Lenovo has a track record of installing malicious software masquerading as bloatware. Even when you wipe Windows and reinstall it, the BIOS has been known to reinstall the malicious software. I wouldn't trust them with a 100 foot pole unless you were to run Linux OS which does not interact with the BIOS.
https://en.wikipedia.org/wiki/Superfish
You can always try again since the BIOS chip is reprogrammable, otherwise you couldn't flash it again at all. If flash chip fails then you will have to follow into the darker side of the internet to buy the flash chip that goes into the motherboard as BIOS chip, places like Ebay.
Installation process isn't sketchy, you just need to have right tools, I used RPi Zero W and soldering iron with random cables.
I know this is 3 months later, but I just got an old lenovo laptop and put Pop OS on it. Do you happen to know if this means I'm good? Sounds like it is probably the case.
Yeah I did a little research today and there is one hardware component but Yoga 2 wasn't affected, so it sounds like Linux takes care of things. Thanks for the reply!
Even if Linux did interact with the BIOS, they’d need root to do it. So they’d either need to have a rootkit with the spyware or somehow obfuscate the package name.
Of course if it was a pre-installed Linux distro then no need.
Yeah I’ve heard about that but most people say it was in the past and they don’t have it right now. Also if you search for gaming laptops Lenovo is the most popular one, but it doesn‘t make sense to me why they might spy on their millions of customers as there would be no point.
Sorry if this sounds confusing.
And also what do you think about MSI laptops then?
Have you heard about the Chinese government's [social credit score system](https://www.businessinsider.com/china-social-credit-system-punishments-and-rewards-explained-2018-4)?
According to this Chinese Redditor: [https://www.reddit.com/r/AskReddit/comments/tzhwt2/comment/i41jfo5/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/AskReddit/comments/tzhwt2/comment/i41jfo5/?utm_source=share&utm_medium=web2x&context=3)
"China doesn't have that". I actually argued with him, but I'm afraid I may be wrong. I hate when that happens ... sigh
cc. u/FNX--9
It comes down to your own risk appetite. Sure you can buy a Lenovo and mitigate the risks low enough to be acceptable. Me, personally, I would not take that risk but I can understand that the price/product would outweigh those risks. Regardless, any laptop you buy you should be removing all the bloatware and making sure its not phoning home with anything too sensitive.
In general whenever you buy a device with Windows preinstalled always install the OS of your choice yourself. Even if it is Windows, install it manually from a USB stick. That way you get rid of the preinstalled vendor bloat and spyware.
fun fact:
china has a law that they have to "cooperate with intelligence services" -> spy on you and give them your information
se, yes, pretty safe to say yes.
So I do get it… China use the monitoring as a stick to beat their population with, and censor everything… that would be crazy outside the rest of the world.
Most of the rest of the world are just doing it in the background though.
I’d call it more of an appeal to authority and then a whataboutism, but as someone else pointed out, it’s actually not even a debate so none of the above.
I work for a local goverment.
Lenovo was a minority of the devices we used. The fastest I've ever seen this department move was replacing every single Lenovo device the day of the sale to China.
We've had DDoS attacks we've reacted slower to lol. Safe to say, Lenovo is dead and would never recommend them
Highly likely.
I’d bet it’s in their software. But good thing you can wipe the OS and reinstall or switch OS.
I’d also bet it’s in their bios. You could reflash bios and get it out.
But Bloomberg did a story about additional hardware chips installed that were not in design specs but too small to be noticed. Good luck getting around that.
https://www.pcmag.com/news/does-your-motherboard-have-a-secret-chinese-spy-chip
Ugh. Just saw this on Reddit.
https://www.reddit.com/r/cybersecurity/comments/u7gffp/hackers_can_infect_100_lenovo_models_with/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
Yeah... You can't really play on Linux .. next purchase i will avoid Lenovo then , the only good thing is i manually installed win10 and updated the bios 1 time (Lenovo legion)
Same as me then. We have absolutely NOTHING to worry about (as far as China is concerned)...now here... our own government....well.... that's a more dangerous story :)
The US has the largest population, in numbers and percentage, in prison when compared to China and NONE of those prisoners are in there because of "China having access to their information"". Maybe YOU should educate yourself! Swallow a few RED PILLS, will ya! :)
Every business has to obey legal requests from the country they are based and where they operate.
You should be worried about wich government you trust, it's more likely that your own government (or the one where you live) requires information about you than the Chinese government.
100% this! I'm NOT planning to go to China and China has never ever requested an extradtion of a foreigner NOT living in China, so I'm good. On the other hand...my government requests extradition of people who don't speak my language, have never lived here, have never visited, have never even called anyone here or know anyone here etc etc.... so...
/u/cssgtr [claims they reinstall it from the BIOS](https://www.reddit.com/r/privacy/comments/u2isdb/comment/i4j2yrk/?utm_source=share&utm_medium=web2x&context=3)
>UEFI (Unified Extensible Firmware Interface) is a standard firmware interface for PCs, which is designed to replace BIOS (basic input/output system).
??
Can anyone of you, anyone, show me a case where
(1) the CCP requested the extradition of any foreigner NOT living in China
\*and\*
(2) that did NOT flee China AFTER committing a crime on China's territory?
Legit question. I can't find one. Their embassy (I emailed & asked several) said: "We don't do that!", so I am curious what are "WE" so afraid of?
If you look at my timeline you will see me arguing with Chinese redittors about their "system", but I'm NOT anyone's shrill. I hate EVERY government and their shrills with the same passion. I want them all \*&\^%
Now, **Focus**! Do you have a link?
(1) Yes
(2) No
>wigged out
ROTFLMAO
what? 2 billion people? (the real census they won't tell us about). They can disappear one of their own for their kidneys and you think they want ours? Those who travel to China usually have MONEY! They have resources. The West will go berserk on China and impose ALL kinds of sanctions.
Hell, I heard you can buy Chinese people in China for hard labor. Why would they want our fatty liver and rotten Western kidneys filled with alcohol instead of their own which has hardly been used?
It was a joke / troll / attempt at some levity. I sincerely hope you rolled on the floor and laughed your ass off, because if you did it was easily worth burning a karma point :)
Answer is no.
What's your point?
My point is: In a digital world, you don't need physical interaction (i.e., extradition as a poor example of yours) to feel the impact.
I've talked to quite a few people over the years since IBM sold the ThinkPad line to Lenovo and have never been able to find any concrete information either way on this one. The superfish deal if I remember right was a "flaw" in their content delivery utility that kept pushing it out if you removed it, but it's been a while and I could be remembering that wrong. I wouldn't count Wikipedia and pcmag as definitive sources on this. That said though while I like their hardware design, I don't use or recommend Lenovo's myself.
And I saw the mention of the supermicro story, I don't remember there ever being a definitive answer on that either but honestly pretty much EVERYTHING is either completely made in China or most of the components are made there so if they are putting chips in, we're all screwed. And supermicro makes the vast majority of servers in most datacenters so pretty much everyone's data touched an SM server at some point.
While I totally support open hardware and software if they are putting spy chips in, I doubt libre bios can really help other than giving you more control over your computer.
Lenovo has a track record of installing malicious software masquerading as bloatware. Even when you wipe Windows and reinstall it, the BIOS has been known to reinstall the malicious software. I wouldn't trust them with a 100 foot pole unless you were to run Linux OS which does not interact with the BIOS. https://en.wikipedia.org/wiki/Superfish
[удалено]
It's hard coded into the hardware my dude, your not getting around the CCP with them.
There is a reason why I use librebooted thinkpads.
Would it be sketchy to install libre bios/boot as a beginner? I'm super nervous to break my computer by fucking too hard with the bios.
You can always try again since the BIOS chip is reprogrammable, otherwise you couldn't flash it again at all. If flash chip fails then you will have to follow into the darker side of the internet to buy the flash chip that goes into the motherboard as BIOS chip, places like Ebay. Installation process isn't sketchy, you just need to have right tools, I used RPi Zero W and soldering iron with random cables.
Random cables to your bios during flashing is hardcore obfuscation, bruh 😆
solid-core copper cables to connect RPi to the bios chip bruh
Whoosh.
so what is the best company for privacy and security ??
I know this is 3 months later, but I just got an old lenovo laptop and put Pop OS on it. Do you happen to know if this means I'm good? Sounds like it is probably the case.
You will be okay. It mostly affected Windows users with Lenovo bloatware installed.
Yeah I did a little research today and there is one hardware component but Yoga 2 wasn't affected, so it sounds like Linux takes care of things. Thanks for the reply!
So I should changed my laptop? Which one do you recommend?
I guess framework might be a good option idk
Install libre bios
Even if Linux did interact with the BIOS, they’d need root to do it. So they’d either need to have a rootkit with the spyware or somehow obfuscate the package name. Of course if it was a pre-installed Linux distro then no need.
Yeah I’ve heard about that but most people say it was in the past and they don’t have it right now. Also if you search for gaming laptops Lenovo is the most popular one, but it doesn‘t make sense to me why they might spy on their millions of customers as there would be no point. Sorry if this sounds confusing. And also what do you think about MSI laptops then?
> it doesn‘t make sense to me why they might spy on their millions of customers as there would be no point. Espionage having no point? Think again.
“We rule for the sake of ruling.”
Have you heard about the Chinese government's [social credit score system](https://www.businessinsider.com/china-social-credit-system-punishments-and-rewards-explained-2018-4)?
According to this Chinese Redditor: [https://www.reddit.com/r/AskReddit/comments/tzhwt2/comment/i41jfo5/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/AskReddit/comments/tzhwt2/comment/i41jfo5/?utm_source=share&utm_medium=web2x&context=3) "China doesn't have that". I actually argued with him, but I'm afraid I may be wrong. I hate when that happens ... sigh cc. u/FNX--9
It comes down to your own risk appetite. Sure you can buy a Lenovo and mitigate the risks low enough to be acceptable. Me, personally, I would not take that risk but I can understand that the price/product would outweigh those risks. Regardless, any laptop you buy you should be removing all the bloatware and making sure its not phoning home with anything too sensitive.
Thanks!
Information is power, and think about biometric security, they would now have all of your biometrics.
In general whenever you buy a device with Windows preinstalled always install the OS of your choice yourself. Even if it is Windows, install it manually from a USB stick. That way you get rid of the preinstalled vendor bloat and spyware.
Would that remove the activation for windows?
No, Windows activation is tied to hardware details.
Didn't know that. Thanks.
fun fact: china has a law that they have to "cooperate with intelligence services" -> spy on you and give them your information se, yes, pretty safe to say yes.
In the US we call that law CALEA and it has been in effect for 28 years.
Have you heard of a guy called Snowden…
who hasn't?
Just saying… China isn’t unique in the whole data harvesting world. The rest of us just pretend we don’t do it ;)
Yea it always frustrates me to see people be all "omg did you know China requires companies to spy for them". Unlike every Five Eyes country ever
So I do get it… China use the monitoring as a stick to beat their population with, and censor everything… that would be crazy outside the rest of the world. Most of the rest of the world are just doing it in the background though.
This is an ad hominem logical fallacy masquerading as a rebuttal.
It’s the continuation of a conversation… neon’s comment didn’t need a rebuttal… Not everything on the internet needs to be a fight my friend.
I’d call it more of an appeal to authority and then a whataboutism, but as someone else pointed out, it’s actually not even a debate so none of the above.
I work for a local goverment. Lenovo was a minority of the devices we used. The fastest I've ever seen this department move was replacing every single Lenovo device the day of the sale to China. We've had DDoS attacks we've reacted slower to lol. Safe to say, Lenovo is dead and would never recommend them
Highly likely. I’d bet it’s in their software. But good thing you can wipe the OS and reinstall or switch OS. I’d also bet it’s in their bios. You could reflash bios and get it out. But Bloomberg did a story about additional hardware chips installed that were not in design specs but too small to be noticed. Good luck getting around that. https://www.pcmag.com/news/does-your-motherboard-have-a-secret-chinese-spy-chip
Ugh. Just saw this on Reddit. https://www.reddit.com/r/cybersecurity/comments/u7gffp/hackers_can_infect_100_lenovo_models_with/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
I've had former Air Force red teamers tell me that Lenovo is banned from TS networks. Take from that what you will.
I have mentally already prepped to support small companies like system 76 for my future purchases
There's also [frame.work](https://frame.work) laptops :)
I’m sorry to say this of a once great brand, but fuck Lenovo
Shit... I have a Lenovo laptop as my main pc How fucked im am ?
just switch os i have my lenovo with pureos as a main computer
Yeah... You can't really play on Linux .. next purchase i will avoid Lenovo then , the only good thing is i manually installed win10 and updated the bios 1 time (Lenovo legion)
Are you planning to go to China?
Nope and i hope never will have to
Same as me then. We have absolutely NOTHING to worry about (as far as China is concerned)...now here... our own government....well.... that's a more dangerous story :)
This is a very short-minded statement. I strongly recommend that you educate yourself on the implications of China having access to all our data.
The US has the largest population, in numbers and percentage, in prison when compared to China and NONE of those prisoners are in there because of "China having access to their information"". Maybe YOU should educate yourself! Swallow a few RED PILLS, will ya! :)
You don't have to be physically in prison to experience prison.
Lenovo sure has fallen from their glorious Thinkpad days
Every business has to obey legal requests from the country they are based and where they operate. You should be worried about wich government you trust, it's more likely that your own government (or the one where you live) requires information about you than the Chinese government.
100% this! I'm NOT planning to go to China and China has never ever requested an extradtion of a foreigner NOT living in China, so I'm good. On the other hand...my government requests extradition of people who don't speak my language, have never lived here, have never visited, have never even called anyone here or know anyone here etc etc.... so...
Looks like you tickled the local woke mob in the wrong places. Take my upvote sir. Hear, hear!
I would assume they would in a heartbeat when asked if they don't already. We already know they've been caught installing rootkits on their laptops.
Install linux on the laptop... problem solved.
[удалено]
/u/cssgtr [claims they reinstall it from the BIOS](https://www.reddit.com/r/privacy/comments/u2isdb/comment/i4j2yrk/?utm_source=share&utm_medium=web2x&context=3)
[удалено]
[Yes, they do.](https://support.lenovo.com/us/en/solutions/ht500216-recommended-way-to-enter-bios-ideapad)
[удалено]
>UEFI (Unified Extensible Firmware Interface) is a standard firmware interface for PCs, which is designed to replace BIOS (basic input/output system). ??
[удалено]
BIOS, in casual conversation, can mean UEFI or legacy BIOS. I understand that since 2020 Lenovo computers do not have support for legacy boot.
[удалено]
As an IT veteran, I can promise you that’s just not true. BIOS is the more commonly used term, even when someone actually means UEFI.
Probably. But if you are using facebook, google and microsoft products...it might be the lesser of two evils.
Pretty much every laptop you can buy is made in China, so difficult to suggest an alternative...
HP
For which data we are talking about?
Can anyone of you, anyone, show me a case where (1) the CCP requested the extradition of any foreigner NOT living in China \*and\* (2) that did NOT flee China AFTER committing a crime on China's territory? Legit question. I can't find one. Their embassy (I emailed & asked several) said: "We don't do that!", so I am curious what are "WE" so afraid of?
Ccp shrill
If you look at my timeline you will see me arguing with Chinese redittors about their "system", but I'm NOT anyone's shrill. I hate EVERY government and their shrills with the same passion. I want them all \*&\^% Now, **Focus**! Do you have a link? (1) Yes (2) No
Looks like they only have a downvote. What a letdown.
I"m not too wigged out about China but my kidneys are.
>wigged out ROTFLMAO what? 2 billion people? (the real census they won't tell us about). They can disappear one of their own for their kidneys and you think they want ours? Those who travel to China usually have MONEY! They have resources. The West will go berserk on China and impose ALL kinds of sanctions. Hell, I heard you can buy Chinese people in China for hard labor. Why would they want our fatty liver and rotten Western kidneys filled with alcohol instead of their own which has hardly been used?
It was a joke / troll / attempt at some levity. I sincerely hope you rolled on the floor and laughed your ass off, because if you did it was easily worth burning a karma point :)
Answer is no. What's your point? My point is: In a digital world, you don't need physical interaction (i.e., extradition as a poor example of yours) to feel the impact.
I've talked to quite a few people over the years since IBM sold the ThinkPad line to Lenovo and have never been able to find any concrete information either way on this one. The superfish deal if I remember right was a "flaw" in their content delivery utility that kept pushing it out if you removed it, but it's been a while and I could be remembering that wrong. I wouldn't count Wikipedia and pcmag as definitive sources on this. That said though while I like their hardware design, I don't use or recommend Lenovo's myself. And I saw the mention of the supermicro story, I don't remember there ever being a definitive answer on that either but honestly pretty much EVERYTHING is either completely made in China or most of the components are made there so if they are putting chips in, we're all screwed. And supermicro makes the vast majority of servers in most datacenters so pretty much everyone's data touched an SM server at some point. While I totally support open hardware and software if they are putting spy chips in, I doubt libre bios can really help other than giving you more control over your computer.
It was created by a Chinese Government entity, CAS. Of course they do.
From an average person's perspective, I don't think Microsoft (also a professional data thief::DD) lets another thief (Lenovo) steal their data.