Oct 042013
 

Razer logoFirst, for all of you who do not know [Razer], the company is known for designing and building “gaming gear” like mice, keyboards, headsets and stuff like that. While I am personally convinced that the build quality of Razer products sucks (I have a Razer Lachesis mouse myself, ultra cheap plastic), they are very expensive and somewhat well accepted and respected in the gaming community, for whatever reason there may be.

Ok, so much for that. Now to their new software. Razer [Synapse 2.0]. Previously, your mouse/keyboard would come with a driver for multiple operating systems and a small application for Windows systems to configure the device. All of that offline, naturally.

Now, Razer Synapse 2.0 is different. The application requires an Internet connection as well as an account in the “Razer cloud”. What it does is to synchronize all your input device settings to the cloud servers so you can reattach the device to another machine with Razer Synapse 2.0, log in with your account (!) and use the device with the settings you’re comfortable with. There is however one significant problem I have with that.

Without an account, you cannot use the software, as confirmed by Razer themselves. What you are presented with is this:

Razer Synapse 2.0 login screen

Razer Synapse 2.0 login screen

No account, no configuring your mouse or keyboard! Without configuration it stays dumb. No macros, no DPI settings (unless there is a hardware button for that), no firmware updating, nothing. Resembles DRM, but what would hardware need DRM for? It makes no sense! So why is Razer doing this? Let me show you a little something taken from the Razer [privacy policy] which is being referred to by the [terms of service] for Synapse 2.0, it’s quite enlightening:

“We collect information by using “log data” and “cookies,” by obtaining information from your usage of our Services, and by asking for information when visitors buy a product, register for and/or use a Service, or do various other things, as described below.” – Razer privacy policy

“Aggregate Information and Non-identifying Information: We may share aggregated information that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data (which also do not include Personal Information) with third parties for industry analysis, demographic profiling and other purposes. Any such information shared in these contexts will not contain your Personal Information. If aggregated or Non-Identifying Information is tied to your Personal Information, it will not be disclosed except as set forth in this Privacy Policy.” – Razer privacy policy

“Advertising Networks and SNSs: We work with third party advertising networks which may collect information about your online activities through cookies and other technologies when you use the Site. The information gathered by these advertising networks is used to make predictions about you, your interests or preferences and to display advertisements across the Internet tailored to your apparent interests. We do not permit these ad networks to collect Personal Information about you on the Site. Please note that we do not have access to or control over cookies and other technologies these ad networks may use to collect information about your interests, and the information practices of these ad networks are not covered by this Privacy Policy.” – Razer privacy policy

We may also provide SNSs with your e-mail address so that they can better customize the advertisements that are displayed to you when you use those SNSs. Please note that we do not have direct control over these SNSs and their activities are not covered by this Privacy Policy. However, if we provide your e-mail address to SNSs for this purpose, we shall have a reasonable basis to believe that the SNS shall (a) protect the security and integrity of the data while it is within the SNS’s systems; (b) guard against the accidental or unauthorized access, use, alteration or disclosure of the data within the SNS’s systems; and (c) shall not use the data if you are not a member of the SNS.” – Razer privacy policy

“To use the Services, you have to register for and maintain a Razer account in a form as required by us (“Account”). You agree to provide accurate information when you register.” – Razer Synapse 2.0 terms of service

So basically, it’s saying that it may very well be spy ware. Always-on spy ware, mind you. For as long as you stay logged on to Synapse 2.0 to change your mouse settings or whatever, it may collect and share data from your machine. It may listen in on your emails, web browsing behavior, everything! I’m not saying it does serious shit like that, but what other reason could they have to write terms of service and a privacy policy like that? Synapse 2.0 doesn’t really do anything good for the user. And it does most surely collect some data from your system.

On top of that, a lot of new Razer devices don’t come with their regular older software anymore. So you’re forced to use Synapse 2.0 if you want to properly use the devices. Plus, there is lots of luring you in going on right now. I have for instance signed up with Synapse 2.0 (on their website, I have not actually installed the software) to get some Razer cockpit dice for [Mechwarrior Online] (which I think is otherwise a cool game) for free. So you might actually get caught in that trap just for a pair of furry dice like these:

Razer MWO dice

Razers free Synapse 2.0 dice for your Battlemech cockpit in MWO

And frankly, the dice don’t even move around that nicely, where is my PhysX? Or Havok? Or whatever CryEngine 3 uses, probably its own physics engine. And if you do install the Razer Synapse 2.0 “trojan” on your system just for that or some of the other ingame bonuses Razer gives away… oh well. You just sold yourself out.

So frankly, I do not know what kind of stuff Synapse 2.0 really spies on. But the terms of service would indicate that it might spy on pretty much anything and sell out the profiling data plus your email address to whoever pays enough. And there I was, wondering where all those waves of spam came from recently. A new kind of spam syntactically, and in greater volume than before. I haven’t linked it to the Synapse 2.0 registration at first, but the timing is almost perfect!

Figures.

CC BY-NC-SA 4.0 The Razer Synapse 2.0 spy ware by The GAT at XIN.at is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

  22 Responses to “The Razer Synapse 2.0 spy ware”

  1. I once had a razer mouse, it was cheap. It sucked donkeyballs. Never again. But anyway, would a mouse like this work properly with x-buttonmousecontrol?

    BTW, I have a “csl computer” mouse (wired), from amazon.de. It’s ‘ergonomical’, 5 buttons and scroll for 15 euros. It works and feels quite allright. I really like it, and doesn’t come with any software.

    • Yeah, Razers’ hardware just sucks, quality-wise. In any case, if your stuff works for you, then by all means, keep it!

      My GeIL Epicgear AnurA mouse ain’t perfect either. The wheel sensor is clearly its weak spot, and while I fixed it once, I surely won’t be able to do that a second time. The plastic of the mechanical sensor – made by Alps btw. – is just wearing out over time, and as long as I don’t know the Alps part number of that thing, I can’t replace it either.

      But still, software-wise it’s an interesting proof of concept. The mouse does come with a software for profile configuration (all stored within the mouses’ firmware, not in any cloud), and you can update its firmware too. But none of those functionalities need a kernel driver!

      Instead, all that communication is done via the standard Microsoft HID driver. Which means that you can change pretty much any setting and even flash the firmware of USB devices with just the MS HID driver. And that’s what’s making me ask the question: “What does Razer even need a kernel driver for?”. Of course, that in itself is not a problem related to privacy or anything, but in recent days, you know…

      In any case, after posting this little article, I knew I couldn’t support Razer anymore, if they keep doing things in such ways. And since then, I haven’t seen anything from them that would change my opinion.

  2. For those hoping to go the Logitech route know this, they too have a Keylogger on their newer keyboards.

  3. Im having the same issue with Razer Synapse app. these company think that they’re building a better driver for their pherepherals but theyre not they cant even fix their own problems shame. How can we get back on Razer ? Hmmm can we just buy your blrand and plug it in without any of your rip off drivers ?

    • Hello Ben,

      Well, if you’re unhappy with Razers software policy (like me), then the best way is to simply not buy their stuff. That’s why I switched over to EpicGear with my new AnurA mouse. Yeah it’s ugly, but it feels nice to the touch, doesn’t even NEED a driver (everything can be controlled with their software while still using Microsofts stock USBHID driver!), and just works.

      GeIL/EpicGear AnurA
      It’s still fugly though… but functionally perfect, both soft- and hardware-wise. (Click to enlarge)

      AnurA at night
      At night. You can turn off the lights in case you hate that stuff. (Click to enlarge)

      Also, you can store settings on its onboard flash memory and then use it with said settings on any operating system – whether Windows 2000, Windows 10, Linux, Solaris or BSD UNIX, whatever. So I made my decision to simply abandon Razer. The end.

      I mean, you can still use a Razer mouse without their software. It’s just crappy because you can’t configure anything without the Razer “cloud” anymore. Guess how much “fun” it is to use such a mouse on UNIX…

      Decision’s up to you of course, but I’ll stay with Logitech at work and that nicely driverless AnurA mouse at home. No problems ever since. So there are still options.

  4. The OP is right,

    I had almost NO problems with Razer mice, that is until Razer decided, in all their wisdom, to do this Razer-Synapse-Framwork “spyware”.
    I’m sick of these random BSOD-USB-driver crashes that completely disable my entire system.
    Obviously this is a serious Razer issue, ‘casue as soon as I plug in ANY other mouse, BSOD’a are gone. ?!
    Also, in Linux I had no issues with Razer mice.
    So this is definitely a Windows/Razer problem, but for 2-years now, with no end in sight ?
    Comon Razer, get you heads out of your A__’s.
    Razer’s Techsupport is even worse, with their constant denials and lies.

    So, I don’t really care what Razer is trying to do with their iCloud-server-mandatory-login to get your Driver, or else nada for you. Eye in the sky ?, indeed.
    Synapse is just a piece of crap.

    Instead of a Razer “Naga”, all you’re getting is a “Nada” overpriced piece of plastic.

    I can’t believe for the money we’ve spent on their hardware, this is how they treat their customers ?
    Sadly,
    Razer has turned into a sly “merchandizing” gimmick company,
    so steer clear of them, and their “synapse” spyware.
    Buyer Be”ware”. .

    Atleast Logitech still gives you a “real” offline seaparate, and downloadable driver.

    • This is not absolutely new though. My boss at work who is using the same mouse as I do – a Razer Lachesis – also had the Razer kernel driver BSOD on him occasionally, although that was with the old regular driver, not Synapse 2.0. Only difference is, that he is running Win7 x64, while I am running XP x64. I never had any BSODs at least.

      On Linux you’re more lucky, ’cause the mouse driver on Linux (or UNIX) is not built by Razer. ;)

      I do have to say that I don’t have too much experience with their customer support though. I only had an issue once, where moving the mouse pointer in a linear fashion at a low angle like this…

      Razer Lachesis mouse acceleration problem on XP x64

      …was problematic when mouse acceleration was enabled, resulting in the mouse pointer moving around weirdly. So I had to disable it. According to Razer customer support, they forwarded my report to the developers and it was likely a “XP x64” issue. So I’m now working without mouse acceleration, but that’s at least non-critical. But yeah, they never fixed it. Then again, who but me is using XP x64?!?

      But still, for like 90€ I should be getting a better mouse wheel, better microswitches, non-unibody mouse buttons and a metal base frame at least.

      But look at ThermalTakes Level 10 M mouse. Designed by BMW Designworks USA, they sent an all-metal prototype to Tom’s Hardware for reviewing, then they printed their high score from that review on all Level 10 M boxes. Only that the mouse wasn’t the same anymore, now largely made out of plastic with far lower quality switches. Only the base remained aluminium.

      I do dislike Razer these days, but they’re by far not the only ones fucking with their customers. At least Logitech seems to do some high quality stuff still. So my next mouse is probably also going to be a Logitech.

      Including an offline driver I hope. :)

      • …yes, regarding which versions of Windows, you’re right,

        all of my Razer-synapse-BSOD-issues only started occuring primarily “after” I upgraded everything to “Win7 x64” – and that, was about 2 years ago. -therefore, that is NOT a coincidence, and Razer-synapse should have fixed all these issues by now !
        Obviously Razer’s synapse-software/drivers is crap these days, (with regards to Win7-x64), though, I don’t know if these Razer issues persist in Win8 ?

        However, on “WinXP”, (and Linux, as mentioned), my Razer-mice, …, were all fine.

        -> One group of Mice I’m starting to look at, besides Logitech, is “Perrixx”, especially for some of their Gaming-mice. -they have a lot of good reviews, and they are less that half the co$t of a Razer.
        :)

        • …sry, typo: it’s mice by “Perixx”.

        • I have to admit, I’ve never heard of Perixx before, seems to be a German company even? I’ll keep an eye out for their mice in the future!

          If only they would manufacture them in Germany even, now wouldn’t that be something! But I guess that’s asking for too much. ;) Judging from the pricing of other “Made in Germany” or “Made in Austria” electronics (like certain headphones), that’d be some seriously expensive mice then.

          About Razer mice on Windows 8; I have not heard of any serious problems so far, but who can tell? Many gamers keep using Windows 7 these days. I do know of only one particular person using Win 8.1 and a Razer Deathadder without problems. But then again, he didn’t have any problems on Win7 x64 either. Who can say.. I don’t know too many people who would go the Win8.x route.

          Lots of “Win7 is going to be the new XP” talk..

          • hey Thrawn,

            ok, well I just picked up BOTH the “Perixx (Iron) MX-1000”,
            and the Gigabyte-“Force-M7 Thor”, from amazon, and still have $20 to spare, compared to the price of only “one” Razer-(DeathAdder 3500,… whatever). ?!

            They both have good specs, for gaming,…, and they’re feelin’ better every day, but more importantly, no more weird-random-BSOD’s on my MB’s(win7-64).

            Soooo yep, the Razer’s of today are just waaaay over-priced for wat-u-get.
            …good luck with that “synapse” shite Razer. -ba-bye.

            • I am not sure whether you will get notified by this reply, but maybe you’d like to check [this new mouse] out, that I just got. It’s actually “driverless”, in the sense that all of its functions including advanced configuration are available without having to rely on any additional kernel driver other than the standard Microsoft HID driver.

              The hardware based configuration storage and switch functions as well as the “driverless” operation also make this ideal for Linux and UNIX systems, as well as others like BeOS/Haiku etc.

  5. Hey OP, nice job spreading anti-Razer propaganda long after all these “spyware” claims were proven false.

    That “user-generated info” bit? So many other programs have that, including things like Steam. Are you gonna start saying Steam is “spyware” too?

    Perhaps you should learn what the ToS actually means before you start deeming it “spyware”.

    • I respect your criticism, but with closed source software, you can never really prove – at least not without a massive amount of work, disassembling the entire binary and analyzing every single CPU instruction – that it’s safe. So yes, I dislike this part for Steam too, and would never fully trust it with anything, suspecting it of doing things it should not.

      For Synapse 2.0, what makes me so wary is that this software does simply not require all that power, and I don’t like it when something asks for power that is simply not necessary for the software to function. It’s a freaking mouse control panel! It shouldn’t even be able to collect any data!

      Thing is, we’re getting used to allowing software to take too much control over our data and do with it as “they” please, gaining too much influence. And at some point it might very well turn into that spyware, even if it might not be today (which I still do not consider amply proven, listening on the wire with WireShark for a few hours can hardly ever count).

      I consider the entire concept of centralization that rules IT these days (cloud, streaming, etc.) as a wrong turn. Power over everything shall lie in the users hands alone, and data that does not absolutely have to be online simply shouldn’t be!

      Plus I believe I do grasp the meaning of the ToS just fine, and will keep suspecting every piece of software that asks for more than it should to be spyware indeed, including Steam. We should always stay suspicious of such software and we should monitor it very, VERY closely in my opinion, especially these days. Paranoia may seem strange at first, but I believe it to be quite healthy these days actually.

      In my opinion, trust shall only exist where it is absolutely necessary.

      If you do have reason to believe that I misinterpreted the ToS at some point, please do point out where exactly, so I can look at it again and see if I made a mistake somewhere.

  6. I have good trick for this. I have razer naga mouse and it uses Synapse 2.0 Razer naga and many other mouses have their own memory inside. So, I download Synapse to my old computer and set dpi and other settings, then I just connect mouse to the new computer without Synapse and mouse use right settings. But this requires old computer that you are not using. Maybe this helps

    • That’s a valid approach of course, if you can store all necessary information on the device. But I fear Razer will drift away from onboard memory to cloud storage entirely in the future. Better to hold on to whatever tech we have now, or switch to another manufacturer?

      By the way, your suggestion gives me an idea: This might also work from within a virtual machine. So, take a snapshot of your testing VM, install Synapse 2.0, configure the profile, store it on the mouse, then shut the VM down and revert to the snapshot to get rid of the Synapse 2.0 installation completely. Could also work fine I guess. Then you don’t need a second physical machine to pull this off. :)

      I am not sure, whether the Razer drivers will run fine from within a VM however.

  7. I just received a Razer Nostromo gamepad today, for use as an alternative keyboard with my favorite flight simulator.

    Installation required connecting and downloading of the Razer Synapse 2.0 software/driver for my Apple computer. Once installed, and my computer rebooted, I was presented with the need to login to the Synapse “feature”.

    Having created a new account and logged in, I proceeded to program the Nostromo’s keys and input mechanisms (14 keyboard-like keys, a clickable scroll-wheel and a multi-directional thumb pad (think mini-joystick). When I was ready to program the “Programmable 8-way directional thumb pad”, I could not. No means of defining the thumb-pads behavior was presented by the Synapse software. There is no paper documentation to describe the process. There are no local help files to learn the procedure, and no mention on Razer’s Support website. So, I completed a help request form at the Support site and am awaiting an answer in the “typically 24 hour” response time cited.

    In the meantime, I would like to shutdown or terminate the Synapse software. There is no such option offered. The software runs as a background process on my computer, doing whatever it feels like. I am unable to terminate the process manually via Apple’s Activity Monitor or force it to quit …it just keeps on running its 35 Megabytes worth of code at my expense.

    When I begin to research “Razer Synapse” on the internet, I find many mentions of it being suspected to be spyware. How Nice. I have uninstalled Synapse, and requested an RMA from the internet retailer where I made the purchase.

    I do not like being forced to login to Synapse upon every boot of my computer, whether I intend to use the peripheral or not. I do not agree to their Subscriber Agreement that states “By using Razer Synapse 2.0 (“Synapse”), the Subscriber agrees that Razer may collect aggregate information, individual information, and personally identifiable information. Razer may share aggregate information and individual information with other parties.” I don’t care if this verbiage is common boilerplate …it is not appropriate to use extortion to gain access to my personal computer in exchange for my use of a hardware peripheral for which I paid a handsome amount of money. I do not need a cloud-based repository for my programmable peripheral’s settings, so do not force this upon me.

    I will not consider any Razer product in the future, and will be sure to tell all my friends of this truly negative experience.

    • I think it speaks for you, that you’ve decided to actually return the product because of Synapse 2.0. Most people wouldn’t, as most people would decide to just live with it despite potential consequences. Even if Razer does not actually mine your behavior data, we should simply not agree to subscriber agreements like this one. If we start doing that all the time, we might get far too used to it.

      But by the way, if you can identify the Synapse process and its process ID on your OSX, e.g. by running ps aux on a command line, you could maybe terminate it using kill PID or pkill processname. If it refuses to terminate, kill -9 PID or pkill -9 processname would usually do the trick, sending signal 9 (SIGKILL) to the process instead of the default signal 15 (SIGTERM), that your OSX Activity Monitor is probably also using to shut down processes more gracefully. SIGKILL will really “kill”, not leaving the affected process any time to save it’s volatile data or anything.

      But yeah, me personally, I welcome your choice. I have also decided to stay away from Razer now. I’ll keep my Lachesis though, as it does not require Synapse, just the old offline software.

      Never forget, the primary goal of any company is never to provide the best product or service or to respect your privacy. The primary goal of any company is profit, and profit only. The trick is to find companies who specialize in serving people that would like their privacy more intact than not. ;) Plus, serving people who’d like good support. Also a rarity these days it seems.

  8. Oh yeah, I can tell a lot about Razers build quality. If it wasn’t enough already, we are forced to use always-on and cloud services just to configure a device properly which is not required to be supplied with internet access. Strange, very strange and suspicious. And speaking of build quality, I already “spent” two mice from Razers new product portfolio but the third (which was actually the first one bought) is still alive and running very well, although its a ball mouse -> Razer Boomslang :)

    • Ha, the first Boomslang! Classic. Never had one, only had the newer limited edition version, but I couldn’t use it, for ergonomic reasons. Plus, back then I was a fan of Microsofts IntelliMouse Explorer series, still have the 1.0 and the 3.0, both work. Only problem is that for my 30″ monitor I simply need a higher-dpi mouse, which is why I tried some newer Logitech and also the Razer Lachesis I have now. But I’m not impressed. Cheap plastic crap really. The Logitech was very nice to the touch, but the electronics failed very fast, making it an unrecognizable USB device.

      For what those Razer mice COST I’d expect a lot more build quality with lots of metal and high-grade micro switches and shit. And the software part, yeah, just plain unacceptable.

  9. I have a razer mouse and it’s the last!

    • Actually, I too have a Razer mouse, a Lachesis. Fortunately, it’s a slightly older device, that doesn’t require Synapse 2.0 yet. But overall, I’m not too satisfied, the build quality could be far better for the price. I have to admit though, that I’m not sure how to replace it. For keyboards it’s easy, I just use the IBM model M and that’s that.

      But for mice, I can’t just go retro, as I need at least 5 buttons and a scroll wheel as well as high dpi (30″ monitor, high res). Maybe I’ll try Logitech again..

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

(required)

(required)