Malware in Webpages

English [en] Deutsch [de] français [fr] русский [ru]

Associate members power up the Free Software Foundation. Help smash our goal of 700 new members or donate by December 31st!

Donate Join

$198,581

$450,000

Other examples of proprietary malware

Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.)

Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa. It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some.

This page lists web sites containing proprietary JavaScript programs that spy on users or mislead them. They make use of what we call the JavaScript Trap. Of course, many sites collect information that the user sends, via forms or otherwise, but here we're not talking about that.

Some websites send JavaScript code to collect all the user's input, which can then be used to reproduce the whole session.

If you use LibreJS, it will block that malicious Javascript code.
Many web sites snoop on information that users have typed into a form but not sent.
A research paper that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.”

Following is a non-exhaustive list of some proprietary VPN apps from the research paper that tracks users and infringes their privacy:

VPN Services HotspotShield

Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly five tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website).

WiFi Protector VPN

Injects JavaScript code into HTML pages, and also uses roughly five tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking the user and displaying ads.
E-books can contain JavaScript code, and sometimes this code snoops on readers.

“Our mission is to preserve, protect and promote the freedom to use, study, copy, modify, and redistribute computer software, and to defend the rights of Free Software users.”

The Free Software Foundation is the principal organizational sponsor of the GNU Operating System. Support GNU and the FSF by buying manuals and gear, joining the FSF as an associate member, or making a donation, either directly to the FSF or via Flattr.

Please send general FSF & GNU inquiries to <[email protected]>. There are also other ways to contact the FSF. Broken links and other corrections or suggestions can be sent to <[email protected]>.

Please see the Translations README for information on coordinating and submitting translations of this article.

This page is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Updated: $Date: 2017/11/19 08:59:04 $