A Blog by Jonathan Low

 

Feb 22, 2015

The Lenovo Superfish Adware Debacle is Bigger Than You Think

Lenovo's embarrassed about this whole Superfish thing. I mean, gosh darnit, somebody forgot to say no to installing it. They would never, ever have considered installing spyware if they hadn't been  caught, er, informed.

Hey but here's the good news! Just log on and you can learn how to uninstall it in your no-doubt voluminous spare time. Cuz we all agree it's your responsibility, right? No self respecting commercial enterprise would dream of providing a customer service like that these days. Think what it might do to margins, stock price performance and bonuses!

But it does raise an interesting question, as the following article explains. Which is what customer satisfaction even means these days. Whose satisfaction are we attempting to affect? The customers? Really? Or is this really about what the political consultants and PR folks call 'optics.' The way behavior impacts perceptions. Because they are going to keep trying. And it's safe to assume that eventually they're not going to get caught. Which is when they really start to make money and you lose any hope of redress. JL

Jonathan Salem Baskin comments on LinkedIn:

The digital age has redefined customer-centricity as caveat emptor. The privacy debate is really about control. The issue with the Superfish adware was that it wrested control of the ads consumers saw from others that are vying to profit from that access
Lenovo got in trouble earlier this month because it had shipped PCs preloaded with software that not only inserted ads into website browsers, but created a potential backdoor for hackers.
The software, called Superfish Visual Discovery, is 100% legit, even though it reprogrammed computers to redirect sites to include its content in a way security experts in PC Magazine call “a classic definition of a man-in-the-middle-attack” (Superfish is blaming one of its partners for the code, which is built into a number of other programs running on a variety of computers). The problem is that the approach opens affected machines to other, more insidious redirections of web activity (like sending users to fake sites, at which they might reveal their passwords).
Lenovo has already nixed the program, and there’s a workable, if not somewhat complicated way to remove it from afflicted devices. But the debacle suggests at least two far bigger questions about the ways businesses market technology and address consumer privacy.
First, when did responsibility for tech product safety get outsourced to consumers? We’ve been surrounded by machines we don’t fully understand for a while now, yet we were never expected to fathom, let alone judge, the operational safety of a car, television set, or airplane. But that’s exactly what consumers are supposed to do with today’s communication devices.
User directions for uninstalling Superfish (image: The Windows Club)
User directions for uninstalling Superfish (image: The Windows Club)
We approve our smartphones’ functionality via a checked box that usually follows dense, detailed scripts we don’t read, and might not understand if we did. Haven’t you ever wondered why you had to give that silly little game app access to your contacts and location before it will run? Do you know what all those programs do that are pre-installed on your phone or smart TV? Superfish was just one of many, and many of them are equally tough to uninstall (or can’t be removed by consumers at all).
Who checked and certified that they’ll work the ways we expect, or do so with our best interests (including safety) at heart? Lenovo didn’t, and Superfish didn’t. You did, which means pretty much nobody did. And no amount of vetting by markets or crowds reliably ensures that every threat will be caught or addressed after the fact, especially since today’s tech operation and interactions are often more complicated and nuanced than, say, telegraph lines or combustion engines.
The digital age has redefined customer-centricity as caveat emptor.
Second, the privacy debate is really about control. The issue with the Superfish adware was that it wrested control of the ads consumers saw on their screens from others that are vying to buy and profit from that access. It’s a small skirmish in a huge, ongoing war over who controls what people see, how they learn about things, and what they’re directed and inspired to do and buy.
Legal institutions are chasing the same control as hackers; all of them want to monetize privacy in one way or another, though not protect it in ways individuals might assume. Consumer privacy is the raw resource they exploit, and the only questions that are getting asked are how much, and how often? It’s a given that the devices we watch will both watch us and dictate much of what we see.
The only way to opt-out is to go rent Ted Kaczynski’s cabin. But we don’t talk about it.
It doesn’t have to be this way. There’s nothing inherently immoral about adware, institutions collecting data to fight evil-doers, or companies that want to sell stuff. We just do a horrible job of communicating those realities, while we tolerate and encourage misperceptions about consumer privacy.
Imagine if Lenovo’s marketers had come up with a proactive pitch to consumers for why Superfish was a user benefit, found a third-party to ensure its validity and safety, and maybe charged for its added value?
Now, apply that single instance to the larger conversation, and think of the ways other hardware or software functionality could be better explained, credibly endorsed, and even priced. If those benefits impacted user privacy, corporate policies could be reconfigured (and communicated) to achieve understanding, and therefrom build trust and loyalty. If any such benefits couldn’t survive the scrutiny, maybe they could be rethought and/or abandoned?
What if opt-in wasn’t just a legal gesture, but the conscious affirmation of understanding and an ongoing relationship?
The Lenovo debacle was a small event, but the questions it raises are bigger than you think.

0 comments:

Post a Comment