It’s a privacy advocate’s worst nightmare: announcements came out this week that it’s not the government that citizens have to worry about spying on their computer use, it’s the device manufacturer. The Superfish adware/malware, pre-installed intentionally on select computer models in order to follow users’ internet shopping behaviors, may also be just what advocates need in terms of proof demanding better consumer protections.
According to a number of sources, it’s not certain when electronics manufacturer Lenovo began shipping select laptop and desktop models with its proprietary Superfish program installed, although the company has stated it was only a narrow window between October 2014 and December 2014. This program, which the company likens to adware without accepting that responsibility explicitly, has actually been compared to malware by its critics for the way it gathers information and interacts with the user’s computer. Besides the potential for security concerns related to user tracking or external hacking activity, consumers found the program annoying due to Superfish’s pop up ads that suggest products based on users’ browser activity. The fact that the program intercepts everything the user does, such as access his online banking, was unacceptable to security experts.
Whether this provides a measure of relief or even more cause for concern remains unclear, but Lenovo’s response to the backlash against the news was to announce that it has remotely disabled the program from its users’ computers. This move has caused industry watchers to speak out against the company’s practice with claims that it’s too little too late, and that it’s a sign the company is interfering with consumers’ internet and connectivity practices. While it’s possible to assume that this was just a galactically bad decision on Lenovo’s part in its efforts to entice third-party advertising, the door has been thrown wide open for any manufacturer to gather, store, and share information with anyone they choose.