www @ Savannah: Malware in Proprietary Software – May 2025 Additions

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

May 2025

Malware in Appliances

• Synology forces users to install self-branded hard drives in some of its recent NAS systems on pretext of reliability, by blocking critical functions of drives that were purchased from other sources, and cutting down on support. Synology does this by replacing the original firmware with custom firmware that acts like DRM.

• When connected to the internet, some Brother printers suffer a firmware downgrade that degrades the printing quality when using third-party toner. This proves that these printers have a back door which lets Brother control them.

As a general precaution, users should make sure their printer can't connect to the manufacturer's server, for example by shielding it from the internet by a firewall. This will not restore the ability of printers to use third-party toner if they have already lost it, but will prevent any future downgrades. All printer manufacturers are concerned, not only Brother.

Microsoft's Software is Malware

• With Windows 10 soon reaching obsolescence, users whose computer is not modern enough are facing unjust choices, such as paying for updates or buying a new computer. But their best option is to replace Windows with a free operating system, and enjoy the freedom and justice it brings them.
• Microsoft is tightening the chains that force Windows useds to sign into their Microsoft account [*], thus identifying themselves. We suspect this is an intentional strategy to avoid inspiring a lot of resistance all at once: leave openings to escape identification, then gradually close them.

Enough is enough!

[*] Why “useds”? Because running Windows is not you using Windows; it is Windows using you.

• Microsoft Teams has been collecting voice and face data from students of an Australian school, to feed the CoPilot chatbot. It took the school network administrators a whole month to realize what was happening, and disable this malfeature. It was obviously beyond their imagination that Microsoft could have made biometric data collection the default in Teams!

Let's hope legislators and regulatory agencies all over the world will quickly put a stop to this sort of outrageous practice.

In any case people would be better off switching to a free-software replacement such as Jitsi Meet for medium-size groups, or Big Blue Button for larger ones. Many public instances are available, and groups of users can also set up their own servers.

Apple's Operating Systems Are Malware

• Apple has been labeling various third-party files and programs as “damaged”, preventing users from opening them, and implying that software from third-party sources is dangerous. While these restrictions can be circumvented, they violate users' freedom to do their computing as they wish. Most of the time, the purpose of warnings such as “damaged” is to scare users into sticking with Apple's proprietary programs for no good reason.

Amazon's Software Is Malware

• Amazon has removed the “Do Not Send Voice Recordings” option from Echo devices, including from devices that support local processing of these recordings. All private conversations are now used to train Alexa's “artificial intelligence.” Moreover, if users choose not to save recordings, they will lose some advanced functions of Alexa that they paid for.

This wouldn't happen if software in the Echo were free. Users would be able to restore the “Do Not Send Voice Recordings” option.

Malware in Mobile Devices

• BeReal, a nonfree social media app, pressures users into giving their consent to tracking by means of dark patterns and harrassment.

Malware in Games

• Nintendo has been known to remotely brick the Wii until users consented to new, more restrictive legal terms. This company is now pushing tyranny even further: in the 2025 update of its User Account Agreement, it warns that Switch consoles may be permanently bricked if they are not used as authorized.

In addition, Nintendo can record audio and video chats for moderation purposes. User's consent is required, but there is no guarantee that the recordings will not be sent to third parties. In short, there is no privacy in these chats.

If you ever consider buying a Switch, think twice, because you will not own it. Nintendo will.

Source: Planet GNU