[somejerk123]

Once upon a time, I found this company's software on an employee's work laptop, installed by a jealous ex-boyfriend.

I called the company, and they refused to remove our data or even help with uninstalling the software without a court order.

The software helpfully logged the URL when it saved screenshots to S3, which it did every few seconds.

The S3 bucket was fully public, listable, readable, writable. It also contained keylogging and other data.

Not just from our employee. From everyone.

[derefr]

Perhaps you should have just sent the link to the S3 bucket to a news organization. Things would have handled themselves from there.

[somejerk123]

Between the red text on all their sites and this settlement, I'd say things did handle themselves.

The employee and jealous ex even made up, got married, and have children now.

Everybody lived happily ever after.

[heavenlyblue]

>> The employee and jealous ex even made up, got married, and have children now.

/s if not for the app, that ex would never be able to get over their jealousy

[nitwit005]

You could report them to AWS for violating the acceptable use policy. They have a line in there about interception: https://aws.amazon.com/aup/

[meowface]

People need to stop calling it (just) stalkerware and call it what it obviously is: malware. It's no different from any other form of malware. Just the criminals are probably people you know rather than online opportunists.

[peteretep]

You seem to think that "malware" sounds worse and somehow more specific than "stalkerware". Stalkerware sounds like a more nefarious subset of malware, and I'm not sure what conflating a more specific term into a less specific one achieves

[segfaultbuserr]

why not just "spyware"?

Am I getting too old?

[TeMPOraL]

I might be slightly younger, but under the meaning I remember, almost every website today would qualify as running spyware. Google Analytics is spyware.

This kind of stalker app reminds me of remote administration tools. They had another name, I don't remember what it was.

[krageon]

A RAT was frequently packaged in/used together with a trojan. Perhaps that's what you were thinking of.

[kingbirdy]

Different connotations, I think - I don't consider spyware to be targeted, it's more of a "send it to everyone and hope you get some juicy info on someone", whereas stalkerware makes it clear it's for specifically targeting individuals.

[watwut]

Different tools and uses and implications.

Spyware informs third party that is mostly not relevant about your actions. It is bad, but does not imply loss of freedom or physical danger around.

Stalkerware allows person who knows you personally to, well, stalk you. It implies more immediate threat to both freedom, privacy and physical safety.

[peteretep]

Could do. I guess I’d associate that with mass surveillance against many targets who aren’t know to the attacker? Stalkerware felt sufficiently evocative

[DoreenMichele]

Stalkerware specifies the malicious intent. It helps clarify what the problem space is.

[meowface]

That's why I added the "just". Call it stalkerware for the general public, and malware in a criminal or technical context.

[Dylan16807]

I think 'stalkerware' sounds much worse, so I'm not sure how that helps.

[meowface]

That's why I added the "just". Call it stalkerware for the general public, and malware in a criminal or technical context.

[nkrisc]

Did the data spontaneously delete itself?

[matheusmoreira]

Did you get a court order?

[koolba]

Could you overwrite the existing data?

[pjc50]

These days I would hope the GDPR big hammer could be brought to bear on such cases.

(Also, you could make the argument that installing such software on someone else's work laptop constitutes IP theft and/or breach of local computer security laws...)