A few years after Lenovo was caught pre-installing adware on computers without informing customers, the company has reached a settlement with the US Federal Trade Commission and 32 state attorneys general from across the United States.

Among other things, Lenovo will pay $3.5 million, get consent from customers before installing any similar software in the future, and offer a “comprehensive software security program for most consumer software preloaded on its laptops” for the next 20 years.

One thing Lenovo hasn’t done? Admitted responsibility for putting users’ data at risk.

In a statement, Lenovo says the the company “disagrees with the allegations contained in these complaints,” but that the company is “pleased to bring this matter to a close after 2-1/2 years.”

The software was called VisualDiscovery, and it was developed by a company called Superfish to intercept internet traffic and insert ads. It also turned out to be a security nightmare that put user data at risk and did not warn users when they were visiting insecure sites that were disguised as secure ones.

Eventually Lenovo provided users with a tool to remove Superfish software and the company claims to have stopped shipping VisualDiscovery on its computers in early 2015.

Lenovo’s statement says company officials are “not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications,” but that doesn’t mean it didn’t happen.

The good news is that in the wake of the Superfish fiasco, Lenovo has reduced the amount of bloatware that ships on its computers, and the company says it’s implemented a “comprehensive security and privacy review process” for the software that ships on its PCs.

A question not answered by Lenovos’s statement is why the company wasn’t doing that prior to the discovery that Superfish.

via Reuters

 

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,544 other subscribers

5 replies on “Lenovo agrees to pay $3.5 million fine for Superfish, promises not to do it again”

  1. For those who want Lenovo hardware robustness but without the privacy and freedom violating malware, you can format the drive, eliminating not only the bad apps but the equally bad Windows, and install a Linux distro like Linux Mint.

    https://www.linuxmint.com/edition.php?id=237

    If you want TOTAL trustworthiness, with no “binary blobs” that use secret, unreadable, unmodifiable programming for the wifi card, video card, etc., try

    Trisquel (for maximum stability) or
    https://trisquel.info/en

    Parabola (for maximum up-to-date ness),
    https://wiki.parabola.nu/Get_Parabola

    but be aware that to make Wifi work you may need to get a USB dongle like this:

    https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb

    Even better, you can get a used Lenovo like one of these that not only has a fully free distro like Trisquel or Parabola with Wifi, Bluetooth, video acceleration, and the webcam fully working, but ALSO, instead keeping the default BIOS / bootloader from Lenovo that locks you out of the deep roots of your own system and preserves a backdoor for Lenove and who knows who else, wipes that out and replaces with the fully free/open and trustworthy Libreboot:

    https://tehnoetic.com/laptops

    For those worried that Technoethical is based in Romania, rest easy – it has been around for a long time now and has earned an outstanding reputation among electronic privacy and freedom advocates. It’s the only seller currently offering the Lenovo T400s, which is the sleekest and most modern Lenovo laptop avaialble.

    If you’re still wary, here’s a US-based seller, although it only offers an older model that has no touchpad, just the pointer:

    https://shop.libiquity.com/product/taurinus-x200

  2. Too late. Lenovo is on my blacklist. Don’t see it coming off that list anytime soon. I doubt Lenovo cares, but a lot of people consult me when it comes time for them to buy new hardware.

    1. Me, too. There is no way I would tolerate malware. For regaining credibility, Lenovo would have to do more on its own than the courts do on its behalf. And greatly increase reliability and greatly improve support.

    2. On my blacklist also, as is moto the company they bought. This is only one of 3 malware/spyware instance they got caught recently.

  3. So what do the affected laptop owners get? A piece of software?

Comments are closed.