www @ Savannah: Malware in Proprietary Software – June 2025 Additions

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

June 2025

Amazon's Software Is Malware

• Amazon arbitrarily decided to make all Echo devices send all the audio they hear to Amazon servers, even if the “owner” of the device specified local processing.

The server will figure out what (if anything) someone asked it to do.

What else will it do with that recording? There are no limits except management's will. It might save some of the utterances it hears, and present them years later to the political police.

Proprietary Surveillance

• Researchers discovered that the Meta Pixel and Yandex Metrica trackers, which are embedded in many websites, have been spying on behalf of the native Meta and Yandex Android apps respectively, by taking advantage of security flaws in the Android API. When the user of an Android device accessed these pages with a browser such as Chrome, the trackers made all browsing data available to the native apps running in the background. The data could then be correlated to the user account or the Android Advertising ID, i.e. de-anonymized.

Although Meta and Yandex have discontinued this type of spying, they may resume it in the future, possibly with other methods, and we don't know which other companies might follow their example. A foolproof way to avoid this sort of tracking is to refrain from installing any proprietary apps on a “smart”phone, especially if the app has a way of identifying users. To avoid proprietary apps, we recommend using the F-Droid store instead of Google Play.

Since most trackers, including the Meta Pixel and Yandex Metrica, are nonfree JavaScript programs, it is also good practice to prevent nonfree JavaScript from running in the browser, with an add-on such as GNU LibreJS.

Malware in Games

• Denuvo is a digital restrictions management (DRM) system that is integrated into the code of some PC games, as an “anti-piracy solution.” But what Denuvo does, really, is to make the games Defective by design.
  • It requires periodic connection to the Denuvo servers, even for games that can be played locally. As a result, a number of games became unplayable when these servers stopped working.
  • It limits the number of operating systems a game can be played on. This affects GNU/Linux users who try different versions of the Proton compatibility layer to play a game made for Windows.
  • It has a detrimental effect on game performance.

Of course, gamers hate Denuvo. But hate is useless. They should go one step further, and stop buying games that use DRM.

Source: Planet GNU