Slashdot Mirror
Lenovo Collects Usage Data On ThinkPad, ThinkCentre and ThinkStation PCs
New submitter LichtSpektren writes: Following up Lenovo's blunders regarding the Superfish malware and altered BIOS, Michael Horowitz at ComputerWorld reports that a refurbished ThinkPad he bought includes Lenovo spyware under the guise of "Customer Feedback". After some digging around, he found the following in a support document: "Lenovo says here that all ThinkPad, ThinkCentre and ThinkStation PCs, running Windows 7 and 8.1, may upload 'non-personal and non-identifying information about Lenovo software application usage' to 112.2o7.net."
Didn't we all agree the other day that ThinkPads are for running Linux?
Doesn't Lenovo read the news? There has been a big on big spying organizations lately... Don't they have to know that eventually they're going to be caught doing this eventually and there will be negative coverage? That the more they do this, the more of a reputation the company gets that Lenovo == spying on you?
Doesn't this deter corporations who may have trade secrets or other concerns about security from bulk-purchasing Lenovo in the future? Doesn't it turn their brand into shit? Do they really want to see #fuck-lenovo-spyware trend on Twitter?
(You know what to do.)
I don't get the calculus they're making. What returns do they get vs. the costs when they get called out for doing this?!
don't buy lenovo... we get it.
I realize that most business models are usually wiped/imaged anyway, but this is more disgusting behavior by Lenovo. Stuff like this will keep me from buying and recommending their products.
"A plan fiendishly clever in its intricacies"- Homer Simpson
That's fantastic news. Next up: all EULAs say the software enclosed within is not fit for any purpose and may send your data up to Mars - news for nerds.
You truly care about security but absolutely need Windows on the host? Wipe the preinstalled software, install a fresh copy, put a firewall+AV on it, don't allow unknown traffic to go out, and that's it.
Where is all the open-source "libre" hardware that we were promised 2-to-3 years ago?
Everything is so locked down, controlled, monitored, and back-doored these days (thanks, smartphones!). Almost every new computer has Intel's AMT integrated into it—a complete computing system within a computing system; it has its own operating system and its own non-volatile ("hard disk") storage, and it's own RAM, and it can access the rest of "your" system even when it is supposedly turned off (though still connected to power, obviously).
We're totally fubarred.
What happened to the ARM-based netbooks? What happened to the OpenMokos? What happened to the novenas and the open systems-on-a-chip? All we have is the incomplete Neo900 fanboy club, and FSF's lauded Gluglug x200 junk.
There is no competition in hardware, anymore. At best, we've got China's Loongson, and even if that shit could be imported from behind the new iron curtain, it's probably backdoored just the same by the "People's" Republic of China.
We're totally screwed.
Computing is junk. Ted was right; bomb the lot.
Unfortunately I really like the Moto X, but after Lenovo's privacy issues and cavalier attitude, I'm not going to be considering any Motorola products, either. We need to punish companies that treat us like this.
What IT professional is still willing to purchase any Lenovo product, be it for personal or enterprise use?
These companies already know that a computer savvy user won't touch their junk with a 10 ft. pole, while the average Joe doesn't seem to care.
You could say the average user today is akin to the Indians, will trade away things they don't fully understand like privacy and personal info for a few virtual beads and trinkets.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Breaking news: Lenovo customer feedback software uses Adobe Analytics to analyze customer feedback (http://www.2o7.net)
Nothing to see here, move along.
Do these guys not know about information theory or do they simply not care? Give a good demographer a few tiny tidbits (IP Address is often enough) and they have all the personally identifiable information they need. Maybe not enough to convict someone but well enough to be very very sure as to who it is.
/. users will be buying their products. Even this tiny fraction of their customer base must be worth more than whatever tiny gains they made.
People keep talking about utilities such as ad block and VPNs as being about cleaning up the browser and running torrents but these tools are also about cutting off the marketing and demographics folks from our private lives.
So when the MBAs at Lenovo think that we won't mind, they are wrong, not only wrong that I won't buy their products but that as a computer person I will strongly recommend that no company I work for get them or any person that I know.
So they pull this stunt, for what, a few extra dollars for some marketing sleazebags? This won't stop everyone from buying their computers but by this point I doubt that few
This is a classic example of spreadsheet thinking combined with a stovepiped company structure. The people who implemented this probably made their tiny corner of Lenovo look good on a spreadsheet while not really caring about the big picture because that wasn't their job in their little stovepipe. Even now as the company takes a hit they are probably fighting any attempts to cut them off from this information and potentially this tiny revenue stream.
Their PC line also tends to have Pokki Installed, which screws with windows 10 installs and loves to drop adware every time it updates.
In Soviet Russia, Trojan exploits YOU!
Take the "last measure" against the spyware using this Removal tool
They've been doing this for years. At some point after IBM sold off the brand, some DoD folks (and others) reported the PC's were now calling home to the other side of the Pacific.
While I don't have a Lenovo, this sort of thing is why I have set a firewall on my MacBook to block all outgoing requests unless they are whitelisted by me. It was a real eye opener when I first saw the number of applications that were phoning home without me knowing.
I am Slashdot. Are you Slashdot as well?
I used to buy from Lenovo because their budget notebooks have good Linux compatibility. They come with a crap version of Ubuntu pre-installed, and I can simply wipe them with my distro, and everything works by default.
Not any more. Even if I don't buy the crap pre-loaded with Windows 7/8, this kind of aggression against other customers is beyond toleration.
Um, look, that 250 gigabytes of Brazilian tranny porn was downloaded by my roommate. Yeah, that's it.
fresh copies of Windows 7 Professional
Fresh copies of the lenovo preload... And refurb may mean they were sloppy about OOBE and not presented the client with the ULAs
Either way, this is not particularly unique to Lenovo. MS also has an identical 'customer feedback' telemetry (also not good). While it's good to complain, there's an added suggestion that Lenovo is uniquely being bad and coming up with conspiracy stories about how it's Chinese spying or some such complaint.
I want to see *all* the vendors put under this scrutiny (Dell, HP, Apple, MS). We already know MS runs afoul of the same BS, what do we think the chances are for the other vendors?
2o7.net is Adobes spy-ware product "omniture", this domain is a shit attempt to fool IDS by labelling requests 192.168.1.2o7.net, so amusingly this Chinese latop went and saw the Americans for their spying needs and good ol adobe stepped up.
Americans love spying, look at their tech industry, its based on it.
Lenovo Collects Usage Data On ThinkPad, ThinkCentre and ThinkStation PCs
See, this kind of crap is why I always wipe new laptops and install a fresh copy of Windows 10.
What?
systemd is Roko's Basilisk.
What will I be reading about next? Lenovo collecting user data on Hawlett-Packard Pavilions and Envybooks, Asus Zenbooks or maybe Acer Aspires?
Also, does Lenovo have any mobile phones? Were those tested for anything yet?
I think I'm glad I didn't buy a Chinese version of an IBM idea. I have a Toshiba, ha ha ha, what irony.
The mind conceives, the body achieves, the spirit manifests.
2o7.net is Omniture/Adobe
http://www.adobe.com/investor-relations/omniture-acquisition.html
People seem to have zero memory from one moment to the next. Despite the awful things that Lenovo does (like digital locks on there wifi cards so they can make a profit off repairs/parts at a later date) and spyware riddled PCs- even going to the extent installing a rootkit via the BIOS people continue reccomending/buying them. It's not just non-technical users either.
And HP, Sony, Apple, Toshiba, and Dell are also guilty of many of these malicious deeds as well. Even companies like System76 aren't innocent. They're pushing proprietary crapware on users knowing full well it came be properly supported or supported going forward.
I can name all of *TWO* companies I'd trust to deliver. One is Mini Free and the other is ThinkPenguin. The rest are pretty much run by naive persons or con-artist jack asses taking advantages of innocent people who don't know better. There is something to be said when a company refuses to ship stuff with malicious features despite there being demand when they *know* it'd put more money in there pocket. That's Mini Free and ThinkPenguin. Both have shown that they're concerned about privacy, security, and giving people systems that aren't going to have support discontinued a year after the systems/hardware has shipped.
You all probably carry a cell phone which tracks everything you do, where you are what you click and what apps you run. Additionally those apps from various vendors do everything they can to obtain more information about you and your habits. Users of Windows software for years have had "send anonymous data to Microsoft to improve our products." While the intent may be noble, it's veiled at creating information about you, marketable information that they can sell or use for competitive advantage. There's no difference here. Of course you can re-image the system and move on without the Lenovo tracking but if you're on Windows, there's tracking going on. Linux and others not so much.
So don't be surprised if any consumer product, even your thermostat tracks you.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
It's called telemetry. The days when phoning home and privacy violations were associated with malware are over. Now everybody does it. For the user experience, we're told.
Well known to modify company behavior, but difficult to implement.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
some things in the body
Do they call you sexconker because your balls shattered when you were a wee lad?
The worst part is that they like to switch back to their 'preferred settings' once in a while, ex. during updates, without you knowing. You may think that once you follow that clever removal guide you are done. You are not. It requires constant vigilance. The first law of IT Security: "If someone can run his program on your computer, it's not your computer anymore." Will we live to see the day when we are back in control of our data and devices?
So, I assume for their customers on Windows 10 they have to buy the usage data from Microsoft.
When IBM ran things it was a better computer and had far more professionalism built into the computers. These days I would not give a Lenovo a second look when buying a PC. In fact these days I tend to buy a notebook wipe the drive, buy Windows if that's what I am installing and skip all the crapware. Install drivers and that's it. Totally, you have a way better performing PC and far less problems. Actually some of the "value added tools" could be useful if they were actually developed with productivity in mind and not collecting data or poorly updated or crashed a system. Does anyone at these companies actually use their own out of the box device?
Probably not so they don't experience what we experience when starting up a new Lenovo. Let's not also forget the crapware compounds if you buy from a Best Buy because they add their own flavor of junk to the system. Best place for a PC buy is Microsoft store with its Signature (no bloatware) systems. Much improved over a retail purchased.
No, our memory works. Name a line of laptops that has better quality than Thinkpads and has a company backing it that can supply a large organization. Apple doesn't count, they're far too expensive and harder to control in a corporate world.
Lenovo has the best in a sea of bad options. They are few good companies anymore, only some of the little ones, but they're too little.
Thank the selfless and thoughtful marketeers who saturate the media with this information to help me select the proper laptop. Is a Skylake Xmas on the horizon? Of course now I have to buy 3 delicate flower laptops to replace the one Thinkpad.
The days when phoning home and privacy violations were associated with malware are over.
No, they're not. I consider all applications that so this in a way that I can't disable to be spyware. It doesn't matter what the overt purpose of the software or who made it is.
Applications that phone home by default but let me tell them not to aren't quite spyware, but are certainly malware.
We ( consumers ) need our own device to plug in-line into our ethernet ports ( and perhaps include wifi which could also work around those bloody Broadcom chips ), to snoop on who our computers are communicating with. Given that manufacturer's malware could be in the BIOS itself, we can't even trust TCPDUMP+WIRESHARK to see all the packets. Maybe one of the higher end Raspberry PI-like devices with two gigabit ports and wi-fi would serve.
What this customer feedback tool actually does is update entries from the "event log" called "Lenovo-Customer Feedback".
If you open the Event Viewer you will see entries with a large hexadecimal string. This string is simply the text representation of the bytes of a gzip compressed xml file.
The contents of this XML file looks like this:
<root>
<events>event1</events>
<eVar20>Open</eVar20>
<visitorID>aca1232d265941f7ae2259e402ab350c</visitorID>
<eVar1>aca1232d265941f7ae2259e402ab350c</eVar1>
<eVar2>N</eVar2>
<eVar3>System Update</eVar3>
<eVar4>2015-09-23</eVar4>
<eVar5>5.7.0.6</eVar5>
<eVar8>20AL00FGMH</eVar8>
<eVar9>Think</eVar9>
<eVar10>ThinkPad</eVar10>
<eVar11>X240</eVar11>
<eVar12>Windows 7 Professional</eVar12>
<eVar13>US</eVar13>
<eVar14>en</eVar14>
<pageName>System Update</pageName>
<timestamp>09-23-2015 19:54:13 PM</timestamp>
<reportSuiteID>lenovoappssystemupdateprod</reportSuiteID>
<serverUrl>http://lenovoappssystemupdateprod.112.2o7.net/b/ss/lenovoappssystemupdateprod/6</serverUrl>
<assemblyName>Lenovo.TVT.CustomerFeedback.InnovApps</assemblyName>
</root>
The value aca1232d265941f7ae2259e402ab350c is a unique ID created for the Lenovo application for the user running it. This key is stored in the registry at:
HKEY_CURRENT_USER\Software\Lenovo\MetricCollectionSDK\UserAppIDs
Removing it will give you a new key when events are logged.
The server URL is the server where this data will be posted to. The kind of things logged appear events for the various Lenovo tools, like starting and which Lenevo system update you installed. (Along with data about your hardware/OS).
Logging of events is also controlled via the the registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\MetricCollectionSDK\ReportSuites
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\MetricCollectionSDK\ReportSuites
You can change the "ReportMetrics" setting for each entry to disable it, but I do not know for how long as this data might be overwritten when a new MetricCollectionSubscription.xml file is downloaded from the Lenovo servers (this is stored in C:\Users\USERNAME\AppData\Local\Lenovo\MetricCollectionSDK )
There is also a unique machine id stored at: .
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\Customer Feedback
This one is generated when it does not exist, and is included in "Lenovo-Customer Feedback" event entries for OmnitureSiteCatalyst. I do not know when these event entries are created
These entries contain XML data like this:
<root>
<visitorID>10e7794c7d254b4784e77df5c37963e7</visitorID>
<eVar12>224d213ffaa14c5aa0d638b2e3a19c72</eVar12>
<reportSuiteID>lenovotvtlenovosolutionscenterprod</reportSuiteID>
<serverUrl>https://s.lenovo.com/b/ss/lenovotvtlenovosolutionscenterprod/6</serverUrl>
<sc_xml_ver>1.0</sc_xml_ver>
<pageName>lsc</pageName>
<timestamp>2015-09-12T21:35:09.2631913+02:00</timestamp>
<events>event11</events>
<eVar1>20AL00FGMH</eVar1>
<eVar2>2.8.005</eVar2>
<assemblyName>Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst</assemblyName>
</root>
So the collected data looks mostly harmless and somewhat anonymous, as fa