A few years after Lenovo was caught pre-installing adware on computers without informing customers, the company has reached a settlement with the US Federal Trade Commission and 32 state attorneys general from across the United States.
Among other things, Lenovo will pay $3.5 million, get consent from customers before installing any similar software in the future, and offer a “comprehensive software security program for most consumer software preloaded on its laptops” for the next 20 years.
One thing Lenovo hasn’t done? Admitted responsibility for putting users’ data at risk.
In a statement, Lenovo says the the company “disagrees with the allegations contained in these complaints,” but that the company is “pleased to bring this matter to a close after 2-1/2 years.”
The software was called VisualDiscovery, and it was developed by a company called Superfish to intercept internet traffic and insert ads. It also turned out to be a security nightmare that put user data at risk and did not warn users when they were visiting insecure sites that were disguised as secure ones.
Lenovo’s statement says company officials are “not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications,” but that doesn’t mean it didn’t happen.
The good news is that in the wake of the Superfish fiasco, Lenovo has reduced the amount of bloatware that ships on its computers, and the company says it’s implemented a “comprehensive security and privacy review process” for the software that ships on its PCs.
A question not answered by Lenovos’s statement is why the company wasn’t doing that prior to the discovery that Superfish.