1. 38
  1.  

  2. 15

    What on Earth is Lenovo’s motivation here? This is the second time in a year that they’ve been caught shipping an enormous backdoor, and presumably they must have coexisted originally. But this one doesn’t even involve ad revenue, so… Does it make sense to anyone? Presumably Microsoft is happy with Lenovo doing this?

    Just… why?

    1. 10

      Presumably users don’t value control over their computers, in part because they don’t have any way to tell whether they have it or not (and these users are running Microsoft Windows anyway, which is another giant blob of proprietary, exploitable code with root on their machine), and Lenovo does value control over its' users computers.

      There are a wide variety of economically profitable things they could leverage that control for: secretly mining bitcoins, patching known security holes and telling their users about it, building statistical models of their users' behavior, building statistical models of malware, displaying advertising, persuading the users to click “OK” on dubiously legal agreements that are economically advantageous to Lenovo in some other way (e.g. waiving implied warranty rights, signing up for auto-renewal scams (useless $5/month “services” billed to your credit card)).

      The optimal strategy for an egoist Lenovo under these circumstances is similar to the strategy Facebook is using, though much more skillfully: get the malware established, get users used to it, ideally erect barriers to exit, and only then begin to tighten the screws to extract economic value from them. It’s not in their interest to do anything too obnoxious up front. They can afford to wait five years.

      1. 7

        This is actually a very real-world extension of Ursula Franklin’s theory of “Technology’s culture of compliance”

        1. 2

          I suppose that explains it. Depressing, though.

        2. 6

          If you read the follow up comment, it does something different for windows 8. There it installs a special file with a Microsoft sanctioned name, presumably for the same purpose, but now all official like.

          1. 4

            To spare everyone the pain of reading 1000+ reddit comments, :), some more info from Microsoft about the feature in question.

            https://www.reddit.com/r/technology/comments/3gmlt7/lenovo_is_now_using_rootkitlike_techniques_to/ctzvvke

            I’ll refrain some saying this is a good thing, but “I want a laptop with LoJack” is a not unpopular customer request.

            1. 2

              That’s at least a fair claim. My first thought is that Apple provides their own tracking system rather than supporting third-party ones, which doesn’t compromise trust since one is necessarily already trusting Apple by using their OS. But it does make sense that Microsoft would feel scared about possible antitrust action if they took that position, especially since Microsoft is not the hardware vendor.

              I guess ultimately, the hardware vendor is in a position of trust no matter what; it’s just that it’s only now becoming clear how unfortunate that is.

        3. 2

          Have I ever told you the definition of insanity?

          1. 6

            repeatedly. it’s never made the slightest difference.