What Lenovo did

“We’ve trained ourselves to think we’re safe if we see that little lock in our browser window, but what Lenovo did was load software that does an end-run around your web browser, making it impossible to tell if someone else had subverted HTTPS. Very few people check that, but that doesn’t make it right to take the option away. As long as Superfish is running, it’s impossible to tell if anyone has gotten between Superfish and your bank, or Amazon. So someone could empty your bank account while serving up a web page that shows you still have money, or hijack your Amazon purchase, running off with your money while Amazon never gets your order and you never get your product, and it will be next to impossible for you to even know what happened.” — Lenovo’s preinstalled Superfish spyware: A post-mortem, by David L. Farquhar

I’d rather build my own (difficult if you want a laptop), and install the OS myself, but sometimes you need something right now — I’m typing this on an off-the-shelf Dell, and there’s certainly software on it that’s useless and a nuisance. There’s nothing malign – as far as I know.

Tangentially, this Chromebox sounds interesting.

Advertisements