I’ve long wondered which would be worse for Lenovo — if the company decided to install the Superfish adware onto its machines despite knowing its potential to be a major security vulnerability, or if it really had no clue about the risks involved with this kind of software. A New York Times interview with Lenovo CTO Peter Hortensius has now left me hoping that Lenovo has just been lying about its foreknowledge of Superfish’s capabilities because the alternative is just too scary.
The Times started off its interview by asking a simple question about how Superfish got onto its products in the first place. Hortensius’s answer to this question made me roll my eyes.
“The original motivation for this was that the product team was being asked, ‘Can we do something to improve our consumer experience?'” he told the Times. “Someone had the idea to improve their shopping experience in a novel way — not to own their experience, but just, if the consumer is looking at a desk, can we suggest an alternative product that looks like that desk? The motivation was to enhance the experience.”
Obviously, that wasn’t the main motivation. Even harmless bloatware isn’t installed to improve the customer experience, it’s installed to make OEMs money. No PC OEM goes around making a big deal about all the bloatware that comes preloaded onto their devices because pretty much everyone hates bloatware.
However, this opening statement was only a warmup for Hortensius’s pièce de résistance, in which he proclaimed that “obviously, in retrospect, if we had known what that meant in terms of how it was implemented, we would have never done it.”
You absolutely have to be kidding me. Your job is Chief Technology Officer. You were hired for this job because you supposedly either know how technology is implemented or are wise enough to ask how it’s implemented if you don’t know. This should especially be the case when someone comes up to you and says, “We were thinking about using some new software that will inject its own ads onto websites when users are surfing the web — what do you think of that?”
Further in the interview, Hortensius insists that Lenovo started removing Superfish from its products in January solely because users weren’t happy with the “consumer experience” it was giving them.
The Times points out to Hortensius that technologist Peter Horne says he tried warning Lenovo about the associated security risks with Superfish earlier this year but that the company didn’t do anything to fix it until it blew up in their faces. Hortensius basically has no answer to this charge and will only say that the company first decided to remove Superfish just because it wasn’t giving users a good online shopping experience.
The entire interview is absolutely infuriating and you should click here to read it if you really want to. No matter what, though, Hortensius has done an amazing job of convincing me to never buy a Lenovo product ever again.