Posted on 02/20/2015 5:26:47 PM PST by E. Pluribus Unum
Source: Sovereignman Blog
File this under ‘you can’t make this stuff up.’
Lenovo Group, the largest computer manufacturer in the world, has made a rather stunning admission that they have been pre-installing tracking software on their PCs.
The tracking software is made by a company called Superfish, which apparently paid some “very minor compensation” to Lenovo for putting the software on people’s computers.
The Superfish program is a total disaster.
It has image recognition algorithms which essentially monitor what a user is looking at… then suggests relevant ads based on what it thinks you might like.
This is not only REALLY high up on the creepy scale, it also completely destroys Internet security.
Whether you’re buying something online or accessing Internet banking, the Superfish program essentially cuts the secure link between you and sensitive websites that you’re trying to access.
According to the first user who found the vulnerability a few weeks ago, “[Superfish] will hijack ALL your secure web connections (SSL/TLS) by using self-signed root certificate authority, making it look legitimate to the browser.”
This means that the tracking software basically fools a web browser into believing that a connection is secure when it’s not… all for the purpose of pushing more ads in your face.
This scheme is so powerful that even if users uninstall the Superfish software, the security breach still remains.
This is so flagrant I have to imagine that even the NSA is shocked.
After its initial approach of being completely unapologetic and dismissal, Lenovo is now groveling for forgiveness.
The company’s Chief Technology Officer now says, “We messed up badly here,” and “We made a mistake.”
Duh. But untold amounts of consumers out there have been totally violated.
There are a few interesting points to make here–
1) Privacy isn’t dead. But it’s extremely difficult to maintain. There are so many forces out there trying to pry whatever little privacy remains from us, one has to fight tooth and nail to preserve it.
2) There’s no transparency in the system; we never really know what’s going on behind the scenes with big institutions.
Governments and politicians will lie to our faces. They’ll tell us to be excited and that everything is fine; then behind the scenes they’ll plan for capital controls and huge tax increases.
No one has any idea what kind of toxic crap banks have on their balance sheets. They’ll post record profits and tell us how successful they are. But internally they know that it’s only a matter of time before they collapse (as we saw in 2008).
Even major tech brands are betraying the public in the dark of night with crazy spyware or selling us all out to government agencies.
There are very few, if any, big institutions out there that we can trust anymore.
And maybe that’s how it should be.
It’s a shark-filled world with bad people who do bad things. Perhaps it’s all the better that a trusted brand becomes the poster child for betrayal.
Because if Lenovo is doing this, are we supposed to be so naïve to presume that Google, Apple, AT&T, etc. are not?
Question everything.
Thanks!
Nope...
That comment stated HP had the contract but was supplying Lenovo computers.
Happens more and more often. One weird thing that happens practically every time I order something on line is that very soon I start seeing ads for the exact item I ordered and that will go on for several days.
Seems the 'wires' are crossed somewhere when they show ad after ad for something that was already purchased.
Is this from personal experience, or a news article. I'm flabbergasted that a major PC company would do something this stupid. If true, Lenovo's about to become a China-only PC company. They just flushed the entire IBM PC acquisition down the drain.
My iPad does similar things, posting ads for things I look at on unrelated web sites.
“Yeah and I bet the only thing they are sorry about is that they were unable to hide it well enough. Me thinks that is the big mistake they are bemoaning about.”
But isn’t that the way it is with everything today? The sin isn’t what you did, it’s getting caught at it. The crooked black lawyer from NC’s billboard ad is right on today: “Just Because You Did it, Doesn’t Mean You’re Guilty” is the rationale for everything in politics today.
this "application" basically intercepts the SSL cert chain so it can decipher your SSL streams and make any website (like you bank or any other "secure" site) appear as a valid cert, even if it is not. It is disassembling your SSL communications and then relaying them up the stack after it gets the info it needs. It is also capable of injecting java script ads into no SSL streams so you will get ads that are not necessarily encoded into the web page you are viewing... to force out ads on ANY web page you view if they so choose.
-- locate Windows list of trusted certificates by opening up the Control Panel and searching for “certificates”. This will bring up Administrative Tools and a “manage computer certificates” option.
-- Click on the “Trusted Root Certification Authorities” option and then “Certificates”. This will bring up a list of certificates.
-- If you see one with Superfish Inc attached to it, you may be vulnerable
-----------------
We use Lenovo in our corp environment for all laptops and we haven't seen this anywhere yet. Of course, we don't deploy the factory loaded OS. We format new laptops and install a clean operating system on them and always have for this VERY reason. OEM's cannot be trusted.
Personal experience. The ACES (new contract to supply all of NASA computers and support) rollout was a total disaster.
For at least a year, HP was blocked from putting any more Lenovos at Marshall Space Flight Center. I think that is still in effect.
bookmark
Grrrr.
Also be aware of Lenovo Veriface.
They didn’t screw up. They got caught. They got their cash already.
I only recently started using Ghostery....love it! Was amazed how many trackers are on just one site alone!
Exactly!
Lenovo developed a reputation for making high quality computers. Too bad that management got greedy. The returns to Lenovo on adware have to be very small, much smaller than the loss due to reputation damage.
Didn’t China also upload malaware on the picture frames that you hook up to your computer to download pictures?
This happens on my Samsung tablet all the time. I might look at a dress and then that exact dress is in an ad on the side of my screen. How can I stop this?
But I'd NEVER spend any kind of big money with the Chinese.
IMHO, any country that has a "Propaganda Dept of the Central Committee" 15 years into the 21st century, not only isn't worthy of trust, but is manned by a totality of professionally paid for liars.
As soon as I saw that China was buying Lenovo I knew they'd be jiggered to call back home with user data. There's no way that China, being China COULDN'T do this.
Buy anything above $100 from china band you're gonnna wake up with the bends, black eyes, drugged and drunk and anything else they can think to do to you. they not only don't care for you, they don't LIKE you one little bit and don't care a whit if your're hurt or not.
Deal with China and their Propaganda departments (which not only CAN lie, but MUST lie to meet their mission) not or face a disaster.
Hey...... you live in America where Comacast performs the same function via NBC and MSNBC
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.