Slashdot Mirror
Lenovo Finally Pays $7.3 M Fine Over Invasive 2014 'Superfish' Adware Pre-Installations (softpedia.com)
Leonovo will add $7.3 million into a $1M fund settling a class action lawsuit over their undisclosed pre-installation of Superfish's targeting adware on 28 different laptop models in 2014.
Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said."
An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...."
Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook.
A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.
Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said."
An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...."
Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook.
A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.
I see /. is approaching high art:
"The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms"
Or are those obsolete in the Trump era?
7.3 million divided by 800,000 customers doesn't leave much room for attorneys' fees, right?
The fine should be cut in 1/2. I told a few customers one day in Best Buy that Lenovo was installing this trash on systems as well as using the mainboard to store this trash.
They still bought the things. There is a certain point where you can start blaming the so-called "victims" for being stupid.
I no longer feel sorry for anyone that buys lenovo, nintento, Sony, or from any other business that felt that screwing customers over was OKAY and good practice. I wish people understood that boycotts are effective, but since they are too lazy to participate in the economy properly I no longer feel sorry for them when they get screwed by big business.
People are clueless about how to do that. Seriously how many people do you think actually have a clue how to reinstall an OS on a PC.
"You're asserting everyone who bought them was told that. You have yet to prove that. It's obviously not the case."
You have two problems.
#1. You are assuming that I can somehow PROVE that my story is correct in any meaningful way. I am not in the habit of taking video evidence of people not following my advice. So NO I don't have to prove anything, the comment is anecdotal. Do you automatically believe people when they say they were assaulted? It's the same thing... anecdotal unless some evidence supporting the claims are presented. A busted nose is not good enough.
#2. People bought items from Best Buy, as in Best Buy was still selling these systems POST MEDIA STORM and still failed to notify customers that malware was KNOWN to be present upon the systems involved. Let me ask you this, if your local grocer was selling products known to contain salmonella would you want to sue them if they didn't pull that stock or warn you? Product sellers do have some incumbent responsibility here. This means that there is some culpability on Best Buy's behalf legally if someone presses the issue.
""when people "knowingly and voluntarily" buys a product they "legally" accepted something called "assumption of risk". -Sure, but there are still laws. They don't go away because of assumed risk generalizations."
You do know that once the "specifics" are out, that it is no longer "assumed risk generalizations" right? If you are going to argue your side you need to be more intelligent about it. The problem is specific in this case NOT general. When specific information is provide and you ACT upon that information POST reception you are "legally" considered informed! This means you LEGALLY accept the transfer of risk because you are informed.
Yes, people that did not know deserve compensation, but lets be honest... that only works for so long. Or do you think that it is okay for everyone to be walking around like mindless zombies trusting everything at face value?
"Anyhow you can say I'm lying but you are advocating above to halve the court fine based on a fallacious sub-legal argument, so yeah."
Go and talk to a lawyer, they argues this stuff all day long! You can even go and listen to one on youtube called Legal Eagle say the same thing.
https://www.youtube.com/watch?...
So if you disagree with a REAL lawyer there is your chance to challenge one!
Don't you know the different between, anecdotal, facts, evidence, and opinions? I guess not so let me break this down.
Me saying it should be 1/2 is my opinion.
Me saying that people bought them after me telling them they were loaded with malware was anecdotal.
Me not proving this to you means nothing, and my desire to not make any efforts to prove it are not tantamount to surrender either, it just means me proving anything to YOU is not worth the time or effort. I don't think you would be intellectually honest enough.
The fact that you are trying to construe my statements means you are the one without credibility.
"Lawyers have been consulted, your pseudo-argument lost big"
You are a titanic moron. You said that "...you are advocating above to halve the court fine based on a fallacious sub-legal argument, so yeah.""
The argument is not sub-legal. Whether that argument was successful in this case, if used, has ZERO bearing on this. But because you are a moron you cannot tell the difference. There have been more than enough cases where this "sub-legal" argument won a case. How are you not able to figure this out?
You were told to check with a layer to find out if the argument was valid, NOT if this argument applied to this case specifically. I am sure you know of that saying... better to be thought an idiot than to open your mouth and remove all doubt? That is you. You have wasted enough effort setting up straw-man after straw-man here to put me on the defensive.
The assumption that I am a man huh? I am a man so your assumption is correct. I am definitely willing to admit when I am wrong. Now, tell me specifically what you think I am wrong about, and I will review your claim that tell you.
If I am wrong I will admit it, if I made a mistake that created confusion, I will correct what I meant. If I am not wrong, I will attempt to show you where YOU are mistaken.
Your turn! Show me where I am wrong.
The "pro-consumer framework", at least in the US, has been completely run over and disregarded in the digital age. Funnily enough the driving forces behind that are big technology companies and the idea that "money makes it right." Wow, just like China!
But I digress. Let us fixate on how innately terrible the Chinese are. That way we don't have to deal with the difficult task of self-improvement.
Lol, it is shocking how much of a moron you are, but not surprising.
"The fact is Lenovo was fined appropriately" that is a statement of opinion. Prove Lenovo was fine appropriately. But you can't. no one can because what is appropriate is a matter of opinion, it has always been, hell it's not even in dispute and court rulings are often written as such "in the opinion of this court" for example.
"and your efforts to halve that" How does a post on Slashdot constitute 'effort' in this setting? I did not file an amicus curiae and neither am I a witness for either side. I am just offering my opinion. You need to take a chill pill or something.
"based on a sub-legal argument" I have already proven that I am correct with a link to a real laywer. You are free to find a layer to rebut the lawyer in the link I claimed.
Your attempts to gaslight me are humorous though. A moron that can't even get simple facts straight trying to gaslight someone is always a hoot!
At some point, this ancient wisdom comes into play:
Arguing on the internet is like the special Olympics. Even if you win ...
He's clearly not listening. Go hug someone or whatever because you're wasting your time here.
Hello Everyone, in return for a great hack service which i received from this professional hack team collinshackworld@gmail.com i promised to refer them to other people, even after being ripped off twice by some of this so called hackers, i currently do not regret giving it a last try!!!! with collinshackworld@gmail.com i received professional job at good cost, swift delivery and also to my specifications, if you ever need a hacker you can trust i would suggest you turn to collinshackworld at gmail..c o m 100% sure of their service.
Usually first thing I do with a laptop, is set it up, then pull and shelf the HDD/SDD until the warranty period ends. I install a blank drive, set it up how I want. Granted, if the bug is embedded in the bios or something, can't really do anything about that, but for the most part, that should clean it out, not to mention getting rid of the bloat.
Surely this devastating blow to their financial security will serve as a deterrent for other companies... right? What's that? Their gross profit over the last 10 years has averaged in the hundreds of millions, and this fine serves no other purpose than to demonstrate that it's a more fiscally-viable option to fuck over your customer and then pay the fine later? Color me shocked...
Capable sure, but most non-computer savvy peeps I know, and I know a lot, don't have a freaking clue on how computers work, let alone know how to or want to learn more them other then click on an icon and go to a program or a website and for many of them even that is pushing their limits. Everyone's brains are wired differently. Some are wired to be good at certain things and others are wired to be shit at nearly everything. So assuming others can do something just because you think they should be able to is extremely naive and lacks wisdom which is on par with the ignorance of most people's concept of computers.
Not dealing in (whether commercially or gratis) proprietary software is always wise. $7,300,000/800,000 people is almost $9.13/person. Nobody who can afford a modern Lenovo computer will find $9.13 very rewarding and Lenovo won't find $7.3M a challenge to pay.
But the structure of proprietary software (being hidden from the user who is legally prohibited from inspecting or editing the software and often prohibited from sharing the software as well) keeps users ignorant of the software they run. Since there's a lot of proprietary malware out there and we can't tell which proprietary software is malware, we are wise to avoid it all. Ethically, all proprietary software operates not in the user's interests. Users aren't well served by software running on their computers which don't respect their software freedom. This is increasingly becoming a health/life or death concern (see a recent story about a CPAP machine hacker, for instance) and have always been an a concern for those motivated by how we ought to treat other people (perhaps the most important consideration we can make in life).
Digital Citizen