A few years after Lenovo was caught pre-installing adware on computers without informing customers, the company has reached a settlement with the US Federal Trade Commission and 32 state attorneys general from across the United States.
Among other things, Lenovo will pay $3.5 million, get consent from customers before installing any similar software in the future, and offer a “comprehensive software security program for most consumer software preloaded on its laptops” for the next 20 years.
One thing Lenovo hasn’t done? Admitted responsibility for putting users’ data at risk.
In a statement, Lenovo says the the company “disagrees with the allegations contained in these complaints,” but that the company is “pleased to bring this matter to a close after 2-1/2 years.”
The software was called VisualDiscovery, and it was developed by a company called Superfish to intercept internet traffic and insert ads. It also turned out to be a security nightmare that put user data at risk and did not warn users when they were visiting insecure sites that were disguised as secure ones.
Eventually Lenovo provided users with a tool to remove Superfish software and the company claims to have stopped shipping VisualDiscovery on its computers in early 2015.
Lenovo’s statement says company officials are “not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications,” but that doesn’t mean it didn’t happen.
The good news is that in the wake of the Superfish fiasco, Lenovo has reduced the amount of bloatware that ships on its computers, and the company says it’s implemented a “comprehensive security and privacy review process” for the software that ships on its PCs.
A question not answered by Lenovos’s statement is why the company wasn’t doing that prior to the discovery that Superfish.
via Reuters
For those who want Lenovo hardware robustness but without the privacy and freedom violating malware, you can format the drive, eliminating not only the bad apps but the equally bad Windows, and install a Linux distro like Linux Mint.
https://www.linuxmint.com/edition.php?id=237
If you want TOTAL trustworthiness, with no “binary blobs” that use secret, unreadable, unmodifiable programming for the wifi card, video card, etc., try
Trisquel (for maximum stability) or
https://trisquel.info/en
Parabola (for maximum up-to-date ness),
https://wiki.parabola.nu/Get_Parabola
but be aware that to make Wifi work you may need to get a USB dongle like this:
https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb
Even better, you can get a used Lenovo like one of these that not only has a fully free distro like Trisquel or Parabola with Wifi, Bluetooth, video acceleration, and the webcam fully working, but ALSO, instead keeping the default BIOS / bootloader from Lenovo that locks you out of the deep roots of your own system and preserves a backdoor for Lenove and who knows who else, wipes that out and replaces with the fully free/open and trustworthy Libreboot:
https://tehnoetic.com/laptops
For those worried that Technoethical is based in Romania, rest easy – it has been around for a long time now and has earned an outstanding reputation among electronic privacy and freedom advocates. It’s the only seller currently offering the Lenovo T400s, which is the sleekest and most modern Lenovo laptop avaialble.
If you’re still wary, here’s a US-based seller, although it only offers an older model that has no touchpad, just the pointer:
https://shop.libiquity.com/product/taurinus-x200
Too late. Lenovo is on my blacklist. Don’t see it coming off that list anytime soon. I doubt Lenovo cares, but a lot of people consult me when it comes time for them to buy new hardware.
Me, too. There is no way I would tolerate malware. For regaining credibility, Lenovo would have to do more on its own than the courts do on its behalf. And greatly increase reliability and greatly improve support.
On my blacklist also, as is moto the company they bought. This is only one of 3 malware/spyware instance they got caught recently.
So what do the affected laptop owners get? A piece of software?