-
-
+
+
+
Kerbal Space Program — Spyware Watchdog
+
-
-
Kerbal Space Program
-
- Kerbal Space Program is a space flight simulation video game developed and published by Squad, and currently owned by Take-Two Interactive.
-
-
Spyware Level: EXTREMELY HIGH
-
- Kerbal Space program is a spyware program that mines large amounts of personal information of its users[1][2],
- to use for its own advertising, and to sell to other advertisers. On its face, it is a video game, but it is loaded with a huge amount of spyware that makes it completely unusable from a privacy standpoint.
- If you MUST use this program, run it in a VM with no internet connection. KSP collects so much information, that it has managed to catapult itself into the highest ranks of
- this website and can only be described as a uniquely malicious datamining platform. KSP at one point was integrated with the Redshell spyware platform.[3]
-
-
-
Kerbal Space Program collects vast amounts of personal information
-
-
- KSP collects or attempts to collect or reserves the right to collect the following information about its users[1]:
-
-
-
-
First and/or last name
-
E-mail address
-
Phone number
-
Photo
-
Mailing address
-
Geolocation (physical location)
-
Payment information
-
Age
-
Gender
-
Date of birth
-
Zip code
-
Hardware configuration
-
Console ID
-
Software products played
-
Purchases
-
IP address
-
Systems you have played on
-
Other Information from integrated services
-
Other Information from social media
-
-
-
- Anyone who is familiar with privacy violating software can notice that compared to most spyware out there, this is a MASSIVE amount of personal information that is being collected.
- It's further clarified that not only does this program collect all of your information, but it uses this information to build a unique profile of you by correlating that information
- together.
-
-
-
Kerbal Space Program is integrated with other spyware platforms
-
-
- KSP is integrated with social networking websites such as Facebook[1], which allows it to collect a lot of personal information about you from any sort of social media profile that you
- have on that website. If you're wondering how it could collect your date of birth, gender and photo if the program doesn't explicitly ask you, this is probably how it does it.
- When you give KSP access to your Facebook account by logging in through spyware platforms such as Facebook, it collects as much information from your profile as it possibly can. This includes:
-
-
-
-
Your profile picture
-
Your friends list
-
Your name
-
-
-
-
- As well as all other information that KSP claims it collects in the previous section. As you can see, this feature is a way for KSP to collect huge amounts of your personal information,
- which it does not show and restraint in collecting.
-
-
- Not only is KSP integrated with Facebook's spyware platform, but it is also integrated with other spyware platforms as well:
-
-
- "When you use a third-party authentication service or link your Company account with a third-party account, you will be asked to provide account information associated with that third-party account. Certain membership information may be transferred automatically to the Company when you register to join an Online Service from a third-party gaming network system or link your Online Service membership with a third-party service, such as your friends list on that gaming network or social network service."
- [1]
-
- "When you use Facebook Connect, OpenID or another multisite ID to log in to an Online Service, those ID services will authenticate your identity and provide you the option to share certain personal information with us to pre-populate our sign up form. Depending on your account settings, multisite IDs may also provide other information to us. Please check the terms of those services before using them to log into an Online Service."
- [1]
-
- "If you use, purchase, or register for an Online Service through a third-party service such as a gaming console's network service, an internet based gaming service, or a social network website, or request that we associate a Company account with a third-party service account, then limited user account personal information may be transferred to the Company as part of the registration process and we may be able to collect information about your use of the Online Services."
- [1]
-
-
Kerbal Space Program allows advertisers to collect personal information separately
-
-
- In addition to tracking its users, KSP allows advertisers to track its users as well[1]. These advertisers are:
-
-
-
-
DoubleClick
-
Facebook
-
Google
-
Conversant
-
Nielsen/Netratings
-
Omniture
-
Yahoo
-
-
-
- Which of course, all have their own separate privacy policies about how they handle your information. So, not only is KSP tracking you, but a huge amount of advertisers are
- also tracking you when you use their services.
-
-
-
Kerbal Space Program sells your information to advertisers
-
-
- KSP's privacy policy uses more vague language here, but it's clear that your information is being sold to advertisers. See the following quotes:
-
-
-
- "In the event we offer services or promotions where your personal information is separately collected and used according to the privacy policy of a third party, we will inform you of that at the time of collection and you may elect not to participate in the service or promotion."
- [1]
-
-
- "In addition, we may share aggregate and other information regarding Online Service usage statistics and user demographics with third parties."
- [1]
-
-
- Is "other information" personal information? There isn't any transparency here, so we cant know, but its clear that KSP uses its massive datamining platform to collaborate with other datamining platforms.
-
-
-
Kerbal Space Program uses your personal information for its own advertising
-
-
- It's clearly stated in the privacy policy[1] that this information is used to target users for promotions, and to analyse for marketing purposes:
-
-
-
- "The Company uses this information to send you promotional materials. [...] We also use your personal and other information for our internal marketing and demographic studies, so we can constantly improve the products and services we provide you and to better meet your needs."
- [1]
-
-
Kerbal Space Program does not make its source code available
-
-
- Its impossible to discern the level and scope of privacy violations done by this software beyond what they tell us in the privacy policy. The source code could potentially be hiding
- more spyware, but nobody can audit it, and nobody can go into the source code and disable all of the spyware. If KSP had nothing to hide, you would be able to build the game from its
- source code.
-
- If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
-
Kerbal Space Program is a space flight simulation video game developed and published by Squad, and currently owned by Take-Two Interactive.
+
Spyware Level: EXTREMELY HIGH
+
Kerbal Space program is a spyware program that mines large amounts of personal information of its users[1][2], to use for its own advertising, and to sell to other advertisers. On its face, it is a video game, but it is loaded with a huge amount of spyware that makes it completely unusable from a privacy standpoint. If you MUST use this program, run it in a VM with no internet connection. KSP collects so much information, that it has managed to catapult itself into the highest ranks of this website and can only be described as a uniquely malicious datamining platform. KSP at one point was integrated with the Redshell spyware platform.[3]
+
Kerbal Space Program collects vast amounts of personal information
+
KSP collects or attempts to collect or reserves the right to collect the following information about its users[1]:
+
+
First and/or last name
+
E-mail address
+
Phone number
+
Photo
+
Mailing address
+
Geolocation (physical location)
+
Payment information
+
Age
+
Gender
+
Date of birth
+
Zip code
+
Hardware configuration
+
Console ID
+
Software products played
+
Purchases
+
IP address
+
Systems you have played on
+
Other Information from integrated services
+
Other Information from social media
+
+
Anyone who is familiar with privacy violating software can notice that compared to most spyware out there, this is a MASSIVE amount of personal information that is being collected. It's further clarified that not only does this program collect all of your information, but it uses this information to build a unique profile of you by correlating that information together.
+
Kerbal Space Program is integrated with other spyware platforms
+
KSP is integrated with social networking websites such as Facebook[1], which allows it to collect a lot of personal information about you from any sort of social media profile that you have on that website. If you're wondering how it could collect your date of birth, gender and photo if the program doesn't explicitly ask you, this is probably how it does it. When you give KSP access to your Facebook account by logging in through spyware platforms such as Facebook, it collects as much information from your profile as it possibly can. This includes:
+
+
Your profile picture
+
Your friends list
+
Your name
+
+
As well as all other information that KSP claims it collects in the previous section. As you can see, this feature is a way for KSP to collect huge amounts of your personal information, which it does not show and restraint in collecting.
+
Not only is KSP integrated with Facebook's spyware platform, but it is also integrated with other spyware platforms as well:
+
"When you use a third-party authentication service or link your Company account with a third-party account, you will be asked to provide account information associated with that third-party account. Certain membership information may be transferred automatically to the Company when you register to join an Online Service from a third-party gaming network system or link your Online Service membership with a third-party service, such as your friends list on that gaming network or social network service."[1]
+
"When you use Facebook Connect, OpenID or another multisite ID to log in to an Online Service, those ID services will authenticate your identity and provide you the option to share certain personal information with us to pre-populate our sign up form. Depending on your account settings, multisite IDs may also provide other information to us. Please check the terms of those services before using them to log into an Online Service."[1]
+
"If you use, purchase, or register for an Online Service through a third-party service such as a gaming console's network service, an internet based gaming service, or a social network website, or request that we associate a Company account with a third-party service account, then limited user account personal information may be transferred to the Company as part of the registration process and we may be able to collect information about your use of the Online Services."[1]
+
Kerbal Space Program allows advertisers to collect personal information separately
+
In addition to tracking its users, KSP allows advertisers to track its users as well[1]. These advertisers are:
+
+
DoubleClick
+
Facebook
+
Google
+
Conversant
+
Nielsen/Netratings
+
Omniture
+
Yahoo
+
+
Which of course, all have their own separate privacy policies about how they handle your information. So, not only is KSP tracking you, but a huge amount of advertisers are also tracking you when you use their services.
+
Kerbal Space Program sells your information to advertisers
+
KSP's privacy policy uses more vague language here, but it's clear that your information is being sold to advertisers. See the following quotes:
+
"In the event we offer services or promotions where your personal information is separately collected and used according to the privacy policy of a third party, we will inform you of that at the time of collection and you may elect not to participate in the service or promotion."[1]
+
"In addition, we may share aggregate and other information regarding Online Service usage statistics and user demographics with third parties."[1]
+
Is "other information" personal information? There isn't any transparency here, so we cant know, but its clear that KSP uses its massive datamining platform to collaborate with other datamining platforms.
+
Kerbal Space Program uses your personal information for its own advertising
+
It's clearly stated in the privacy policy[1] that this information is used to target users for promotions, and to analyse for marketing purposes:
+
"The Company uses this information to send you promotional materials. [...] We also use your personal and other information for our internal marketing and demographic studies, so we can constantly improve the products and services we provide you and to better meet your needs."[1]
+
Kerbal Space Program does not make its source code available
+
Its impossible to discern the level and scope of privacy violations done by this software beyond what they tell us in the privacy policy. The source code could potentially be hiding more spyware, but nobody can audit it, and nobody can go into the source code and disable all of the spyware. If KSP had nothing to hide, you would be able to build the game from its source code.
Librewolf is a Firefox fork with the primary goals of privacy, security and user freedom.[1]
-
-
Version tested: 95.0.2
+
Version tested: 95.0.2
Spyware Level: Low
-
-
Librewolf makes some calls on startup to f.s.s.m.c.qjz9zk which looks like an obliterated address, and shavar.services.mozilla.com which is intended (however it can be disabled by clearing the URL in browser.safebrowsing.provider.mozilla.updateURL).[2] There is also an attempt to check for updates regarding the pre-installed uBlock Origin extension.
-
-
This is a big improvement compared to Firefox.
-
-
+
Librewolf makes some calls on startup to f.s.s.m.c.qjz9zk which looks like an obliterated address, and shavar.services.mozilla.com which is intended (however it can be disabled by clearing the URL in browser.safebrowsing.provider.mozilla.updateURL).[2] There is also an attempt to check for updates regarding the pre-installed uBlock Origin extension.
+
This is a big improvement compared to Firefox.
+
- This article was created on 01/7/2022
+ This article was created on 01/7/2022
+ This article was last edited on 01/7/2022
-
If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg.
All contributions must be licensed under the CC0 license to be accepted.
- Pale Moon is a fork of an old Firefox version, before the user interface change that put off many people. Version 28.4 was used to
- write this article.
-
-
-
Spyware Level: Medium
-
After following the mitigation guide, this software is Not Spyware.
-
-
- Connects to analytics services, and these requests can only be avoided on subsequent runs. Has block lists, search suggestions, and auto-updates.
- Sends SSL certificates from the sites you visit.
-
-
Google Analytics on Homepage
-
- By default, Pale Moon's home page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run.
- This page connects to Google Analytics, which can fingerprint and track you across the internet.
-
-
-
Auto-updates
-
- Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config.
-
-
-
Search Suggestions
-
The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar.
-
-
-
OCSP querying
-
Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.
-
-
Not spyware related, but worth noting
-
-
Blocking privacy-enhancing addons
-
-Pale Moon by default won't allow you to install the privacy-enhancing addon NoScript, citing this rationale for
-blocking such an important addon: "NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited,
-NoScript will cause display issues and functional issues."[1]
-To disable this blocklist, set extensions.blocklist.enabled to false in about:config.
-
- If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
-
Pale Moon is a fork of an old Firefox version, before the user interface change that put off many people. Version 28.4 was used to write this article.
+
Spyware Level: Medium
+
After following the mitigation guide, this software is Not Spyware.
+
Connects to analytics services, and these requests can only be avoided on subsequent runs. Has block lists, search suggestions, and auto-updates. Sends SSL certificates from the sites you visit.
+
Google Analytics on Homepage
+
By default, Pale Moon's home page is set to https://palemoon.start.me, and it will automatically make a connection to it upon its first run. This page connects to Google Analytics, which can fingerprint and track you across the internet.
+
+
Auto-updates
+
Pale Moon will automatically update itself, addons and search engines, as well as its blocklist.xml file with the addons it considers "malicious". Some of these can be turned off from the GUI, and some only from about:config.
+
Search Suggestions
+
The default search engine is the privacy-respecting DuckDuckGo, however search suggestions are enabled by default, which could send a request for every letter you've typed, all while you think it stays in-browser until you press Enter. Can be turned off by right-clicking the search bar.
+
OCSP querying
+
Will automatically check every site's SSL certificate to see if it is valid, which necessitates sending it to a third party. Can be turned off from the GUI.
+
Not spyware related, but worth noting
+
Blocking privacy-enhancing addons
+
Pale Moon by default won't allow you to install the privacy-enhancing addon NoScript, citing this rationale for blocking such an important addon: "NoScript is known to cause severe issues with a large (and growing) number of websites. Unless finely tuned for every website visited, NoScript will cause display issues and functional issues."[1]To disable this blocklist, set extensions.blocklist.enabled to false in about:config.
SeaMonkey is a web browser, email client, news reader, HTML editor and an IRC client.[2]
+
SeaMonkey is a web browser, email client, news reader, HTML editor and an IRC client.[2]
Spyware Level: Medium
SeaMonkey makes about 35 requests on first start, with a connection to Google SafeBrowsing recurring about every 30 minutes, though it can be disabled.
- Waterfox is a web browser that is a fork of Firefox.
- Note: This article has a few issues. See this for more details.
-
+
Waterfox is a web browser that is a fork of Firefox. Note: This article has a few issues. See this for more details.
Spyware Level: Medium
-
- Waterfox is a fork of Firefox that claims to be more private and secure
- than Firefox. However, Waterfox contains telemetry and shares
- information about you with Mozilla, and has other spyware features.
-
+
Waterfox is a fork of Firefox that claims to be more private and secure than Firefox. However, Waterfox contains telemetry and shares information about you with Mozilla, and has other spyware features.
Waterfox connects to spyware services when it is first run
-
- If you start up Waterfox for the first time, it will make 55 requests[4] to several spyware platforms, notably
- Matomo, and Mozilla online services like its Geolocation service, and several other Mozilla services, as
- well as Waterfox's own update service. You can look at a list of these requests
- here.
-
+
If you start up Waterfox for the first time, it will make 55 requests[4] to several spyware platforms, notably Matomo, and Mozilla online services like its Geolocation service, and several other Mozilla services, as well as Waterfox's own update service. You can look at a list of these requests here.
Waterfox is integrated into the "Firefox Accounts" spyware platform
-
- The "Firefox Accounts" platform allows you to sync a lot of sensitive
- information, such as your internet history, across all of your devices.
- This is, of course, all being stored on Mozilla's servers.[3]
- This feature
- is opt-in spyware, but it should still be mentioned.
- If you don't want your internet history to be uploaded to Mozilla servers,
- don't use this feature.
-
+
The "Firefox Accounts" platform allows you to sync a lot of sensitive information, such as your internet history, across all of your devices. This is, of course, all being stored on Mozilla's servers.[3] This feature is opt-in spyware, but it should still be mentioned. If you don't want your internet history to be uploaded to Mozilla servers, don't use this feature.
Waterfox is self updating software
-
- Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way
- where the user can understand what they are giving up when they download the update.
-
+
Self updates are a spyware feature since they are usually ways for the developer of a program to put spyware into their software without presenting it in a prominent way where the user can understand what they are giving up when they download the update.
Other known spywares, like Chromium, make use of this method
Not spyware related, but worth noting
Anti-privacy search engine by default
-
- By default Waterfox uses the search engine Bing.
- Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google,
- which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). The developers attitude towards these search engines is concerning:
-
-
- "Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009)."[2]
-
-
- It's very clear that while the browser advertises itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim.
-
+
By default Waterfox uses the search engine Bing. Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google, which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing). The developers attitude towards these search engines is concerning:
+
"Bing is actually quite good for privacy as well (let's not forget Mozilla even suggested them as a more privacy focused search back in 2009)."[2]
+
It's very clear that while the browser advertises itself as very privacy focused, the actual words and actions of the developers aren't consistent with this claim.
-YouTube is an American video-sharing website headquartered in San Bruno, California. It is owned by Google.
-
-
Spyware Level: EXTREMELY HIGH
-
-Google’s business strategy with YouTube relies on tracking user’s device identifiers, location, search history, IP addresses and other personally identifying data to provide to advertisers. Google discloses in their YouTube privacy policy that it collects many types of personal information, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services.[1]
-
-
Integration with Google Tracking
-
-YouTube is integrated with Google’s suite of advertising technologies and services, including AdWords, DoubleClick, and Google Preferred. DoubleClick is “an advertising serving and tracking company that uses web cookies to track browsing behavior online by their IP address to deliver targeted ads. Other DoubleClick ad technologies used to target YouTube users include the Campaign Manager, which helps advertisers “identify, locate and understand your customers, wherever they are.”[2]
-
-
- You can find that Google operates tracking domains active on the YouTube page, “pubads.g.doubleclick.net” and “googleads.g.doubleclick.net” in addition to three cookies requested by *.youtube.com. YouTube serves a particular tracking cookie, “VISITOR_INFO1_LIVE” in order to continue monitoring users that have signed out of their account and to continue serving recommended videos related to that session. Of course, while you are logged in to any Google service, Google can track you with absolute precision. [3]
-
-
-The YouTube app for android additionally uses the Google Firebase Analytics tracker which provides methods for logging events and setting user properties. The full app report finds that the YouTube app employs three trackers and requires 33 permission, 14 of which are considered dangerous such as access to the user’s location and contacts.
-[4][5]
-
-
Taking down more private alternatives
-
- For some time, a popular YouTube tracking sanitizer, Hooktube.com was a useful resource for accessing YouTube videos without being subjected to Google’s surveillance techniques in full. Hooktube was also useful for circumventing region blocking. However, Google, not to be stopped in their spying endeavors, served Hooktube’s operators with a cease and desist over their use of the YouTube API. Hooktube was effectively forced to use YouTube’s official embedded player if they wished to continue to operate, nullifying Hooktube as a viable means for privately viewing YouTube content.[6][7]
-
-
YouTube Requires non-free JavaScript
-
- It is also worth noting that, in order to function, YouTube requires visitors to run non-free JavaScript. As with any proprietary software, these programs can be doing just about anything with almost no way to determine exactly what.[10] For example, there has been some speculation as to whether YouTube’s compulsory JavaScript might be useful for YouTube to track your device’s unique MAC address. [8][9]
-
-
- All that said, it would be wise to avoiding using any of Google’s services. If you must access YouTube, we recommend doing so through one of the remaining sanitizers such as Invidious (https://invidious.io/).
-
-
-
-
Credits
-
- This review was written by Alia Sarmor.
- Formatting changes were done by the site maintainer.
-
- This article was created on 9/10/2018
- This article was last updated on 6/19/2021
-
-
- If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
-
YouTube is an American video-sharing website headquartered in San Bruno, California. It is owned by Google.
+
Spyware Level: EXTREMELY HIGH
+
Google’s business strategy with YouTube relies on tracking user’s device identifiers, location, search history, IP addresses and other personally identifying data to provide to advertisers. Google discloses in their YouTube privacy policy that it collects many types of personal information, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services.[1]
+
Integration with Google Tracking
+
YouTube is integrated with Google’s suite of advertising technologies and services, including AdWords, DoubleClick, and Google Preferred. DoubleClick is “an advertising serving and tracking company that uses web cookies to track browsing behavior online by their IP address to deliver targeted ads. Other DoubleClick ad technologies used to target YouTube users include the Campaign Manager, which helps advertisers “identify, locate and understand your customers, wherever they are.”[2]
+
You can find that Google operates tracking domains active on the YouTube page, “pubads.g.doubleclick.net” and “googleads.g.doubleclick.net” in addition to three cookies requested by *.youtube.com. YouTube serves a particular tracking cookie, “VISITOR_INFO1_LIVE” in order to continue monitoring users that have signed out of their account and to continue serving recommended videos related to that session. Of course, while you are logged in to any Google service, Google can track you with absolute precision. [3]
+
The YouTube app for android additionally uses the Google Firebase Analytics tracker which provides methods for logging events and setting user properties. The full app report finds that the YouTube app employs three trackers and requires 33 permission, 14 of which are considered dangerous such as access to the user’s location and contacts.[4][5]
+
Taking down more private alternatives
+
For some time, a popular YouTube tracking sanitizer, Hooktube.com was a useful resource for accessing YouTube videos without being subjected to Google’s surveillance techniques in full. Hooktube was also useful for circumventing region blocking. However, Google, not to be stopped in their spying endeavors, served Hooktube’s operators with a cease and desist over their use of the YouTube API. Hooktube was effectively forced to use YouTube’s official embedded player if they wished to continue to operate, nullifying Hooktube as a viable means for privately viewing YouTube content.[6][7]
+
YouTube Requires non-free JavaScript
+
It is also worth noting that, in order to function, YouTube requires visitors to run non-free JavaScript. As with any proprietary software, these programs can be doing just about anything with almost no way to determine exactly what.[10] For example, there has been some speculation as to whether YouTube’s compulsory JavaScript might be useful for YouTube to track your device’s unique MAC address. [8][9]
+
All that said, it would be wise to avoiding using any of Google’s services. If you must access YouTube, we recommend doing so through one of the remaining sanitizers such as Invidious (https://invidious.io/).