Yet another pre-installed spyware app discovered on Lenovo computers

A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company.

The fact that this was taking place was buried deep in the user "agreement" that came with the machine.

This is the third preloaded spyware scandal to hit Lenovo this year: first it was caught installing Superfish, which grossly compromised user security by installing a man-in-the-middle certificate into the operating system; then it got caught loading immortal, self-reinstalling crapware into part of the BIOS reserved for custom drivers.

This latest scandal is particularly noteworthy because it impinges on Thinkpads, the rock-solid laptop brand the company acquired from IBM.

As I've noted before, I'm a Lenovo Thinkpad user and none of this affects me because I throw away the hard drives that come with my laptops and install Ubuntu GNU/Linux on new SSD hard-drives. But this kind of terrible behavior speaks to a serious deficit in the company's management and calls into question the whole firm's strategy and attitude toward its customers.

The 21st century quip has it that if you're not paying for the product, you're the product. In the case of Lenovo machines this year, it seems that even if you are paying for the product, you're still the product.

The task that gave me pause is called "Lenovo Customer Feedback Program 64". It was running daily. According to the description in the task scheduler: "This task uploads Customer Feedback Program data to Lenovo".

I have setup my fair share of new Lenovo machines and can't recall ever being asked about a Customer Feedback program.

The program that runs daily is Lenovo.TVT.CustomerFeedback.Agent.exe and it resides in folder C:\Program Files (x86)\Lenovo\Customer Feedback Program.

Other files in this folder are Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.

According to Wikipedia, Omniture is an online marketing and web analytics firm, and SiteCatalyst (since renamed) is their software as a service application for client-side web analytics.

So, while there may not be extra ads on ThinkPads, there is some monitoring and tracking.

On the one hand this is surprising because the machines were refurbished and sold by IBM. On the other hand, considering Lenovo's recent history, it's not surprising at all.

Lenovo collects usage data on ThinkPad, ThinkCentre and ThinkStation PCs [Michael Horowitz/Computerworld]

(via /.)

Start the discussion at bbs.boingboing.net