CRW

Home Wiki

Spyware

View on consumerrights.wiki ↗

Contents8
  1. How it works
  2. Data that tends to get collected:
  3. Why it is a problem
  4. Spyware & data collection from a consumer rights perspective:
  5. Types(illegal/malware)
  6. Methods used by companies (legal)
  7. See also
  8. References

Spyware is a form of malware designed to gather information from the infected device. Spyware comes in many different shapes and forms and may be installed intentionally or unintentionally.[1]

There is considerable debate over the scope of the term malware; while some people and groups qualify certain non-malware software as spyware, such as Microsoft, Meta, and Google[2] owned software due to the large quantity of data these corporations collect from its users, others disagree with that qualification, due to the user having technically consented to the data collection.

How it works

Spyware comes in many different forms. It may present itself as an actual software, while secretly spying on your device in the background.

Malware with deeper level access to your device has more potential for harm, which is a reason some are cautious of Kernel Level Drivers and Kernel level anti-cheats.

Some "free" services, such as Google services(check here for more info: List of Google products), often come at the cost of user data being collected to be sold for profit and/or to be used as training data for artificial intelligence.[3]

The legally collected data may also just be diagnostic data or just a way to make things "more convenient"(like with cookies).

Data that tends to get collected:

  • Username
  • Passwords
  • Email addresses
  • Diagnostic data(how you use their platform, errors & crash reports, logs, etc)
  • Phone Numbers
  • Payment Information
  • Stored videos & photos
  • Metadata of photos & files
  • Stored documents
  • Contact info from other devices.
  • Internet-protocol(IP) addresses
  • Browser Type
  • Device Type[2]

Why it is a problem

Spyware, as the name suggests, spies on the device, which contains the user's data. Spyware is inherently negative for users' privacy. As companies like Microsoft, Meta and Google are collecting more information on consumers(either by legal or illegal means), they make users less secure & more susceptible to data breaches/leaks.[4]

Spyware & data collection from a consumer rights perspective:

Lack of transparency from companies:

A lack of transparency on a consumers ability to opt-out of data collection if even possible is quite common among popular services.

For example, a usage of Deceptive language frequently used against consumers or simply hiding things in the terms of service may be enough trick a consumer into thinking there is nothing wrong with the service or may be enough to prevent/discourage a consumer from learning what a company does with their data & what data they collect.[5]

Lack of a consumers control:

Many corporations use Forced arbitration or Consent-or-pay in order to gain access to user data, with the main incentive/goal of doing this being a desire to make profit(which is why many companies are okay with users opting out of data collection as long as the users still pay for the service as found in Consent-or-pay).[6][7]

The need for consumer control and proper disclosure:

Reasons/arguments include:

  • Improved user satisfaction
  • The ability to opt-out allows users to prevent their sensitive data from being leaked in the event of a data breach
  • The option for consumers to properly see the data being collected allows them to more easily infer what data tends to be collected without dealing with intentionally deceptive language[8]

Types(illegal/malware)

  1. Adware: This type of spyware monitors user activity to then sell that data to malicious advertisers.
  2. Info-stealer: This type of spyware takes data from the device, such as recent actions, applications, etc.
  3. Key-loggers: Key-loggers are a type of Info-stealer that gains access to data by observing keystrokes done by a user on an infected machine(This data is then saved onto an encrypted log file).
  4. Rootkits: Rootkits allow infiltrators extreme levels of access to a device(around administrator level).[1]

Methods used by companies (legal)

  1. Cookies: Small pieces of data stored in files on your device(s). This type of data may include, but is not limited to: Preferences on websites, login information, & your browser history.
  2. Tracking Pixels: Tracking pixels are incredibly small images that are embedded into websites or emails. This method allows companies to see how users interact with their content on the web.
  3. Accounts & Online Forms: Websites typically have users sign up with an account so they can tie data to it. Both account setup and forms similar to it tend to require data such as: Email addresses, phone numbers, Names, & sometimes data that should be optional(like your location).
  4. Device & location tracking: Some websites will request access to your geographical position(which can be declined), but what tends to be collected more often are IP addresses(usually outside of your control).[9]

See also

References

  1. 1.0 1.1 "What Is Spyware? Definition, Types, And Protection". Fortinet.com (Uses text to communicate information(with some additional imagery)). Archived from the original on 13 Dec 2025. Retrieved 19 Jan 2026.
  2. 2.0 2.1 Petrino, Gene. "The Data Big Tech Companies Have On You". security.org (Uses text to communicate information(with some additional imagery)). Archived from the original on 11 Jan 2026. Retrieved 21 August 2025.
  3. "What Does Big Tech Actually Do With Your Data?". forbes.com. 16 Feb 2022. Archived from the original on 6 Dec 2024. Retrieved 31 Jan 2026.
  4. "Data Breaches 2025: Biggest Cybersecurity Incidents So Far". pkware.com. 2 Jan 2026. Archived from the original on 16 Jan 2026. Retrieved 31 Jan 2026.
  5. Libbey, Madeline; Micek, Peter; Cheng, Sage. "Going dark: companies today release fewer transparency reports, less data". accessnow.org. Archived from the original on 21 Oct 2019. Retrieved 2026-02-01.
  6. "Forced Arbitration Clauses: What's at Stake and Why it Matters". 28 Oct 2024. Archived from the original on 14 Nov 2024. Retrieved 31 Jan 2026.
  7. "Consent or Pay Models: Are Paywall Cookie Consent Legal For Site?". 21 Aug 2025. Archived from the original on 7 Sep 2025. Retrieved 31 Jan 2026.
  8. Podolsky, Michael (31 May 2024). "Why Prioritizing Consumer Rights Matters For Businesses". forbes.com. Archived from the original on 27 Oct 2025.
  9. Davis, Lakisha (11 Apr 2025). "Data Harvesting 101: What Companies Know About You (And How They Use It)". metapress.com. Archived from the original on 19 Apr 2025. Retrieved 20 Jan 2025.
Filed under