HP Possible pulling a Lenovo with Stealthy spyware?
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
This isn't like the Lenovo spyware. Superfish was a third party app, HP's stuff seems to be about keeping an eye on HP stuff for HP, there's an obvious difference. That said, if there is no language at all in any previously agreed upon EULA, well then I guess HP is just screwed.
There is no obvious difference. What are you thinking is different? Both cases are vendors spying on end users without known permission.
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
I wonder if there is some something buried in HP's EULA that allows them to do this. Frankly I'd be surprised if there wasn't.
EULA is for the software, not the hardware. Would be essentially impossible for HP to have a EULA that covers this as it doesn’t get added to HP software.
-
Here is HP’s EULA. Clearly doesn’t allow this....
- NOTICE OF DATA COLLECTION. You agree that HP and its affiliates may collect, combine, and use device and individual user information you provide in relation to support services related to the Software Product. HP agrees not to use this information to market to you without your consent. Learn More about HP data collection practices at www.hp.com/go/privacy.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
device and individual user information you provide in relation to support services related to the Software Product
In this case "you" (me for example), are not "providing" anything to them. To me, "provide" means willingly and/or knowingly supplying or making available. Key words are willingly and knowingly.
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
device and individual user information you provide in relation to support services related to the Software Product
In this case "you" (me for example), are not "providing" anything to them. To me, "provide" means willingly and/or knowingly supplying or making available. Key words are willingly and knowingly.
Exactly. Me providing is totally different than them taking secretly via malware.
I would consider this a hacking crime, just because they did it through official seaming channels doesn't alter that.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
I would consider this a hacking crime, just because they did it through official seaming channels doesn't alter that.
This is the very definition of "hacking".
They gained unauthorized access to data in a system.
-
If this was just a part of their DaaS service, then it's just a central management tool that is reporting on hardware/software issues, i.e. like Spiceworks I suppose.
http://www8.hp.com/us/en/services/daas.html
Question is, DaaS is a paid thing, so why would their telemetry tool be automatically installed on hardware that isn't enrolled in a DaaS plan?
Either this is just a windows update goof, or HP decides all computers need the tool even when not enrolled in any DaaS program. And if so, who is collecting the data?
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
If this was just a part of their DaaS service, then it's just a central management tool that is reporting on hardware/software issues, i.e. like Spiceworks I suppose.
Yes, if the situation was totally different then.... the situation would be totally different. That is a given.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
Trojans are just management tools, too.
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
Trojans are just management tools, too.
Object your honor, relevance.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program.
This is totally untrue. What it CAN be included with has no relevance. That it is malware is the issue here. Malware can have legit uses too.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
Trojans are just management tools, too.
Object your honor, relevance.
It's totally relevant. You just excused malware on the basis of the potential of being included in a legit package.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
m. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
There is no grounds for this claim. How do you know that this is an accident? And accidental hacking is still hacking. It's better, but it's not nothing.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
The connection is something being installed without express permission. How is it you aren't seeing the connection? Chrome is a legit program, very likely the HP DaaS management tool is also a legit tool. You said yourself malware can also be legit packaging. But you call the HP malware and not Chrome. How is that confusing? It's the same thing to me.
In one case, some random program also thew in Chrome without my permission. And in the other case Windows updates threw in some HP software without permission. Both legitimate software with legitimate purposes and uses, but neither expressly permitted. -
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.
How is this even similar in your mind? I can't even imagine what aspect of this you are picturing makes one anything like the other. I truly have no idea how you missing a CHrome installer as being related to HP hacking customers. What's the connection?
The connection is something being installed without express permission. How is it you aren't seeing the connection?
Because one is installed by you, the other is not.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
In one case, some random program also thew in Chrome without my permission.
You said you didn't notice, you didn't say you were sure it never checked. Also, Chrome isn't collecting data, so isn't related. It's not spying on you. It is likely just classified as part of the original package.
I can't stress enough how every aspect here is flipped completely.
-
I can make software that includes Chrome as part of it. I can deploy that without asking you if you agree to deploy my software. You make the decision, not me. You can remove if you want. It's all open and above board. It's not malware.
If I install software without your permission, and RUN that software without your permission, and STEAL your data without your permission... that's malware.
Installing with, running with, collecting data with permissions versus all the same without permissions. Don't you see how they are opposites?