98 comments

[ 2.6 ms ] story [ 157 ms ] thread
This is in my opinion too weak of a signal to others. Such a deep invasion of user expectations and privacy should not be so easy to get away with, first time or not.
Maybe that's the intended signal.
Headline should be: FT allows Lenovo to sell computers with secret hardware again, should they choose to. No one went in jail (try intercepting someone's Https connections) and no crippling fine.

Just an agreement that requires consent...you can drive trucks through the loopholes. "Yes, I want to speed up my internet" is one and 90% would click yes /install.

It's really crazy, isn't it???

The company that makes/sells me a couch doesn't currently install a microphone in the couch, so that they can analyze my conversations and sell my data to advertisers.

Should they start trying? All of these tech companies are getting away with it!

Coming soon:

Amazon Echo Sit

"We are revolutionizing home-based, ergonomic solutions.

Relaxtion-as-a-service"

Translation

"We're selling an overpriced couch. The couch is manufactured by someone else. The microphone gives us your data. We're working on selling that to as many other people as we can."

Laxation-as-a-service.
Don't give couch manufacturers any ideas! Couches need telemetry too.
During the peak of frothy VC investments, our hypothetical couch startup will have the money to hire ML and AI experts.

1) Sell the couch at a loss.

2) Acquire customer voice data.

3) Run it through ML/AI

4) ????

5) Pivot the company.

You could have some inflatable cushions that can only be controlled by the cloud.
It'll recognize your voice and automatically port your cushion preferences to other people's SmartCouches.
I think either the company name or product line should be "SmartAss". Lots of good bad marketing opportunities that way.
Great idea!

This way when the company shuts down, your cushions are stuck in one position, unless you hotwire the couch :)

Not so fast hackerman, you'd be in violation of the DMCA should you hack the couch DRM.
In app purchases for additional per-seat licences! HealthKit integration! Share the data with your health insurer! "Uh-oh, you exceeded your sitting quota by xx hours this month, so you've been charged a penalty fee of $xx. Don't forget – keep moving to keep saving!"

It's a world of opportunity...

Surely there must be a site that floats nuanced and well-formulated posts on satirical and utterly terrible start up ideas, right?

I am sensing a market

If Juicero hadn't already existed we would have had to make it up?
BRB off to chat to the guys in product dev
Sure! And we could use the same tech for other places where things need inflating, like airbags!
A cloud controlled airbag is brilliant! With enough ML and AI it may even detect a crash. Once you have that figured out you can apply the same technology to parachutes and life vests! This is truly disruptive.
Only as long as there's a persistent data connection.

On losing signal they're programmed to instantly fire, just in case.

Don't laugh. My wife has a pair of internet-connected couch pillows. (They're white, and have LEDs inside so you can change their color with an app.)
At least the worst that could happen aside from them being part of a botnet is that they turn into regular white pillows.
Modern technology is so advanced that you cannot connect a phone to a pillow without using a server thousands miles away.
don't forget the ecosystem. SitBit is building a competitive social relaxation tracker to pair with this couch.
Why on earth have FitBit not cornered the competitive relaxation space
because we're already there.

SitBit: we're not going anywhere.

You can collect even more information: measure weight of a customer (so advertisers know who is more likely to buy food), learn how often he uses a couch.
There's no need. The device in front of your couch already does that.
What is scary is that the couch companies might /need/ to do this to survive! yikes!

Apple + Samsung have the phone market, but that didn't stop MSFT and AMZN from trying XD

The company who sold me a TV sent out an update that embeds advertising in the UI

Thanks Samsung.

Issue a chargeback and return it
The chargeback situation in the credit card industry is really so amazing and interesting.

I've charged back everything from erroneously issued parking tickets to flights canceled due to weather.

Every time, the credit card company immediately gives me my money back, settles with the merchant on my behalf, and I have always won.

The question is, who is giving the money to the banks that allows them to take this kind of a loss? People who have credit card debt???

The bank takes no loss. They take the money from the merchant.

Banks require merchants to keep a certain amount of money as a deposit with them, specifically for this. The amount varies depending on the type of business the merchant is in (and the size and reliability of the merchant - for example Walmart is probably not required to keep any amount at all).

It sounds like if you are a merchant and don't like chargebacks and deposits, the best idea is to run a cash only business then, if you don't mind turning away cc customers.

Strange world!

dont forget the transaction and other fees the merchant must pay :)
> The question is, who is giving the money to the banks that allows them to take this kind of a loss? People who have credit card debt???

The money comes from the business. The credit card company simply removes the money from the businesses bank account. This is one of the reasons it is so effective. Sometimes even mentioning the word "chargeback" when dealing with customer service will work wonders.

I've had the TV for ten months now, and bought it from a local shop that I like (Richer Sounds).

I have an ongoing complaint with Samsung, hopefully they'll see some sense.

Until then they're on my blacklist and at every opportunity I'll make it known that their products have ads built in. It's a pity, as the TV is great in every other regard.

s/hardware/adware/ - I was confused there for a second, but on second thought this could likely have been by autocorrect.
Buying a windows laptop these days seems like putting your hand in an Alligator Gar filled bog

(also see the other post about the Synaptics driver)

And restoring from the OEM copy is no guarantee it will be clear of all the preinstalled crap

I love, love love my Windows desktop (home built BEAST for gaming) but anytime I'm doing work, I have my Macbook at my palms. Unless Apple continues to tank the Macbook (I currently have the Pro 2014 model) I'll never buy a Windows laptop again.
Same deal for me. Although I'm likely moving back to Linux for work once this Macbook bites the dust.
My problem is open source linux on laptops (for me anyway) has always been a freaking train wreck. Issues with Wifi, battery life is shit, etc.
I'd recommend getting a laptop that is built from the ground up to support Linux. System76 and Purism seem to be doing a decent job (though they are still far from working flawlessly)
No offense intended but a lot of these just seem to be really, really powerful machines designed with the idea that if you throw enough power at Ubuntu, it works better. ;)
I don't think I'm clear on what you mean by that?

For the issues I commonly have (wifi, audio, video), I don't see how throwing more power at them would really help anything

I should've been more clear: referring to the general performance issues that Desktop linux has versus Windows and Mac OS, not driver issues. Driver issues are obviously a totally different animal.
I think I'm still not sure what you mean, but I'll take a stab at it:

Default Ubuntu has been sluggish for me for a while. Install something more lightweight like xfce and Linux becomes way faster, even on older hardware.

Your best bet is to buy a laptop from Microsoft (no 3rd party software) or buy an extra Windows license and do a fresh install.
I'm not sure if that's safe either. I installed Windows 10 recently and the install included apps like Facebook and Twitter. In fact a good portion of the start menu was essentially mini-billboards.
Windows 7 is still supported on Skylake and earlier machines.
are you sure they were actually installed and not just shortcuts to the web app or to install from the store?
I know, it is sad that they do this even on the Pro version. (You can manually uninstall the FB and Twitter apps.)

Still, the OS is cleaner than what you usually get with the default OEM install.

Not to mention Candy Crush and a Minecraft trial.
this reminds me of the android marketplace, where, in order to get a nice, clean, stock android installation (as opposed to an "enhanced" OEM android flavor), some consumers are eager to buy a device directly from Google.

interesting that a significant (supposed) advantage of separating the software company (e.g. MS, or Google) from the hardware company (e.g. Lenovo, Samsung) -- of making the software generic and capable of running on a broad universe of devices -- also became a powerful source of FUD.

I use the windows firewall to block all apps' out going tcp connection except firefox and chrome. It works well.

All apps includes IE, Edge, svchost etc.

"netstat -nbt" is the command I used to monitor all outgoing connections. Anything I don't like, I block it with firewall.

Windows 10 is usable after that. CPU usage go from normally 30-50% to 5-15%. The Laptop CPU fan doesn't kick in anymore.

Windows also doesn't wake up in the middle of night and doing P2P network to provide network bandwidth to update my neighbor's computer anymore.

It is even more stable and faster than the latest MacBookPro I used at work.

If someone know a similar method to block Mac's App's outgoing TCP connections, I love to know more.

Little Snitch is a Mac firewall that can block outgoing TCP connections.
Alligator Gars only look intimidating. There has never been a verified attack on a human.
With only a very small portion of the population able to both understand the implications of this type of tracking and how to circumnavigate it, I often wonder if there will eventually be a negative consequence akin to not establishing credit through purposely getting in debt.

In 20 years, will you be blocked from opening certain accounts if the company can't find sufficient mined data on you?

Or entering a country. Oh, wait...

next: being blocked from leaving a country.

Or maybe you won't be able to get a job or take a loan if you don't have social network accounts: "are you hiding something?".
"no, i just don't want your company to snoop into my personal life"
Agree with the other commenters here that requiring consent and asking for new hardware to be audited isn't really anywhere near enough of a punishment.

I've read through the full settlement here: https://www.ftc.gov/system/files/documents/cases/1523134_len...

As far as I can tell they've just been ordered to do things they should've been doing already (security testing, asking for consent). Is anyone familiar enough with the relevant US laws in play here to explain why there was no harsher punishment or fine?

(comment deleted)
Because the FTC has been almost completely declawed. Their powers to protect consumers have been gutted and the whole agency has been reduced to enforcing a few narrowly defined easily bypassed rules, with almost zero powers outside of that.
Personally, they've lost my business. I used and loved Thinkpads for many years, but I no longer use them and now recommend against their purchase. Lenovo has a huge trust gap to repair.
What OS do you run and what machine would you suggest for it instead?
I'm not OP but all of my thinkpads are second hand and run lubuntu.

All of my windows systems run an old copy of win7 and are built from newegg hardware, asus msi etc

I run Arch on a Dell Precision, which works great for me.
I stick with ThinkPads old enough to have coreboot support. On the up side you get a proper keyboard, a screen aspect ratio not optimized only for consuming video, cheap spare parts and flawless Linux support.
While I agree that Superfish was a disaster, keep in mind that it did not affect the ThinkPad line at all. From what I heard, the consumer and business lines have strong separation inside Lenovo. I have lost all trust in their consumer division, too. But it seems silly to me to discount ThinkPads based on the malware bundled with Lenovo's consumer offerings.
(comment deleted)
I would, however, recommend against using Thinkpads as they are simply no longer a quality line. It's sad to see how far they've fallen as they were my goto for many years.
Keep in mind that they only screwed over the consumers because they knew there would be no punishment. They knew that businesses would drop them if they did the same thing to them. They took advantage of people, and would do the same thing to businesses if they knew they could get away with it. Why someone would trust this company at all is beyond me. They tried to screw over your mom and dad, and your family, but that's okay because they aren't a business?
Same thing here, running both Linux and Windows at different times. The old ThinkPads used to be absolutely great machines in every way. These days I'm strictly on macOS and would recommend a MacBook/Pro to almost anyone, but contrary to many Mac users I'm actually not a huge fan of the hardware (apart from the trackpad and MagSafe, which they killed).

If Apple would build a modern laptop in an old school ThinkPad bento box rollcage-protected user repairable/upgradable chassis with a replaceable battery, ECC memory and the new ThinkPad keyboard, I'd be all over that...yeah, I know, but one can dream.

At least keyboard-wise there's the ThinkPad Compact USB Keyboard option [1]. Been using it with macOS for about 2 years now, just changed the keyboard modifier settings to make it work like a Mac keyboard (and one could use something like Karabiner/-Elements to map the weirdly placed PrtSc key to Alt/Option). And the Bluetooth version fits nicely over the integrated keyboard when on the go.

I find it compares to other keyboards as the MacBook trackpad compares to other trackpads, that is - it's in a league of its own in terms of feel.

[1] https://support.lenovo.com/en/solutions/pd026745

Edited to add the Bluetooth version.

For your friends and family at least I recommend ElementaryOS. It’s a good introduction to the MacOS design philosophy, it runs fast on older hardware, and grandma can function with it relatively quickly with a bit of coaching.
For people wondering why there was no hefty fine, it's probably because the FTC had no authority to impose one. Except with regard to children, the FTC isn't specifically empowered to protect "privacy rights." The FTC brought a complaint against Lenovo under Section 5 of the FTC Act, which addresses "unfair competition" and "unfair practices." Historically, that meant false advertising or other abusive practices set forth in law (e.g. unfair debt collection practices). Under Section 5, civil penalties can only be imposed where a company violates an FTC rule, and does so with knowledge that the conduct violates the FTC rule (typically a Trade Regulation Rule ("TRR")). 15 U.S.C. 45(m)(1)(A).

There is no TRR addressing the kind of conduct Lenovo engaged in, nor any statute prohibiting such conduct: https://www.ftc.gov/reports/privacy-data-security-update-201.... While the FTC can declare particular practices unfair on a case-by-case basis, without a rule, in that situation it can only issue a cease-and-desist order. 15 U.S.C. 45(m)(1)(B).

HN: I don't like secret laws.

Also HN: I don't like when they don't invent secret laws to punish people I'm mad at.

How is a law giving the ftc more power here a secret law?
Playing devil's advocate - the power we'd be granting is the power to apply fines when you broke rules you didn't know existed, because they are case-by-case determinations.
Did the law exist before Lenovo shipped the fish? Did Lenovo know about it?
I don't know what you said in your previous comment, but a law isn't secret just because it didn't exist at some point in history, because then all laws would be secret laws.
So you are unhappy that an online community of people from around the world cannot form a hive mind consensus of thought? Count me as one that appreciates diversity of thought within a community. If it is an echo chamber you want I am sure there's plenty already elsewhere.
Fine, why wasn't another agency involved too then?
Maybe the Department of Justice? I don't know if they go for that sort of thing. The only other option I can think of off the top of my head is the FCC.
Is that a generally accepted interpretation, or one of the current administration? Republican administrations generally interpret regulatory power much more narrowly.
Aside from being what the statute says, it's a longstanding interpretation. See page 605: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913.

> With limited powers and resources, the FTC could have become largely ignored by companies. Indeed, the FTC lacks the general authority to issue civil penalties and rarely fines companies for privacy-related violations under privacy-related statutes or rules that provide for civil penalties. Absent such grounds for issuing a civil penalty, the FTC is limited to fining companies under a contempt action for violating a settlement order.

Microsoft should charge Lenovo $100 extra for installing windows. After all Lenovo's shenanigans are ruining Microsoft's market.
Tangent: supposed Microsoft decided to do just that. Would the anti-monopoly rulings from the 90's stop it?
That's not enough! We demand MORE adware, more adware!
Consumer vs business computers is one of my favorite topics. Even with Lenovo, Superfish is not the only example.
This is the problem not only with Lenovo. Many mobile apps try to collect as many information as possible (for example, GPS location or WiFi station ids) and save to their servers. There should be a law explicitly forbidding secret collection of information especially if it is not required for app functioning.

I also remember similar case when chinese smartphone manufacturers preinstalled adware on the devices. It was showing ads above browser window to make it look as if it was a part of a webpage (and used Google ads by the way).

If you install an app which shouldn't require those permissions, but it asks for then anyway, then I would be very wary, to the point of not installing.

The customer needs to punish those apps by voting with their feet.