"We Messed Up Badly" Lenovo Admits Putting Tracking Software On Your PC

Tyler Durden's picture

Submitted by Simon Black via Sovereign Man blog,

File this under ‘you can’t make this stuff up.’

Lenovo Group, the largest computer manufacturer in the world, has made a rather stunning admission that they have been pre-installing tracking software on their PCs.

The tracking software is made by a company called Superfish, which apparently paid some “very minor compensation” to Lenovo for putting the software on people’s computers.

The Superfish program is a total disaster.

It has image recognition algorithms which essentially monitor what a user is looking at… then suggests relevant ads based on what it thinks you might like.

This is not only REALLY high up on the creepy scale, it also completely destroys Internet security.

Whether you’re buying something online or accessing Internet banking, the Superfish program essentially cuts the secure link between you and sensitive websites that you’re trying to access.

According to the first user who found the vulnerability a few weeks ago, “[Superfish] will hijack ALL your secure web connections (SSL/TLS) by using self-signed root certificate authority, making it look legitimate to the browser.”

This means that the tracking software basically fools a web browser into believing that a connection is secure when it’s not… all for the purpose of pushing more ads in your face.

This scheme is so powerful that even if users uninstall the Superfish software, the security breach still remains.

This is so flagrant I have to imagine that even the NSA is shocked.

After its initial approach of being completely unapologetic and dismissal, Lenovo is now groveling for forgiveness.

The company’s Chief Technology Officer now says, “We messed up badly here,” and “We made a mistake.”

Duh. But untold amounts of consumers out there have been totally violated.

There are a few interesting points to make here–

1) Privacy isn’t dead. But it’s extremely difficult to maintain. There are so many forces out there trying to pry whatever little privacy remains from us, one has to fight tooth and nail to preserve it.

 

2) There’s no transparency in the system; we never really know what’s going on behind the scenes with big institutions.

Governments and politicians will lie to our faces. They’ll tell us to be excited and that everything is fine; then behind the scenes they’ll plan for capital controls and huge tax increases.

No one has any idea what kind of toxic crap banks have on their balance sheets. They’ll post record profits and tell us how successful they are. But internally they know that it’s only a matter of time before they collapse (as we saw in 2008).

Even major tech brands are betraying the public in the dark of night with crazy spyware or selling us all out to government agencies.

There are very few, if any, big institutions out there that we can trust anymore.

And maybe that’s how it should be.

It’s a shark-filled world with bad people who do bad things. Perhaps it’s all the better that a trusted brand becomes the poster child for betrayal.

Because if Lenovo is doing this, are we supposed to be so naïve to presume that Google, Apple, AT&T, etc. are not?

Question everything.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Cognitive Dissonance's picture

If push comes to shove I would rather the NSA spy on me. After all, if you can't trust the Feds who can you trust?

/sarc

sun tzu's picture

Except the feds can legally kidnap and/or kill you

Cognitive Dissonance's picture

Yes....but I'm quite certain they will respect my rights while doing so.

Skateboarder's picture

Was listening to a local radio program early this AM. Host was talking about en-ess-eh? spying + hacked sim cards + Snowden, etc. At some point in arguing for privacy he says, "it not just a moral issue, it's a legal issue too." I turned off the radio.

mvsjcl's picture

"bad people who do bad things"

 

Bullshit. Bad governments that are run by bad people that are installed by bad people who do bad things. Yes, bad people do bad things. But such a blanket statement tends to diminish the desire to find out who the bad people really are. You're a tool, Simon.

 

WHO are the bad people?

7.62x54r's picture

Windows is a big fucking security hole.

The last laptop I bought, I nuked the HD, and loaded LINUX on.

Distros like Ubuntu are ready for primetime, work out of the install without doing nerdly incantations, and have complete passphrase encryption of the entire HD as an install option. My only windows box is reserved strictly for PC games, and is not used for the web, email, or serious work.

A Nanny Moose's picture

Doesn't matter. This shit is being written into CPU instruction sets and firmware.

Paveway IV's picture

Great, great... Except the elevated privileged execution root-kit used by firmware virii (or maybe a manufacturer 'feature') probably uses a UNIX shell that runs before any operating system is installed. If that's triggered by the BIOS or PCI initialization firmware, it has happened well before Linux is even thinking about starting. A hacker (or government) can own your machine with 200 bytes of x86 assembler instructions and a tiny UNIX shell. Detection possibility: almost zero.

And if you're like 50% of all broadband internet users in the United States, you're going through Comcast. They do deep packet inspection on all your traffic all the time and spoof certificates to get around any attempt for you to use secure http or ssl. Just call them up and ask - I'm sure they'll be happy to admit their snooping and fully disclose all parties that are fed details about your on-line activity. Unless they are under government orders not to reveal that. Oooops! Comcast makes AT&T look like amateurs when it comes to violating your privacy and is granted complete immunity by the law.

I'm not knocking your wise choice to avoid Windows, but make no mistake: you are NOT using any kind of privacy-hardened PC just because you use Linux. ALWAYS assume 100% of what is stored on your PC and 100% of your activity on the internet is observable. You can frustrate the Windows script kiddies, but not a decent hacker.

Tall Tom's picture

You believe yourself clever by stating that there is no way around it? You want us to accept that our Civil Liberties, our Sovereign Rights, are being violated?

 

There is a way around it. REVOLT.

 

Bullets to the Corporate officers' heads are what is in order.

 

Sorry is not anywhere near good enough.

 

Some may just be nearing their limit.  The price of Gasoline will definitely be soaring as a result of acting.

 

It will not be A single planned and engineered explosion by the Oil Company Executives, for which they will not be prosecuted..Some of us have had the best teachers...the criminals themselves.

 

And with that there will be no escape to New Zealand. Jets, even Private Jets, take fuel to fly. Without fuel the oligarchs will be a captive audience.

 

Oil refineries and the Tank Farms are the primary targets in any violent revolt. The resultant social unrest due to lack of food will destroy the rest, the unprepared...

 

So do you think that you are clever through incitement?

 

Go ahead and watch me...keep watching me as I am watching you watching me.

Paveway IV's picture

"...You believe yourself clever by stating that there is no way around it?.."

Me?? No, I consider myself knowledgeable enough in a technical sense to know that I can't outwit them - they have more time, money, manufacturers' technical details and pure evil than I will ever have at my disposal. I don't know if they are spying on me, but it's folly to assume that a certain OS, firewall or AV program is ever going to guarantee my right to privacy.

"...You want us to accept that our Civil Liberties, our Sovereign Rights, are being violated?..."

Jesus, Tom. Who pissed in your corn flakes this morning? They HAVE BEEN and ARE being violated right now. The fact that you can't protect yourself from their spying is not an endorsement of their spying. I'm warning people not to be naive about the issue.

"...So do you think that you are clever through incitement?..."

Yeah, uhh... what? 

"...Go ahead and watch me...keep watching me as I am watching you watching me..."

OK, I'm pretty sure you're not even responding to my post anymore. You're not, are you? That would be kind of... disturbing.

Cadavre's picture

It's getting worse in every venu. On line merchants selling "naked" inventory ship the wrong item, then bill for the return. My Jeep was in the shop. A prospect had a stopover and ask for a meet up at an Air Port Inn. Took a cab and the driver always seemed to be going down the wrong street. Anywaze, I meet the prospect and my phone starts vibrating and I ignore. So, I get another cab to get back to the casa and look at my phone history. All from some "private" number. While I was riding home, the phone rings - the display shows private number - I answer like a Texan, "Who the f*ck is this". The guy said his name was Joe, asked if I remembered meeting him at st convience store and asks if I want a "good time" with his girlfriend. I respond with lone star grace and implore, "Don't ever call this number again, bitch!" 

Not all is lost, I got an email a few weeks later with a picture. It was sent to Postmaster <myemail at myemailDNS.com>, It was from a chick I did not know, with an email account at USA.com. She told she had read my profile, and believed I was a dude she wanted to get to know -> Click->Delete.

Dropbox, genieo's omnibar, iCloud, iTune and a plethora of other "Helpers", along with mobile me; are all desk top harvesters with root credentials fouling up the CPU with incessant requests to send packets to some off shore DNS.

If ya use windows, the last most secure OS is XP Pro without service packs. Even if you open the services dialog and switch off stuff like QoS, remote desktop, remote help, auto update, error reporting, scripting objects etc etc, ya still have to drill through the Group Policy and blank out all the weird little ports. Does that make it secure - shit - right now I look at the connect icon in my service tray and be thinking, "If it ain't blinking does that mean that my desktop is really not transmitting or receiving packets?"

You can erase your INDEX.DAT files. Restablish empty ones. The set their attribute to read only and your history will not be recorded. In Apple, the Adobe Reader doesn't nag like the Window's version, with a pop up asking if you want to Turn Adobe Javascript off - like ya didn't really mean it when you initially set it off. Off or On, it don't mean nothing - it's just to give us the illusion we are in control.

HOW TO GET THEM SECRET BACK DOOR KEYS: If ya got a spare Windows desktop, with IIS installed, but not enabled. And you can connect through a dialup or DSL (have not tried it with a router) you can harvest backdoor keys and the scripts the NSASSES and other tentacles of the fascioligarchy use to snoop your desk top. Yurn on Windoes firewall, Disable the installed ISS. Connect to the internet. Open the browser to your home page, and go have a few beers. When you get back, and find that somehow miraculously that IIS was enabled as well as the IIS (IsIS !). Check your event log. You'll see that some guest account logged in as an administrator, enabled IIS and did a whole bnuch of reads and emails. The event log will show the key used to authenticate the login, and the script will be cached is some randomly named folder. 

I snagged images of all those events and have the keys stashed away on a CD in a safe deposit box. I manually cleaned my drive and registry, uninstalled IIS, did a reinstall of my NO SP OS. Blocked a bunch of adware sites, google apis and (of course) the update DNS associated with my router manufacturer. My INDEX.DAT files have not been written to for years. ... the illusion of control - but at least it is partially verifiable.

I noticed on OS X there is no uninstall for iCloud or Mobile Me. (haven't dug in yet) Did some recursive default setting through the console to "hobble" that activity. Now, when looking at the console, it's filled with request denied. 

The spying may be for commercial and trade secret sniffing. But what it really seems to be is a snipe hunt for any evidence of malfeasance or corruption. Does the FBI destroy evidence. Of course they do, and it is not limited to HD snip wipes,

To incubate a proto police state takes loads false flags, evidence destruction and fear mongering, well garnished with a pinch of murder and a tsp full of  lethal house cleaning.

Without it, there would be no fat budgets for the fascioligarchy's gestapo.  Efrem Zimbalist Jr is turning over in his grave.

 

Socratic Dog's picture

Who are the bad people?

Just look for those you are not allowed to criticize (per Voltaire).

The tribe sorta jumps out.

Cadavre's picture

Who are the bad people?

This one maybe hard to handle for some, but the bad people, the peeps and sheep making this happen and by allowing it to happen and even paying a generous tithing and offering up their kids to defend WarMcWhore CORP and the FED Financing for these little alchemist-ish experiments turning blood to gold and murderers into heros, well those bad people are the people behind the eyes of the face we see in the mirror. 

It's US, You me the fat lady down the street. It is our faukt this shit is going on.

It's not the fault of the small collective of our fawning self aggrandizing  pathologically corrupt Diebold Selected neo-social fasioligarchal's eployees shoutung "eight inches or less" on CSPAN waltzing to Mephisto Gypsy Quartets changing money with the Wall Street pimps running the K Street Kiddie Brothels, and tugging Tugging Mr, Big;s G spot on the steps of our temples and institutions of government, all, and sadly, fatally crippled by false notions of exceptional alpha status symptomatically expressed as the more than obvious waining of instinctive, nature given, survival skills, grab-assibg as they shuffle a Lemming-esque 2 step up the slaughter house chute where "food for thought" morphs to a tangible that will eventually be shat out the bungs of everyone in the commons.

It ain't nobodies' fault but ours - so be genteel when the time comes and remind yourself that, but for the grace of god, those squished heads of media darlings and high society gadflies are not mine.

Crash - bang - shiy - some punks just demolished my soapbox with their skateboards.

Dizzy Malscience's picture

.gov is made up of psychopaths, sociopaths and enablers.

A Nanny Moose's picture

Bad government is redundant. Nothing moral will ever result from an entity which is required to steal in order to fund its existence.

If you want to find the "bad" people, simply look peer behind the curtain of the entity which has a monopoly right to initiate force within a geographic region, and the firepower to destroy everything around it.

Where else would bad people naturally seek employment?

Anusocracy's picture

That is the salient point.

Understood by at most 1% of the population.

Murf_DaSurf's picture

 

 

 

That's it! After this post I am junking my computer and IPhone!

Skateboarder's picture

Same shit, different mfg. asshole.

random999's picture

I'm not so sure.

There is no doubt chinese and americans are the worst comes to this kind of stuff.

The americans do it with finesse, chinese just copy without finesse.

As for the rest of the world, not sooo much, but ever more...

Lost My Shorts's picture

Actually, the Superfish adware-hackware installed by Lenovo was Israeli.  (Big surprise.)

What was not so clear is -- whether Lenovo just collected a few yuan per machine to install Superfish, or benefitted from the ongoing adware revenue.

What's totally clear:  Mossad and perhaps their NSA friends have access to any machine that ever had Superfish installed.

Reading about Superfish and Komodo (another Israeli company supplying the hackware technology) will open your eyes. 

Paveway IV's picture

From PCWorld:

How to remove the dangerous Superfish adware preinstalled on Lenovo PCs

How do I know if my Lenovo PC has Superfish preinstalled?


It should be easy to discover if your PC came with Superfish preloaded. The adware intrinsic to Superfish is designed to inject visual price-comparison ads into the web pages you visit, in a “Visual Search results” section “powered by VisualDiscovery.” If you see that, you’re affected (though maybe “infected” is the better word to use).

 

Update: Browsing to this website will quickly let you know if you have Superfish installed. Thanks, Filippo Valsorda! Lastpass also tossed up a website that can check for Superfish.

reTARD's picture

Superfish is based out of Palo Alto, CA. Right in the heart of SiCON Valley. They also make iOS and Android apps.

https://www.linkedin.com/company/superfish

 

L Bean's picture

Israeli execs

https://www.linkedin.com/in/adipinhas

https://www.linkedin.com/pub/danit-raanan-ideses/34/646/267?trk=biz_empl...

http://il.linkedin.com/in/chertok

http://il.linkedin.com/in/yonitgruber

http://il.linkedin.com/in/benjaminrkatz

Adi Pinhas "Invented digital video recording for the surveillance market. Large scale high quality video recording." according to his bio.

This guy has patents in the US for many things related to photo analysis and facial recognition  - ummm.....

but I'm sure that has nothing to do with the 'benign' tracking he's just been caught doing.

Blankenstein's picture

 

"Superfish, which launched in 2006 in Israel and moved its headquarters to Silicon Valley, makes desktop and mobile applications that allow consumers to search for items from online retailers by taking a picture of something they like -- a couch, necklace or cute kitten at the pet store -- and uploading it to the app."

http://www.mercurynews.com/business/ci_27246085/q-adi-pinhas-founder-and...

7.62x54r's picture

I think he was being sarcastic. I would like to know exactly which HD models the NSA has rooted, though.

Paveway IV's picture

Why would they skip any models?

farmboy's picture

Obvious, this is no news. All are guilty.

 

max2205's picture

All this Govt FB Corp spying tracking and monitoring  will go down in history as the crime of the modern ages.

 

Fuck em all....back to the abacus 

Alea Iactaest's picture

@ Max

Go down in history? The victor writes history. This shit won't even get a footnote.

Tall Tom's picture

So you are defeated even before the battle?

 

Who says that they will emerge as the victor? They will be vanquished when the people begin to hunger. They will be rooted out and killed.

 

You are a defeatist?

 

Choose your targets wisely for optimal impact.

boattrash's picture

I don't mean to sound sadistic, but I think they deserve to go face-up on the guillotine, with their eyelids stapled to their foreheads, so they can see the blade coming.

Arnold's picture

This data collection issue may be top ten; replacing the Protestant work ethic with the Free Shit Army, I can argue, would be as you describe, the crime of the modern age.

The9thDoctor's picture

I disagree.  Protestant work ethic is becoming more irrelevant by the day due to automation.  As for welfare, it will be an inevitability that everyone will be on it due to the lack of jobs from automation and the masses will spend their issued currency on goods and services provided by machines and/or A.I.

There's a lot of talk of "can kicking" on Zero Hedge, and how the current economic system will collapse.  Well, this is the endgame because today's economic system will be totally irrelevant in an automated society.

We are seeing the final phases of exponential capitalist growth, and that growth hit the saturation level in the year 2000 with the tech boom.  Now all we have left is speculative bubbles until the current economic system is phased out totally with automation and masses dependent on a guaranteed minimum income.

michael777's picture

The price of a guaranteed minimum income will no doubt be complete submission to the State.

Now if they'd find a way to do guaranteed maximum income, I'd be in.

pods's picture

I was going to text this to my wife, but realized that since the NSA hacked basically all SIM cards that it would get me on yet another list.

Just one more reason why this "consumer society" needs to die a quick death.

pods

Ignatius's picture

Gee, I said the same thing to pods when he pushed me off that over-turned 5-gallon bucket while watching his wife take a pee:

"I messed up badly here, I made a mistake."

Doc says the jaw is fine and I'll be walking again in 12 weeks.

Alea Iactaest's picture

@ pods

You (and I) are already on "the" list. The only question: what's your threat score?

Joe A's picture

Everybody that has ever commented on ZH is on that list. At least we are in good company.

7.62x54r's picture

visit free_nsa_threat_score.com !

jazz571027's picture

Thank you Edward Snowden - keep it coming

cigarEngineer's picture

Snowden belongs on Mt Rushmore

BustainMovealota's picture

Might as well out your ass in the air and let BigCorp have its way with ya.

ThroxxOfVron's picture

Inter-connectedness, the internet of things, the digital lifestyle, the closed environment: 

The great technological straight-jacket of the corporatist statist oligarchy.

Renfield's picture

How is this not the felonious crime of computer tampering? I'm asking b/c it doesn't seem that anyone at Superfish or Lenovo is under indictment.

Yes, I know we have a criminal government over an ignorant population and that's why. But I think it's important to be vigilant in pointing out where these actions are not only immoral, but they are illegal too. The government can go ahead and change the law but a government that selectively ignores/enforces or unilaterally changes its own rules, is by definition a rogue government.

If we surrender by not pointing these things our, or just moaning about "it's all fucked and there's nothing we can do", then we'll continue to get the government we deserve. (Why hello there Rothschild.)