www @ Savannah: Malware in Proprietary Software – Latest Additions
The initial injustice of proprietary software often leads to further injustices: malicious functionalities.
The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.
We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.
Here are our latest additions
March 2026
- Shake Shack requires users of its mobile app to sign away their right to sue the company if they order their meals from their phones.
- Meta has been granted a patent to use so-called “Artificial Intelligence” to impersonate human users in social media platforms, for example people who are inactive or dead. To cover itself from predictable controversies, Meta declared that it does not intend to use the technology in the context of those examples. How long before the “invention” is used to impersonate active, living people?
February 2026
- HP has recently started pushing a spyware program called HPMediaNetwork.exe into users' computers exploiting a Windows universal back door via Windows Update. The software, which is designed to serve personalized pop-up advertisements on the user's screen, runs in the background to collect device and users' data that HP sells to advertising companies. The malfeature is implemented at both hardware and software levels, and opting out does not block ads entirely.
Users can avoid this and other kinds of mistreatment by choosing hardware that comes with free specifications and designs, and by installing only free software in their computers.
Microsoft's Software is Malware
- Microsoft is pushing Pretend Intelligence onto users of Windows, set up to be able to take real world actions on the user's behalf. This starts with a subset of enthusiasts but the company is probably planning to push it onto everyone.
Since Windows 11, like several previous versions, has a universal back door enabling Microsoft to remotely change the system code, any limits the user specifies for what Microsoft can do to per (the user) are no more than requests. If you don't want to be messed with, you should not run Windows. Nonetheless, Microsoft might heed those requests.
Warning: this article seems to ridicule the idea that users might use a feature to limit what the PI has access to on their own machines.
- Windows encrypts disks for “security,” but reports all the encryption keys to Microsoft so that the encryption doesn't provide real security. Once Microsoft has these keys, it can't refuse to give them to the FBI. However, for real security you need to be able to use your own choice of keys. Microsoft stops users from doing that.
- OnePlus 13 and 15 smartphones shipping with ColorOS versions 16.0.3.500/.501/.503 implement an anti-rollback feature which physically renders the device unusable if the owner tries to modify the operating system running in it.
At the time of writing the restriction affects only those two models and only ColorOS, but it is expected that the company may extend it to older models of the phone as well as to OxygenOS, the variant of the operating system installed on phones intended for the global market.
January 2026
- Google has rolled out a new software app which allows employers to log all messages sent through the Rich Communication Services (a newer replacement for SMS messages) on company-owned phones provided to employees, amplifying the surveillance workers are subjected to.
“Bossware” as it's called, explicitly requires nullifying user agency in favor of a third-party (the boss), and therefore requires proprietary software.
Microsoft's Software is Malware
- Microsoft has, repeatedly, pushed software changes meant to make it harder for users to use a web browser different than Microsoft's.
December 2025
- The software installed in electric buses manufactured by Yutong in China and exported to some European countries contains a back door that enables the company to remotely control and even deactivate the vehicles.
November 2025
- Universe Browser, tied to online gambling platforms in Asia and marketed as a “privacy browser,” installs various malicious functionalities in the user's computer.
- Bowing down to the US government, Apple and Google removed from their stores several applications used for reporting ICE raids. Google even tried to justify it by calling ICE thugs a “vulnerable group,” despite them being the ones who carry the weapons.
- An app called ICEBlock tried to set up anonymous posting and anonymous access to data about where US deportation thugs are operating. It didn't keep records about who was using it—but Apple's own records would be enough to make them vulnerable to snooping by the US government to find who uses the app.
Apple later removed ICEBlock from its store at the request of the US government.
Source: Planet GNU