-- By AriGlatt - 10 May 2015
Privacy evokes a cornucopia of concepts for Americans, some of them tied to traditional notions of civil liberties and some of them driven by concerns about the surveillance of digital communications. Edward Snowden alerted America and the world about the how the US government engages in massive, illegal dragnet surveillance of the domestic and international communications records of millions of ordinary people. But the NSA is not the only one trying to access others' internet data, and therefore internet users endeavor to protect their privacy from hackers in many different ways.
One such tactic to shelter communications is to use secure HTTPS connections for encrypting transmission data. Many sites on the web offer some limited support for encryption over HTTPS. Large sites like Google have migrated towards HTTPS by default for most purposes. HTTPS protection is valuable in order to defend Internet users against surveillance of the content of their communications, cookie theft, account hijacking, and other web security flaws.
The problems don't just stop there. The encryption key for the Superfish certificate has been cracked and publicized on the web, so attackers can use that key to initiate more man-in-the-middle attacks. Because this certificate is so weak, anyone can take its private key, use the password and sign anything from fake certificates to viruses or malware and your PC will trust it because it is signed by a trusted certificate. Therefore, any controls on one of these laptops that were used to stop malware by only allowing signed programs are now worthless.
If you purchased a Lenovo computer anytime within recent memory, then it is strongly recommended to check if your machine is vulnerable. Many websites offer the service check for free, such as the one here.
Although Lenovo was at the forefront in the news in regard to the negative impact of pre-installed programs, Lenovo is hardly the only device vendor that takes it upon itself to embed software programs that neither need nor want. This has been an ongoing problem for many years, since even if these unwanted programs that come pre-installed don’t pose a security risk, bloatware can have other negative effects. Some of these effects are merely annoying in that they take up precious space on devices with limited storage space, suck up bandwidth, reduce battery life, or even cut into mobile data allocations by accessing the network periodically even though they aren’t being used.
Something stronger needs to be done in order to prevent manufacturers from preloading malicious software or bloatware. Consumers need to put enough pressure on hardware vendors or operating system vendors to convince them that it’s bad for business to include bloatware and tracking tech. This could be accomplished by boycotting known manufacturers who endanger their users with preloaded apps just in order to make a quick buck. Hopefully the publicity from Superfish will be a wake-up call for consumers. Consumers need to educate themselves and take precautions to know who is capable of watching them on their own device, regardless if it's from unwanted adware from the manufacturer, the government, or hackers using malicious techniques.
A better solution and one more likely to get results would be to have legislation that would prevent this problem of hidden embedded tech. South Korea has tried to remove bloatware by enacting new regulations banning the practice. The United States needs to follow suit and reform the law to protect its citizens against illegal prying eyes; that is, other than the United States government.