Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Advertising Security The Courts

Lenovo Finally Pays $7.3 M Fine Over Invasive 2014 'Superfish' Adware Pre-Installations (softpedia.com) 79

Leonovo will add $7.3 million into a $1M fund settling a class action lawsuit over their undisclosed pre-installation of Superfish's targeting adware on 28 different laptop models in 2014.

Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said."

An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...."

Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook.

A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.
This discussion has been archived. No new comments can be posted.

Lenovo Finally Pays $7.3 M Fine Over Invasive 2014 'Superfish' Adware Pre-Installations

Comments Filter:
  • I see /. is approaching high art: "The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms"
  • Or are those obsolete in the Trump era?

    • by Anonymous Coward

      In the spirit of petty politics where every failure of a current political factor has to be compared with another:

      I don't recall the fraudsters who called themselves bankers apologizing for profiting from tons of bad debt. If I recall they were quite happy to take credit for all the social good they were doing by giving loans to poor minorities who were only dis-included previously because america is racist. Oh but nobody bothered to give said minorities a raise so they all defaulted on those noble loans

  • 7.3 million divided by 800,000 customers doesn't leave much room for attorneys' fees, right?

    • 7.3 million divided by 800,000 customers doesn't leave much room for attorneys' fees, right?

      LOL, as if anyone but the lawyers get any of the money. It will cost more to track down and notify each impacted customer than anyone will ever receive.

  • The fine should be cut in 1/2. I told a few customers one day in Best Buy that Lenovo was installing this trash on systems as well as using the mainboard to store this trash.

    They still bought the things. There is a certain point where you can start blaming the so-called "victims" for being stupid.

    I no longer feel sorry for anyone that buys lenovo, nintento, Sony, or from any other business that felt that screwing customers over was OKAY and good practice. I wish people understood that boycotts are effe

    • by Sigma 7 ( 266129 )

      When it comes to laptops, there's not as much of a choice. If a buyer needs a laptop, it's unlikely that they'll build their own, and thus they have to rely on brand-name equipment.

      Around that time, the major brands had pre-installed garbage that slows down computers or otherwise send telemetry. The question is by how much, rather than which ones.

    • by epine ( 68316 )

      The fine should be cut in 1/2. I told a few customers one day in Best Buy that Lenovo was installing this trash on systems as well as using the mainboard to store this trash.

      Your logic is circular. You think they should have trusted "some guy" spouting an opinion, who turns out to be so rational, he's insisting they should have trusted "some guy" spouting an opinion, years later ...

      Moreover, your 15-second anecdotal interaction warrants a 50% revision in how the world turns.

      No idea why Joe Random Consumer m

    • Not dealing in (whether commercially or gratis) proprietary software is always wise. $7,300,000/800,000 people is almost $9.13/person. Nobody who can afford a modern Lenovo computer will find $9.13 very rewarding and Lenovo won't find $7.3M a challenge to pay.

      But the structure of proprietary software (being hidden from the user who is legally prohibited from inspecting or editing the software and often prohibited from sharing the software as well) keeps users ignorant of the software they run. Since there's

  • Hello Everyone, in return for a great hack service which i received from this professional hack team collinshackworld@gmail.com i promised to refer them to other people, even after being ripped off twice by some of this so called hackers, i currently do not regret giving it a last try!!!! with collinshackworld@gmail.com i received professional job at good cost, swift delivery and also to my specifications, if you ever need a hacker you can trust i would suggest you turn to collinshackworld at gmail..c o m 1
  • Usually first thing I do with a laptop, is set it up, then pull and shelf the HDD/SDD until the warranty period ends. I install a blank drive, set it up how I want. Granted, if the bug is embedded in the bios or something, can't really do anything about that, but for the most part, that should clean it out, not to mention getting rid of the bloat.
  • A whole $7m? (Score:4, Insightful)

    by schitso ( 2541028 ) on Saturday December 01, 2018 @08:40PM (#57734250)
    Surely this devastating blow to their financial security will serve as a deterrent for other companies... right? What's that? Their gross profit over the last 10 years has averaged in the hundreds of millions, and this fine serves no other purpose than to demonstrate that it's a more fiscally-viable option to fuck over your customer and then pay the fine later? Color me shocked...
    • That was my initial reaction. But a little research turned up that Lenovo only made about $250k from Superfish [forbes.com]. So the condition that the fine greatly exceeds the profit has been met. Though I would've added a stipulation that in addition to the fine, they have to reimburse users for any expenses they incurred due to security breaches caused by Superfish-related vulnerabilities.
      • by Uberbah ( 647458 )

        Eh. As for penalizing this specific instance, sure that ration is okay - as far as deterring future similar examples, the fine is still missing a few zeros.

Keep up the good work! But please don't ask me to help.

Working...