f813eb9 --- /dev/null +++ b/guides/style.html @@ -0,0 +1,21 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project Article Style Guide

Back to Home

+This is a pretty old page, and I don't think it's linked anywhere on the site anymore. If you want a better style guide, look at /articles/example.html and try and +follow that in the spirit of this guide. +

+Articles should be submitted using only basic HTML features, and must include a link back to the article catalog at the top. The article should only contain information about why the software is spyware using the spyware classification guide as a reference. The article should list every spyware feature that the software includes and every spyware criteria that the software meets, and then describe in as much detail as neccessary how the spyware features work and what they do, as well as explain what level of contempt the ceators of the software should be held in based on past behaviors. Articles can include one 128 by 128 PNG image containing the logo of the software. Articles should be written with the example article as a refrence, so that all articles are uniform and easy to navigate. All articles should be submitted to spyware@aaathats3as.com for manual review. +

+ + + + diff --git a/images/1pw_logo.png b/images/1pw_logo.png new file mode 100644 index 0000000..f336b05 Binary files /dev/null and b/images/1pw_logo.png differ diff --git a/images/PowerISO7-x64_1.png b/images/PowerISO7-x64_1.png new file mode 100644 index 0000000..4ea2a4c Binary files /dev/null and b/images/PowerISO7-x64_1.png differ diff --git a/images/PowerISO7-x64_2.png b/images/PowerISO7-x64_2.png new file mode 100644 index 0000000..37bbebf Binary files /dev/null and b/images/PowerISO7-x64_2.png differ diff --git a/images/amd_logo.png b/images/amd_logo.png new file mode 100644 index 0000000..9199297 Binary files /dev/null and b/images/amd_logo.png differ diff --git a/images/bg.jpg b/images/bg.jpg new file mode 100644 index 0000000..ca001c9 Binary files /dev/null and b/images/bg.jpg differ diff --git a/images/bing_logo.png b/images/bing_logo.png new file mode 100644 index 0000000..2593b96 Binary files /dev/null and b/images/bing_logo.png differ diff --git a/images/blackbg.jpg b/images/blackbg.jpg new file mode 100644 index 0000000..41c0ead Binary files /dev/null and b/images/blackbg.jpg differ diff --git a/images/blocklist.png b/images/blocklist.png new file mode 100644 index 0000000..f7b942f Binary files /dev/null and b/images/blocklist.png differ diff --git a/images/brave_bat.png b/images/brave_bat.png new file mode 100644 index 0000000..9ec67c3 Binary files /dev/null and b/images/brave_bat.png differ diff --git a/images/brave_httpse.png b/images/brave_httpse.png new file mode 100644 index 0000000..c201bc7 Binary files /dev/null and b/images/brave_httpse.png differ diff --git a/images/brave_logo.png b/images/brave_logo.png new file mode 100644 index 0000000..d5db891 Binary files /dev/null and b/images/brave_logo.png differ diff --git a/images/brave_partners.png b/images/brave_partners.png new file mode 100644 index 0000000..e465492 Binary files /dev/null and b/images/brave_partners.png differ diff --git a/images/brave_piwik.png b/images/brave_piwik.png new file mode 100644 index 0000000..7044f98 Binary files /dev/null and b/images/brave_piwik.png differ diff --git a/images/cc0.png b/images/cc0.png new file mode 100644 index 0000000..ef92abb Binary files /dev/null and b/images/cc0.png differ diff --git a/images/ccleaner_logo.png b/images/ccleaner_logo.png new file mode 100644 index 0000000..01486dc Binary files /dev/null and b/images/ccleaner_logo.png differ diff --git a/images/ccleaner_privacy.png b/images/ccleaner_privacy.png new file mode 100644 index 0000000..bea37f8 Binary files /dev/null and b/images/ccleaner_privacy.png differ diff --git a/images/cdex_bundling.png b/images/cdex_bundling.png new file mode 100644 index 0000000..78ffbc1 Binary files /dev/null and b/images/cdex_bundling.png differ diff --git a/images/cdex_logo.png b/images/cdex_logo.png new file mode 100644 index 0000000..ec49e92 Binary files /dev/null and b/images/cdex_logo.png differ diff --git a/images/chrome_logo.png b/images/chrome_logo.png new file mode 100644 index 0000000..01b0425 Binary files /dev/null and b/images/chrome_logo.png differ diff --git a/images/ddg_logo.png b/images/ddg_logo.png new file mode 100644 index 0000000..83f94d7 Binary files /dev/null and b/images/ddg_logo.png differ diff --git a/images/discord government requests.png b/images/discord government requests.png new file mode 100644 index 0000000..5291dc9 Binary files /dev/null and b/images/discord government requests.png differ diff --git a/images/discord-no-way-2.gif b/images/discord-no-way-2.gif new file mode 100644 index 0000000..4ee8d64 Binary files /dev/null and b/images/discord-no-way-2.gif differ diff --git a/images/discord_2.png b/images/discord_2.png new file mode 100644 index 0000000..bc6a2c8 Binary files /dev/null and b/images/discord_2.png differ diff --git a/images/discord_data.png b/images/discord_data.png new file mode 100644 index 0000000..fc8385f Binary files /dev/null and b/images/discord_data.png differ diff --git a/images/discord_logo.png b/images/discord_logo.png new file mode 100644 index 0000000..2de8903 Binary files /dev/null and b/images/discord_logo.png differ diff --git a/images/discord_process_logging.png b/images/discord_process_logging.png new file mode 100644 index 0000000..801785b Binary files /dev/null and b/images/discord_process_logging.png differ diff --git a/images/discord_verify.png b/images/discord_verify.png new file mode 100644 index 0000000..0cc9079 Binary files /dev/null and b/images/discord_verify.png differ diff --git a/images/dissenter_ext_ph.png b/images/dissenter_ext_ph.png new file mode 100644 index 0000000..a30ebfe Binary files /dev/null and b/images/dissenter_ext_ph.png differ diff --git a/images/dissenter_logo.png b/images/dissenter_logo.png new file mode 100644 index 0000000..d55ebb7 Binary files /dev/null and b/images/dissenter_logo.png differ diff --git a/images/dissenter_phone_home_1.png b/images/dissenter_phone_home_1.png new file mode 100644 index 0000000..b1f83db Binary files /dev/null and b/images/dissenter_phone_home_1.png differ diff --git a/images/dissenter_safebrowsing.png b/images/dissenter_safebrowsing.png new file mode 100644 index 0000000..931eb63 Binary files /dev/null and b/images/dissenter_safebrowsing.png differ diff --git a/images/example_logo.png b/images/example_logo.png new file mode 100644 index 0000000..886ee96 Binary files /dev/null and b/images/example_logo.png differ diff --git a/images/falkon_firstrun.png b/images/falkon_firstrun.png new file mode 100644 index 0000000..c9bb8ae Binary files /dev/null and b/images/falkon_firstrun.png differ diff --git a/images/falkon_logo.png b/images/falkon_logo.png new file mode 100644 index 0000000..2ec9d37 Binary files /dev/null and b/images/falkon_logo.png differ diff --git a/images/firefox_logo.png b/images/firefox_logo.png new file mode 100644 index 0000000..06d27d0 Binary files /dev/null and b/images/firefox_logo.png differ diff --git a/images/foobar_logo.png b/images/foobar_logo.png new file mode 100644 index 0000000..cf20c13 Binary files /dev/null and b/images/foobar_logo.png differ diff --git a/images/fpseek.png b/images/fpseek.png new file mode 100644 index 0000000..2a0bfa1 Binary files /dev/null and b/images/fpseek.png differ diff --git a/images/google_logo.png b/images/google_logo.png new file mode 100644 index 0000000..5b32d3b Binary files /dev/null and b/images/google_logo.png differ diff --git a/images/graybg.jpg b/images/graybg.jpg new file mode 100644 index 0000000..ed9708b Binary files /dev/null and b/images/graybg.jpg differ diff --git a/images/gzdoom_logo.png b/images/gzdoom_logo.png new file mode 100644 index 0000000..0a038e8 Binary files /dev/null and b/images/gzdoom_logo.png differ diff --git a/images/hexchat_logo.png b/images/hexchat_logo.png new file mode 100644 index 0000000..5fa1b9e Binary files /dev/null and b/images/hexchat_logo.png differ diff --git a/images/icecat_logo.png b/images/icecat_logo.png new file mode 100644 index 0000000..bf489fd Binary files /dev/null and b/images/icecat_logo.png differ diff --git a/images/icecat_phones_home.png b/images/icecat_phones_home.png new file mode 100644 index 0000000..322784a Binary files /dev/null and b/images/icecat_phones_home.png differ diff --git a/images/ie_logo.png b/images/ie_logo.png new file mode 100644 index 0000000..03db9c9 Binary files /dev/null and b/images/ie_logo.png differ diff --git a/images/ig_logo.png b/images/ig_logo.png new file mode 100644 index 0000000..9580141 Binary files /dev/null and b/images/ig_logo.png differ diff --git a/images/ig_sshot.png b/images/ig_sshot.png new file mode 100644 index 0000000..b59d87a Binary files /dev/null and b/images/ig_sshot.png differ diff --git a/images/iridium_disablesb.png b/images/iridium_disablesb.png new file mode 100644 index 0000000..aaff7ad Binary files /dev/null and b/images/iridium_disablesb.png differ diff --git a/images/iridium_logo.jpg b/images/iridium_logo.jpg new file mode 100644 index 0000000..b03db35 Binary files /dev/null and b/images/iridium_logo.jpg differ diff --git a/images/iridium_request.png b/images/iridium_request.png new file mode 100644 index 0000000..dd802c5 Binary files /dev/null and b/images/iridium_request.png differ diff --git a/images/iron_bing.png b/images/iron_bing.png new file mode 100644 index 0000000..724577e Binary files /dev/null and b/images/iron_bing.png differ diff --git a/images/iron_connections.png b/images/iron_connections.png new file mode 100644 index 0000000..072ae72 Binary files /dev/null and b/images/iron_connections.png differ diff --git a/images/iron_spyware.png b/images/iron_spyware.png new file mode 100644 index 0000000..a3bec92 Binary files /dev/null and b/images/iron_spyware.png differ diff --git a/images/itunes_logo.png b/images/itunes_logo.png new file mode 100644 index 0000000..c1223ff Binary files /dev/null and b/images/itunes_logo.png differ diff --git a/images/itunes_spyware1.png b/images/itunes_spyware1.png new file mode 100644 index 0000000..f59591d Binary files /dev/null and b/images/itunes_spyware1.png differ diff --git a/images/ksp_logo.png b/images/ksp_logo.png new file mode 100644 index 0000000..35c3a06 Binary files /dev/null and b/images/ksp_logo.png differ diff --git a/images/logo.png b/images/logo.png new file mode 100644 index 0000000..83ce043 Binary files /dev/null and b/images/logo.png differ diff --git a/images/nvidia_bundling.png b/images/nvidia_bundling.png new file mode 100644 index 0000000..dcf1571 Binary files /dev/null and b/images/nvidia_bundling.png differ diff --git a/images/nvidia_logo.png b/images/nvidia_logo.png new file mode 100644 index 0000000..b292658 Binary files /dev/null and b/images/nvidia_logo.png differ diff --git a/images/nvidia_spyware_disable.png b/images/nvidia_spyware_disable.png new file mode 100644 index 0000000..6718168 Binary files /dev/null and b/images/nvidia_spyware_disable.png differ diff --git a/images/nvidia_spyware_service.png b/images/nvidia_spyware_service.png new file mode 100644 index 0000000..ba8a55b Binary files /dev/null and b/images/nvidia_spyware_service.png differ diff --git a/images/opera_firstrun.png b/images/opera_firstrun.png new file mode 100644 index 0000000..ff5a578 Binary files /dev/null and b/images/opera_firstrun.png differ diff --git a/images/opera_geo.png b/images/opera_geo.png new file mode 100644 index 0000000..a199520 Binary files /dev/null and b/images/opera_geo.png differ diff --git a/images/opera_logo.png b/images/opera_logo.png new file mode 100644 index 0000000..3dea24f Binary files /dev/null and b/images/opera_logo.png differ diff --git a/images/opera_partner_content.png b/images/opera_partner_content.png new file mode 100644 index 0000000..fe1604c Binary files /dev/null and b/images/opera_partner_content.png differ diff --git a/images/opera_sitecheck.png b/images/opera_sitecheck.png new file mode 100644 index 0000000..2e0e3e4 Binary files /dev/null and b/images/opera_sitecheck.png differ diff --git a/images/osw.jpg b/images/osw.jpg new file mode 100644 index 0000000..806170c Binary files /dev/null and b/images/osw.jpg differ diff --git a/images/otter_browser_logo.png b/images/otter_browser_logo.png new file mode 100644 index 0000000..f404645 Binary files /dev/null and b/images/otter_browser_logo.png differ diff --git a/images/paintnet_logo.png b/images/paintnet_logo.png new file mode 100644 index 0000000..2764aed Binary files /dev/null and b/images/paintnet_logo.png differ diff --git a/images/palemoon_logo.png b/images/palemoon_logo.png new file mode 100644 index 0000000..d4fe403 Binary files /dev/null and b/images/palemoon_logo.png differ diff --git a/images/piso_extension.png b/images/piso_extension.png new file mode 100644 index 0000000..fc4fe48 Binary files /dev/null and b/images/piso_extension.png differ diff --git a/images/piso_installer_phone_home.png b/images/piso_installer_phone_home.png new file mode 100644 index 0000000..4bd7a26 Binary files /dev/null and b/images/piso_installer_phone_home.png differ diff --git a/images/piso_scripts.png b/images/piso_scripts.png new file mode 100644 index 0000000..6dc9bd9 Binary files /dev/null and b/images/piso_scripts.png differ diff --git a/images/pm_analytics.png b/images/pm_analytics.png new file mode 100644 index 0000000..706d20b Binary files /dev/null and b/images/pm_analytics.png differ diff --git a/images/pm_hp.png b/images/pm_hp.png new file mode 100644 index 0000000..c41651a Binary files /dev/null and b/images/pm_hp.png differ diff --git a/images/pm_ud.png b/images/pm_ud.png new file mode 100644 index 0000000..3b50f60 Binary files /dev/null and b/images/pm_ud.png differ diff --git a/images/poweriso_logo.png b/images/poweriso_logo.png new file mode 100644 index 0000000..64e9497 Binary files /dev/null and b/images/poweriso_logo.png differ diff --git a/images/qutebrowser_logo.png b/images/qutebrowser_logo.png new file mode 100644 index 0000000..c166071 Binary files /dev/null and b/images/qutebrowser_logo.png differ diff --git a/images/razer_logo.png b/images/razer_logo.png new file mode 100644 index 0000000..4305880 Binary files /dev/null and b/images/razer_logo.png differ diff --git a/images/realplayer_logo.png b/images/realplayer_logo.png new file mode 100644 index 0000000..1ea63e3 Binary files /dev/null and b/images/realplayer_logo.png differ diff --git a/images/redshell_logo.png b/images/redshell_logo.png new file mode 100644 index 0000000..1d6371b Binary files /dev/null and b/images/redshell_logo.png differ diff --git a/images/request.png b/images/request.png new file mode 100644 index 0000000..1bf1745 Binary files /dev/null and b/images/request.png differ diff --git a/images/request2.png b/images/request2.png new file mode 100644 index 0000000..354ae82 Binary files /dev/null and b/images/request2.png differ diff --git a/images/safe_browsing.png b/images/safe_browsing.png new file mode 100644 index 0000000..e3d3fd0 Binary files /dev/null and b/images/safe_browsing.png differ diff --git a/images/self_repair.png b/images/self_repair.png new file mode 100644 index 0000000..974ea5e Binary files /dev/null and b/images/self_repair.png differ diff --git a/images/sheilds_blocking.png b/images/sheilds_blocking.png new file mode 100644 index 0000000..0165e73 Binary files /dev/null and b/images/sheilds_blocking.png differ diff --git a/images/sj_cloud.png b/images/sj_cloud.png new file mode 100644 index 0000000..59a54d2 Binary files /dev/null and b/images/sj_cloud.png differ diff --git a/images/sj_google_BITS.png b/images/sj_google_BITS.png new file mode 100644 index 0000000..dd9b88e Binary files /dev/null and b/images/sj_google_BITS.png differ diff --git a/images/sj_google_BITS_2.png b/images/sj_google_BITS_2.png new file mode 100644 index 0000000..7aa9119 Binary files /dev/null and b/images/sj_google_BITS_2.png differ diff --git a/images/sj_google_BITS_3.png b/images/sj_google_BITS_3.png new file mode 100644 index 0000000..5bb21a8 Binary files /dev/null and b/images/sj_google_BITS_3.png differ diff --git a/images/sj_google_requests.png b/images/sj_google_requests.png new file mode 100644 index 0000000..bc0c517 Binary files /dev/null and b/images/sj_google_requests.png differ diff --git a/images/slimjet_logo.png b/images/slimjet_logo.png new file mode 100644 index 0000000..529ec5f Binary files /dev/null and b/images/slimjet_logo.png differ diff --git a/images/snapchat_logo.png b/images/snapchat_logo.png new file mode 100644 index 0000000..460549f Binary files /dev/null and b/images/snapchat_logo.png differ diff --git a/images/sphere_homepage.png b/images/sphere_homepage.png new file mode 100644 index 0000000..e8d20d2 Binary files /dev/null and b/images/sphere_homepage.png differ diff --git a/images/sphere_logo.png b/images/sphere_logo.png new file mode 100644 index 0000000..b82f449 Binary files /dev/null and b/images/sphere_logo.png differ diff --git a/images/sphere_tracking.png b/images/sphere_tracking.png new file mode 100644 index 0000000..9f2519b Binary files /dev/null and b/images/sphere_tracking.png differ diff --git a/images/srware_logo.png b/images/srware_logo.png new file mode 100644 index 0000000..970ec18 Binary files /dev/null and b/images/srware_logo.png differ diff --git a/images/steam_logo.png b/images/steam_logo.png new file mode 100644 index 0000000..b2bc892 Binary files /dev/null and b/images/steam_logo.png differ diff --git a/images/telegram_logo.png b/images/telegram_logo.png new file mode 100644 index 0000000..1b67bf4 Binary files /dev/null and b/images/telegram_logo.png differ diff --git a/images/theevidence.png b/images/theevidence.png new file mode 100644 index 0000000..213e0e4 Binary files /dev/null and b/images/theevidence.png differ diff --git a/images/thunderbird.png b/images/thunderbird.png new file mode 100644 index 0000000..58597c1 Binary files /dev/null and b/images/thunderbird.png differ diff --git a/images/tor_logo.png b/images/tor_logo.png new file mode 100644 index 0000000..79a0514 Binary files /dev/null and b/images/tor_logo.png differ diff --git a/images/ugc_logo.png b/images/ugc_logo.png new file mode 100644 index 0000000..50cbb89 Binary files /dev/null and b/images/ugc_logo.png differ diff --git a/images/ungoogled_chromium_logo.png b/images/ungoogled_chromium_logo.png new file mode 100644 index 0000000..1a6a960 Binary files /dev/null and b/images/ungoogled_chromium_logo.png differ diff --git a/images/unity_analytics.png b/images/unity_analytics.png new file mode 100644 index 0000000..6491142 Binary files /dev/null and b/images/unity_analytics.png differ diff --git a/images/unity_logo.png b/images/unity_logo.png new file mode 100644 index 0000000..d06b37a Binary files /dev/null and b/images/unity_logo.png differ diff --git a/images/utorrent_logo.png b/images/utorrent_logo.png new file mode 100644 index 0000000..125066d Binary files /dev/null and b/images/utorrent_logo.png differ diff --git a/images/violation.png b/images/violation.png new file mode 100644 index 0000000..6bb6763 Binary files /dev/null and b/images/violation.png differ diff --git a/images/vivaldi_head.png b/images/vivaldi_head.png new file mode 100644 index 0000000..e307a5c Binary files /dev/null and b/images/vivaldi_head.png differ diff --git a/images/vivaldi_logo.png b/images/vivaldi_logo.png new file mode 100644 index 0000000..e5dfa39 Binary files /dev/null and b/images/vivaldi_logo.png differ diff --git a/images/vivaldi_piwik.png b/images/vivaldi_piwik.png new file mode 100644 index 0000000..3d70826 Binary files /dev/null and b/images/vivaldi_piwik.png differ diff --git a/images/vivaldi_safebrowsing.png b/images/vivaldi_safebrowsing.png new file mode 100644 index 0000000..79041e0 Binary files /dev/null and b/images/vivaldi_safebrowsing.png differ diff --git a/images/vivaldi_threatlist.png b/images/vivaldi_threatlist.png new file mode 100644 index 0000000..7a0f0d0 Binary files /dev/null and b/images/vivaldi_threatlist.png differ diff --git a/images/vivaldi_update.png b/images/vivaldi_update.png new file mode 100644 index 0000000..313e9f8 Binary files /dev/null and b/images/vivaldi_update.png differ diff --git a/images/vlc_logo.png b/images/vlc_logo.png new file mode 100644 index 0000000..ad842e1 Binary files /dev/null and b/images/vlc_logo.png differ diff --git a/images/vlc_privacy_policy.png b/images/vlc_privacy_policy.png new file mode 100644 index 0000000..810e7dc Binary files /dev/null and b/images/vlc_privacy_policy.png differ diff --git a/images/w3c_logo.png b/images/w3c_logo.png new file mode 100644 index 0000000..df8fd85 Binary files /dev/null and b/images/w3c_logo.png differ diff --git a/images/waterfox logo.png b/images/waterfox logo.png new file mode 100644 index 0000000..9c301d5 Binary files /dev/null and b/images/waterfox logo.png differ diff --git a/images/wd1.jpg b/images/wd1.jpg new file mode 100644 index 0000000..90be0ff Binary files /dev/null and b/images/wd1.jpg differ diff --git a/images/wd2.jpg b/images/wd2.jpg new file mode 100644 index 0000000..99dc933 Binary files /dev/null and b/images/wd2.jpg differ diff --git a/images/wd3.jpg b/images/wd3.jpg new file mode 100644 index 0000000..1581b0b Binary files /dev/null and b/images/wd3.jpg differ diff --git a/images/wd4.jpg b/images/wd4.jpg new file mode 100644 index 0000000..65ae4c8 Binary files /dev/null and b/images/wd4.jpg differ diff --git a/images/wd5.jpg b/images/wd5.jpg new file mode 100644 index 0000000..7cc6ce1 Binary files /dev/null and b/images/wd5.jpg differ diff --git a/images/wd6.jpg b/images/wd6.jpg new file mode 100644 index 0000000..eefc1f7 Binary files /dev/null and b/images/wd6.jpg differ diff --git a/images/wd7.jpg b/images/wd7.jpg new file mode 100644 index 0000000..0c78c9e Binary files /dev/null and b/images/wd7.jpg differ diff --git a/images/wd8.jpg b/images/wd8.jpg new file mode 100644 index 0000000..b3da83f Binary files /dev/null and b/images/wd8.jpg differ diff --git a/images/wd9.jpg b/images/wd9.jpg new file mode 100644 index 0000000..2fcfe93 Binary files /dev/null and b/images/wd9.jpg differ diff --git a/images/webdiscover_logo.png b/images/webdiscover_logo.png new file mode 100644 index 0000000..29f1f48 Binary files /dev/null and b/images/webdiscover_logo.png differ diff --git a/images/wfox.png b/images/wfox.png new file mode 100644 index 0000000..1c291b9 Binary files /dev/null and b/images/wfox.png differ diff --git a/images/yahoo_logo.png b/images/yahoo_logo.png new file mode 100644 index 0000000..1a7c1d3 Binary files /dev/null and b/images/yahoo_logo.png differ diff --git a/images/youtube_logo.png b/images/youtube_logo.png new file mode 100644 index 0000000..ea5e2cf Binary files /dev/null and b/images/youtube_logo.png differ diff --git a/index.html b/index.html new file mode 100644 index 0000000..75b8e38 --- /dev/null +++ b/index.html @@ -0,0 +1,28 @@ + + + + + + Spyware Watchdog + + +

Online Spyware Classification Project

+The goal of this website is to classify spyware programs, so that users can be aware that they are installing spyware. Most modern programs that people use today contain malicious spyware features, such as any form of telemetry or information collection of users. This website contains articles on popular programs and internet services explaining spyware features, so that potential users can be aware of the information they may be giving away by downloading or using spyware, using easy to understand ratings and detailed explanations and proofs of how the features of these programs can spy on the user. +

Browse Articles

+ Browse Spanish Articles
+ Deep Web Mirror
+ Browse Unfinished Articles
+ Frequently Asked Questions
+ Extra Content
+ Contact
+ Dig Deeper - A great privacy site made by one of the biggest contributors to this one!
+
+ Original Image by (c) Ra Boe / Wikipedia - Own work, CC BY-SA 3.0, Link
+

+ +

+ + diff --git a/not_found.html b/not_found.html new file mode 100644 index 0000000..3b8195e --- /dev/null +++ b/not_found.html @@ -0,0 +1 @@ +404 Not Found \ No newline at end of file diff --git a/requested_articles.txt b/requested_articles.txt new file mode 100644 index 0000000..248a9c9 --- /dev/null +++ b/requested_articles.txt @@ -0,0 +1,90 @@ +This text file is so that I can list all of the articles that +people have requested to be made, so that I don't forget about +anyone's request. If you are interested in writing articles +for the site and need help choosing something to review, this +list is a good place to start. + +1password - made a "stub" article: +https://spyware.neocities.org/articles/1password.html + +Ask.com services (excite, myway) - no progress has been made + +Merge information from http://archive.is/baCzK and https://www.ghacks.net/2016/02/08/steam-uses-insecure-out-of-date-chromium-browser/ +to the steam article, also run it through MITMproxy to find what requests it makes. - no progress has been made + +Create a new class of articles about browser addons, the following explicitly: +NoScript (allegedly phones home? needs a test to see if that's true or not...) +Stylish (definite spyware) +Ghostery + +No progress made on any of those ^ + +uTorrent - stub article: https://spyware.neocities.org/articles/utorrent.html + +Write about Razor mouse products: +Useful links: +https://www.razer.com/legal/privacy-policy +http://wp.xin.at/archives/1438 +For mitigation guides there's an easy way to run any program without letting it connect to the internet using scripts through iptables and there's always the --net=none option with firejail. +https://serverfault.com/questions/550276/how-to-block-internet-access-to-certain-programs-on-linux I use 'ni' instead of 'no-internet'. + +No progress has been made ^ + +Write about the oculus rift: +https://www.roadtovr.com/oculus-vr-privacy-policy-serves-needs-facebook-not-users/ +https://www.roadtovr.com/error-rendered-many-rifts-useless-simple-workaround/ + +No Progress ^ + +Write about privacy badger: https://www.eff.org/privacybadger#faq-Why-does-my-browser-connect-to-fastly.com-IP-addresses-on-startup-after-installing-Privacy-Badger + +Write about lenovo bundling spyware: +https://www.makeuseof.com/tag/security-failings-demonstrate-avoid-lenovo/ + +Write about HP bundling spyware: +https://www.extremetech.com/computing/259605-hp-caught-installing-spyware-windows-10-systems-without-permission-notification +https://www.engadget.com/2017/11/28/hp-quietly-installs-system-slowing-spyware-on-its-pcs/ + +Write about Dell bundling spyware: +https://www.techdirt.com/articles/20050530/2333212.shtml +https://arstechnica.com/information-technology/2015/11/dell-does-superfish-ships-pcs-with-self-signed-root-certificates/ + +Write about TOSHIBA bundling spyware: +https://www.shouldiremoveit.com/TOSHIBA-Service-Station-5383-program.aspx + +Write about Acer bundling spyware: +https://www.pcmag.com/article2/0,2817,2477704,00.asp + +Rate CPU's for spyware: +https://libreboot.org/faq.html#amd +https://libreboot.org/faq.html#intel + +Some progress made with that. See AMD CPU article. Still need to finish that. + +Write about visual studio- no progress +write about geary - no progress + +Add this tag to the top of everything: + + +Ublock Origin - No progress (phoning home? check privacy policy) + +> please add to overview browsers like Seamonkey, Srware Iron and Sphere +> browser: https://sphere.tenebris.cc + +Did Iron and Sphere +Didn't do Seamonkey yet.... + +Write about the Bromite Android Browser + +-I don't have an android phone. So someone else will have to write it, I don't have the means to do a reveiw of it. + +write articles about alternatives to Discord: + +Signal +XMPP +Mumble, etc. + +No progress has been made yet. + +Write an article about Facebook. \ No newline at end of file diff --git a/style.css b/style.css new file mode 100644 index 0000000..ebfee23 --- /dev/null +++ b/style.css @@ -0,0 +1,15 @@ + a:link {color:coral; background-color:transparent; text-decoration:underline} + a:visited {color:coral; background-color:transparent; text-decoration:underline} + a:hover {color:red; background-color:transparent; text-decoration:underline} + sup:hover {text-decoration:none} + p { + max-width: 800px; + + } + li { + max-width: 800px; + } + body{ + background: url("/images/blackbg.jpg"); + color: white; + } \ No newline at end of file diff --git a/translations/duckduckgo_article.html b/translations/duckduckgo_article.html new file mode 100644 index 0000000..5d1c91f --- /dev/null +++ b/translations/duckduckgo_article.html @@ -0,0 +1,82 @@ + + + + + + Spyware Watchdog + + +

This is a machine-translated copy of an article written in German mirrored on this website. The original article is here:

+ Der Irrglaube von der NSA-sicheren Suchmaschine + [web.archive.org] + [archive.is] +

+ DuckDuckGo : The mistaken belief of the NSA-safe search engine +

+ +

+ Since the beginning of Snowden revelations, the privacy-friendly search engine DuckDuckGo has seen increasing traffic. But it does not protect them from the NSA. +

+ By Patrick Beuth
+ January 13, 2014, 12:49 pm 45 comments +

+ +

+ Gabriel Weinberg should be very grateful to the NSA . When last summer it became known how comprehensive the US-intelligence trawl monitoring was, the traffic to Weinberg's privacy-friendly search engine DuckDuckGo increased rapidly. By now they are fairly consistent with about four million searches per day - twice as much as before the Snowden revelations began in June 2013. +

+ +

+ What is visible here is a desperate act. DuckDuckGo encrypts the data transmission via SSL and promises not to collect personal user data, to use cookies in the default setting, to operate no tracking and not to pass on search terms to the operators of the pages in the search results. Many people may therefore believe that DuckDuckGo is an NSA-safe search engine . +

+ +

+ It is not that simple. DuckDuckGo is a US company and is thus subject to US law. A court could force Weinberg to issue its SSL keys, as did the email provider Lavabit . The secretive FISA court may also force DuckDuckGo to collect and post user data without informing users. +

+ +

+ DuckDuckGo also operates its service on Amazon servers, also a US company - which also cooperates voluntarily with the local intelligence services. Amazon is the cloud service provider of the CIA . + Patrick Beuth +

+ +

+ Maybe many know it all and still prefer to use DuckDuckGo than Google. Weinberg had said at the end of 2012 in an interview with ZEIT ONLINE that he wanted to offer not only more privacy than the competition, but also the better search results. In fact, his search engine works well for English-language topics, at least as an adjunct to other providers DuckDuckGo is absolutely suitable. +

+ +

+ Compared to Google, the numbers of DuckDuckGo are still hardly worth mentioning. Google has about three times as many search queries a day as DuckDuckGo does every year, according to TechCrunch . +

+ +

+ And although other privacy-friendly offerings such as Startpage and Ixquick have reported a significant increase in traffic since mid-2013. Overall, however, that does not mean that they move significant user groups away from established search providers. If the increases should go to the expense of the major search engines, then only at a barely perceptible level. In any case, figures collected by comScore reveal no negative development on Google, Bing or Yahoo. + No change in search behavior +

+ +

+ In other words, the NSA revelations may already lead to declining sales for network technology vendors like Cisco. The forecasts for American cloud providers may also be gloomy, analysts expect 2016 losses between $ 35 and 180 billion . But in the search engine market, the NSA has not yet led to a change in behavior. +

+ +

+ It could just protect the European offers Startpage and Ixquick actually from the NSA. Both are not subject to US law and transmit all data encrypted. In order to get information about users there, the NSA would have to hack itself in their data centers. Not that she would not do that, her program Muscular does just that . +

+ +

+ Update : Readers have pointed out to us a) that the initial number of 400,000 queries we've ever seen at DuckDuckGo is wrong - that's four million. +

+ +

+ b) that DuckDuckGo relies on Perfect Forward Secrecy , whereby a forced release of the SSL key does not yet enable a retroactive decryption of transmitted data. +

+ +

+ c) that Startpage is also hosted in the US and thus subject to the Patriot Act. However, according to a company spokesman, this is not true: some of the servers are in the Netherlands, he said on request, and all European users are taking action. In the US there are servers for US users belonging to the Dutch company Surfboard Holding BV - the operator of Startpage and Ixquick. However, as a Dutch company, Startpage is not subject to either the Patriot Act or the Foreign Intelligence Surveillance Act (FISA), so it does not have to help the US authorities. +

+ +

+ Apart from that, there would be no usable user data on the servers - which also applies to DuckDuckGo, as the company itself reports. +

+ + \ No newline at end of file

1Password

Spyware Level: Not Rated

AMD CPU Family

UNFINISHED ARTICLE - UNDER CONSTRUCTION - BAD FORMATTING

NOT TRUSTED:

POTENTIALLY TRUSTED:

Sources

Bing

Spyware Level: EXTREMELY HIGH

Bing collects your search history

Bing uses your search history to profile you for advertising

Bing sells your search history to other spyware platforms

Sources

Brave Browser

Spyware Level: High

Whitelisting spyware from Facebook and Twitter

Auto-updates

Anti-privacy search engine by default

Brave's start page contains analytics

Crash reports

Other requests

Brave's privacy protections

Credits

Sources

Comparison between web browsers

Top Tier - Best Privacy

High Tier - Good Privacy

Mid Tier - Ok Privacy

Low Tier - Poor Privacy

Shit tier - No Privacy

Further Reading

CCleaner

Spyware Level: EXTREMELY HIGH

CCleaner collects and sells user information to advertisers

CCleaner tracks a huge amount of personal information

CCleaner sends you spam email

CCleaner tracks your physical location

Past Security Flaws

Sources

CDex

Spyware Level: Low

Bundling with spyware

Sources

Google Chrome

Spyware Level: EXTREMELY HIGH

Google Chrome is not fully open source

Google Chrome tracks the user's search history

Google Chrome profiles your computer usage

Google Chrome is integrated with Google Payments

Google Chrome contains a keylogger

Google Chrome records your voice

Google Chrome saves user passwords on Google Servers

Google Chrome profiles users in other various ways

Google Chrome is self-updating software

Further Reading

Sources

Google Chrome

Nivel de spyware: EXTREMADAMENTE ALTO

Google Chrome no es completamente libre

Google Chrome rastrea el historial

Google Chrome está integrado con Google Payments

Google Chrome contiene un keylogger

Google Chroome graba tu voz

Google Chrome guarda contraseñas en sus servidores

Google Chrome recolecta profiles de usuario de otras formas

Google Chrome se actualiza automáticamente +

Mas cosas

Referencias

Discord

Spyware Level: EXTREMELY HIGH

Discord does not make its source code available

Discord confirms that it collects large amounts of sensitive user data

Discord contains features which allow integration with other spyware platforms

Discord contains a process logger

Discord uses it's process logging for advertising

Discord tries to force some users to give their Telephone numbers

Discord receives government requests for your information

Speculation on Discord's future

Further Reading

Sources

Discord confirma en su política de privacidad ^[1] que recolecta la siguiente información