Lenovo agreed on Tuesday to resolve a dispute with the Federal Trade Commission (PDF) for the scandal Superfish, to pay 3,5 for millions of dollars as a fine, and to implement a series of measures that would prevent similar cases in the future.
The construction company has allowed a company called Superfish to install a bloatware VisualDiscovery on hundreds of thousands of systems built in August of 2014. The software allowed for the collection of sensitive personal information from client computers, such as login credentials, social security numbers, and many other data.
Lenovo admitted the problem a year later and released a special tool for removing bloatware, describing its partnership with Superfish as a “significant mistake.” Then Lenovo promised to keep its systems clean of every malware.
This did not stop the FTC from initiating legal action against Lenovo, and as part of the settlement, it explicitly forbade the company to have pre-assembled software functions that could result in advertisements in browsers. In other words, Lenovo should report the truth about every special feature of the applications that come pre-installed on the devices it sells.
In addition, all Lenovo models released in the next 20 years must come with pre-installed software security which will have to go through a security check by a third party. If the product serves ads, consumers' consent will be required if they want them on their devices.
Hopefully, the FTC will implement more such measures in companies that do not respect the consumer, but their main concern is to earn as much as possible. A good example is Microsoft with the application Get Windows 10 who withdrew (after too many reports).
According to FTC's Terrell McSweeny, the Superfish application was using GW10's practices to mislead Lenovo product users.