Lenovo pays out $3.5m in resolution of Superfish scandal
Lenovo executives woke up this morning to find their collective wallet $3.5m lighter than the night before as the Beijing-based computer manufacturer decided to settle with the FTC over 2015’s Superfish scandal. But don’t think those affected will end up with a rebate, Lenovo’s settlement money isn’t ending up in their hands.
For those who may have forgotten, back at the start of 2015 the FTC charged Lenovo with preinstalling “man-in-the-middle” software on its computers to help with advertising revenues. The software, known as Visual Discovery and developed by Superfish Inc., interfered with how web browsers interacted with websites, creating serious security vulnerabilities ripe for exploit.
Essentially, Visual Discovery worked like a piece of Spyware, delivering pop-up ads from Lenovo’s chosen retail partners whenever a user was looking at a similar product on another website. Superfish’s Visual Discovery platform essentially kept its eyes on your personal info – such as login credentials, bank account information, emails and so on – and should you happen to land on a fake site set up to con you out of your details, Superfish would just hand it all over.
READ NEXT: Best laptops 2017
Thankfully, it appears nobody made any real use of the exploit. On Tuesday, Lenovo issued a statement saying: “to date, we are not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications.”
It’s believed that Lenovo’s inclusion of the software ran to over 750,000 laptops sold between August 2014 and June 2015.
Lenovo’s inclusion of the software wasn’t illegal, nor is what Superfish Inc is building. The concern is actually around how Visual Discovery went about serving ads to users, something that Lenovo should have been aware of when it decided to preinstall it on computers without offering consumers an out – or providing them with accurate information on what the software did.
The FTC levied three violations against Lenovo in a bid to clamp down on companies that invade customer privacy but hasn’t actually fined them. Instead, it says it will bring down the hammer if Lenovo violates the orders it’s announced.
So just where is this $3.5m (£2.7m) settlement coming from then? The money Lenovo is paying out goes to the attorney generals in the 32 states that acted alongside the FTC who did decide to fine the company. Connecticut state led the case and its attorney general George Jepsen has announced the state will receive $286,145 in settlement funds.
I can’t help but think that money would be better spent paying out to the people Lenovo affected with its decision to use Superfish’s technology. But I’m sure each individual state will make use of the money in its own way.