HP Possible pulling a Lenovo with Stealthy spyware?
-
@mattspeller said in HP Possible pulling a Lenovo with Stealthy spyware?:
Have we got any confirmation by a forum member of this being a real thing?
I don't want to start the witch hunt without evidence of fuckwittery
It was on my Spectre 360. No notification, no nothing.
-
@kelly said in HP Possible pulling a Lenovo with Stealthy spyware?:
@mattspeller said in HP Possible pulling a Lenovo with Stealthy spyware?:
Have we got any confirmation by a forum member of this being a real thing?
I don't want to start the witch hunt without evidence of fuckwittery
It was on my Spectre 360. No notification, no nothing.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
Now we just need Dell to pull this shit for the trifecta.
Private company without the pressures of Wall St. They are the least likely to pull this BS, I think.
Only recently private again though.
-
@jaredbusch said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
Now we just need Dell to pull this shit for the trifecta.
Private company without the pressures of Wall St. They are the least likely to pull this BS, I think.
Only recently private again though.
It's been a few years. A long time in the "spyware pushed to your private machines" era.
-
I wonder if there is some something buried in HP's EULA that allows them to do this. Frankly I'd be surprised if there wasn't.
This isn't like the Lenovo spyware. Superfish was a third party app, HP's stuff seems to be about keeping an eye on HP stuff for HP, there's an obvious difference. That said, if there is no language at all in any previously agreed upon EULA, well then I guess HP is just screwed.
-
@dashrender HP can keep an eye on HP stuff, but the moment I swipe the credit card, that stuff is MINE. Not HPs. So to them I say F..k off of MY gear.
-
@dashrender It is not HP stuff. It belongs to me or the company for whom i work.
-
@marcinozga said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dashrender HP can keep an eye on HP stuff, but the moment I swipe the credit card, that stuff is MINE. Not HPs. So to them I say F..k off of MY gear.
Right. It’s not theirs the moment that they accept payment for it.
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
I wonder if there is some something buried in HP's EULA that allows them to do this. Frankly I'd be surprised if there wasn't.
This isn't like the Lenovo spyware. Superfish was a third party app, HP's stuff seems to be about keeping an eye on HP stuff for HP, there's an obvious difference. That said, if there is no language at all in any previously agreed upon EULA, well then I guess HP is just screwed.
Superfish was NOT a third party app! It was part of Lenovo’s drivers.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@jaredbusch said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
Now we just need Dell to pull this shit for the trifecta.
Private company without the pressures of Wall St. They are the least likely to pull this BS, I think.
Only recently private again though.
It's been a few years. A long time in the "spyware pushed to your private machines" era.
Well, they were public, but then Michael Dell bought it back, and is now private. I forget when that was but yeah it's been a bit now.
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
This isn't like the Lenovo spyware. Superfish was a third party app, HP's stuff seems to be about keeping an eye on HP stuff for HP, there's an obvious difference. That said, if there is no language at all in any previously agreed upon EULA, well then I guess HP is just screwed.
There is no obvious difference. What are you thinking is different? Both cases are vendors spying on end users without known permission.
-
@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:
I wonder if there is some something buried in HP's EULA that allows them to do this. Frankly I'd be surprised if there wasn't.
EULA is for the software, not the hardware. Would be essentially impossible for HP to have a EULA that covers this as it doesn’t get added to HP software.
-
Here is HP’s EULA. Clearly doesn’t allow this....
- NOTICE OF DATA COLLECTION. You agree that HP and its affiliates may collect, combine, and use device and individual user information you provide in relation to support services related to the Software Product. HP agrees not to use this information to market to you without your consent. Learn More about HP data collection practices at www.hp.com/go/privacy.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
device and individual user information you provide in relation to support services related to the Software Product
In this case "you" (me for example), are not "providing" anything to them. To me, "provide" means willingly and/or knowingly supplying or making available. Key words are willingly and knowingly.
-
@tim_g said in HP Possible pulling a Lenovo with Stealthy spyware?:
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
device and individual user information you provide in relation to support services related to the Software Product
In this case "you" (me for example), are not "providing" anything to them. To me, "provide" means willingly and/or knowingly supplying or making available. Key words are willingly and knowingly.
Exactly. Me providing is totally different than them taking secretly via malware.
I would consider this a hacking crime, just because they did it through official seaming channels doesn't alter that.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
I would consider this a hacking crime, just because they did it through official seaming channels doesn't alter that.
This is the very definition of "hacking".
They gained unauthorized access to data in a system.
-
If this was just a part of their DaaS service, then it's just a central management tool that is reporting on hardware/software issues, i.e. like Spiceworks I suppose.
http://www8.hp.com/us/en/services/daas.html
Question is, DaaS is a paid thing, so why would their telemetry tool be automatically installed on hardware that isn't enrolled in a DaaS plan?
Either this is just a windows update goof, or HP decides all computers need the tool even when not enrolled in any DaaS program. And if so, who is collecting the data?
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
-
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
If this was just a part of their DaaS service, then it's just a central management tool that is reporting on hardware/software issues, i.e. like Spiceworks I suppose.
Yes, if the situation was totally different then.... the situation would be totally different. That is a given.
-
@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:
@guyinpv said in HP Possible pulling a Lenovo with Stealthy spyware?:
This is either malicious or an accident pushing DaaS tools to computers that don't need it.
We can't know that. We cannot have any assumption that only legitimate data is being collected. Is that a possibility? Yes. Can we assume it? Absolutely not. Unless you can prove everything that is and can be collected with it, you have to treat it as stealing anything and everything. This is malware we are talking about.
It's not malware if it's just a system management tool as part of their DaaS program. In this case it would just be a tool accidentally getting installed on systems that haven't been enrolled in the program.
Just the other day on a fresh load of Win10 on a laptop I was installing various programs and I think the antivirus automatically installed Chrome. I don't remember being asked to install Chrome, or the little checkbox was tiny and passed my view. Does that make Chrome malware? No, it just got installed without my explicit permission. It was opt-out rather than opt-in. Same as the HP software I guess.