Friendly reminder that Lenovo made a deliberate choice to ship malware payloads to its customers from the factory [0] by preinstalling an SSL MITM proxy configuration from an adware vendor. This is not some suspicious technology with legitimate uses like Intel Management Engine. This is not concerns about the second-order implications of your voluntary uploads to Facebook and Google. It's not even an agency with a real national-security mission overstepping its bounds. It's honest-to-goodness we're-going-to-fuck-you-because-we-can pwnage officially authorized at the highest levels of the company to make a few bucks. When you ask your Lenovo machine to browse the web, you're not seeing the web, you're seeing a version edited by Lenovo's advertising partners. Sure, anyone here can beat it, but where else in the stack have they subverted your machine?
If you're even slightly concerned about data privacy and user freedom, please do not be complicit in Lenovo's continued existence.
One might boycott a restaurant because they don't like its political activism, labor and sourcing practices, etc. This is much simpler than that. Lenovo served poisoned food. Not as a food-safety oversight, but as a matter of policy. The fact that they only did it for some menu items is irrelevant.
Stolen personal information which is later exposed in a data leak can certainly kill someone. In expectation it is less likely than food poisoning, but it still seems ridiculous to downplay the gravity of all of it.
That has got to be the most fucked up thing about capitalism: Correction signals are painfully slow, delayed and weak. You can mostly only penalize a company by boycotting their products (unless they seriously break a law), but for the individual, there is often more utility in continuing buying their products than in sending a corrective signal, so the overall signal mostly vanishes except for a small, intellectual minority that can afford extremely high moral standards.
No, this isn’t a fucked up thing about capitalism. If the state monopoly on computer production did this, you wouldn’t even be able to personally opt out. You’re not going to swing the votes of an electoral majority over a niche and technocratic issue.
Why would we care who the individuals were/are? Corporate personhood is a two way street. If THE company full-willingly serves poison pills without tellling you, why trust them at all? It’s a damn company, who obviously feels they don’t need your trust, so fuck em.
Because it’s not like the group of people looking to install openBSD on something is really a deciding financial block. But we sure still have a right to look for the best available hardware for us.
I have a collection of old ThinkPads going back to the R31. I loved ThinkPad -- Linux compatible, nice keyboard, trackpoint, the well thought out work light you could activate in the dark. But Lenovo lost my trust and have done nothing to regain it. I'm not buying another ThinkPad.
If you're even slightly concerned about data privacy and user freedom, please do not be complicit in Lenovo's continued existence.
[0] https://www.theverge.com/2017/9/6/16261988/lenovo-adware-sup...