While we're at it, Lenovo's statement that we might enjoy the adware: "The relationship with Superfish is not financially significant; our goal was to enhance the experience for users" is self-evidently bullshit.
The key word is significant. They're not claiming they didn't preload this software for money, they're just saying it wasn't for very much money. Such a small amount of money that they have no problem ending the relationship now that it's causing them problems.
My wild guess would be they got in the ballpark of $0.25 an install.
Which kinda sounds even worse. It says essentially that they're willing to break critical security components on their entire product line for pennies per device.
Hey Lenovo, can you install this root cert I made on your entire product line for me? I'll give you like $20 for it. It's at least better than Superfish - I promise not to include the private key with a trivially-crackable password in the install, so only I can intercept all secure communications by any of your customers, instead of anybody in the world.
A different way to frame the comment might be something like: "we were willing to sell out your privacy and security for a mere pittance, 'cause we're cheap whores".
I assume they didn't intend to compromise security. I think it's more accurate to say that they stiffed their users with adware that nobody wants in exchange for a little bit of money, and that were so indifferent to security and privacy while doing it that either didn't notice or didn't care that it was a fundamentally bad idea.
In my opinion that is worse. Most any clueful technocrat can tell you that injecting traffic into HTTPS sessions is a MITM attack. I am willing to bet that fact most certainly did make it to an executive level (certainly at the fishy company) and a choice was made to not care about that problem.
The road to poor security is paved with indifference.
My co-worker Tom has this mental model he calls the "prostitute-physician scale." Basically, it's a scale for measuring how willing you are to simply take the client's money and do whatever, versus giving advice in the best interest.
I think many sex workers with personal standards would be insulted by your comparison with physicians, who seem to be happy to take money (not your money, I guess) to push drugs that may or may not actually help you[0].
I think many sex workers with personal standards would be insulted by your comparison with physicians, who seem to be happy to take money (not your money, I guess) to push drugs that may or may not actually help you[0].
I do not object to this notion at all! For one thing, it's not my comparison, it's my co-worker's. Also, an "inversion" of the scale's sign would serve as a sharp and salient commentary on problems in our society.
For me the key word is "enhance". Why would Lenovo go to the trouble of bundling this, knowing full well that it doesn't actually enhance anything for end users?
"Enhance" is the weasel word you use when you want to try to convince someone something is better, but you can't actually explain in detail what's better about it. Whenever you see a marketing claim that something is "enhanced" the warning bells should be sounding.
I'm not even that miffed about being a product and not the customer; I am incredibly miffed that I'm apparently one of the products in the discount bin.
I am miffed, actually. I own a Lenovo laptop and it was not cheap. Fortunately it dates back to well before this thing and has a clean OS install anyway, but.
They sell laptops. It's not a free service, I am the customer not the product. Did Lenovo have a pressing financial need for these extra pennies on the side? Really? How is that benefit vs risk calculation looking now?
I wonder if this is actually true at all? I mean, yes, everyone around here absolutely abhors software like this, but there is a class of people who love hunting for bargains and accumulating coupons etc. Is there someone who buys a laptop like this and enjoys the additional advertisements? I always wondered the same about those annoying toolbars, I imagine some people actually perceive these as useful.
