
HP installs system-slowing spyware on its PCs - artsandsci
https://www.engadget.com/2017/11/28/hp-quietly-installs-system-slowing-spyware-on-its-pcs/
======
jasonkostempski
> All of the reports I’ve seen so far emphasize the point that HP (or
> Microsoft?) has installed this "telemetry" program without advising
> customers or requesting permission to install.

It is now well established that if you choose to run Windows you're going to
be playing this game of cat and mouse until the end of time. You simply are
not in full control of the OS.

~~~
Koshkin
It's not just the OS.

Any closed-source, non-free software - drivers, productivity tools, games -
all pose the same danger.

And it's not just software - binary firmware blobs (including ones found in
most ARM-based SBC, such as Raspberry Pi) should be seen as potentially
dangerous. Not to mention Intel's Management Engine and such.

~~~
ivraatiems
True - but I'd argue that the dangers aren't equal, and they are also not
constant. Windows 7 wasn't nearly as invasive as Windows 10, for example.

While the argument often seen from the FSF - that all non-free software is
dangerous - is technically true, it's about the same level of true as "all
software is dangerous if you can't read the source code," in which case, all
software is dangerous to everyone who isn't a software engineer.

Even though all non-free software has this issue, we should still be vigilant
about fighting and curtailing it where we can. Proprietary software isn't
going away, and the harm is real, so we need to encourage its lessening.

~~~
macintux
> all software is dangerous to everyone who isn't a software engineer

And even everyone who is, unless that engineer understands every language and
hardware component in play, and is able to spot subtle vulnerabilities at a
glance.

------
Zak
This kind of thing is hardly new. PC makers have been preloading software for
a fee at least since the 90s. It should come as no surprise that such software
doesn't always align with the user's best interests.

It's common with phones too. My new Sony phone came with several Sony apps as
well as _Facebook_ installed as non-removable system apps. None of these are
necessary for proper function, as it can run a third-party build of Android
that doesn't include any of them.

Facebook in particular is an odd one. I can understand preloading it since
it's very popular, but why the hell is it a system app?

~~~
pc86
I just switched to Android after being an iOS user since the iPhone 4.
Honestly the fact that I have this stupid "Bixby" button on the side of the
Note 8, almost perfectly in the middle, that I hit by accident maybe every
third time I pick the phone up, is infuriating. No way to uninstall it, no way
to turn it off, just a ~30% chance of launching some stupid app I don't want
to use every time I pick the phone up.

I'm sure it will get better over time but I don't want to have to change the
way I _pick up my phone_ to avoid Samsung's garbageware.

~~~
kalcode
The weird part about people complaining about the Bixby button is the fact
they bought it.

Like why buy it? Did you not see the button when you looked at the product?
Did you not read any reviews?

So many other phones to select from and users are buying a phone with a button
they don't want.

Companies continue to get away with these poor design decisions and forcing
this system-wide apps because we continue to buy their products.

~~~
pavel_lishin
> _The weird part about people complaining about the Bixby button is the fact
> they bought it._

If it's the best phone otherwise, why not buy it? It's not a deal-breaker;
it's just annoying.

~~~
Zak
> _If it 's the best phone otherwise_

Is it? I'm not up to date on the latest models, but in the past when I've
compared Samsung's flagships to others, there wasn't a really obvious winner.
I always found it a little weird that Samsung got such a large share of the
market.

~~~
ScottBurson
The Galaxy Note series is, to my knowledge, the only smartphone on the market
that comes with a stylus. Some of us really like that (Galaxy Note 4 owner
here).

I really wish Apple would ship a phone with a stylus, but we know it's against
their religion. His Steveness spake thus: thou shalt not use a stylus with a
phone! And it was so in all Appledom.

~~~
pavel_lishin
Is there something special about that particular stylus? Does anything prevent
you from getting a third-party one for a different phone? Or does the phone
also have a nifty slot for it?

~~~
dingo_bat
It's got a full digitiser integrated into the display. The pen can detect 4096
or some such levels of pressure. It can detect hover. The pen and screen work
flawlessly underwater. There is literally no other phone with these
capability.

------
H99189
Lenovo only got fined 3.5M? Cheap, not counting the reputation hit anyway.

If anyone knows how to slow down systems with their software, it's definitely
HP. Haven't used one in awhile, but you could get a boost similar to going
from a mechanical hard drive to an SSD by reloading the OS without all their
bloatware. I wonder, has any security researchers ever thought about going
back to circa-2005 printer software to see what it was up to?

~~~
imglorp
It wasn't just the malware, they also got tagged for root certificates and
then there was a third thing I forget now. It's a pattern of abuse.

Either way, that fine is just a minor expense compared to their $300B revenue.
It won't even show up on a summary report. Punishments are supposed to hurt if
you want behavior to change.

------
cjg
Far more detail here: [https://www.ghacks.net/2017/11/27/hp-installing-hp-
touchpoin...](https://www.ghacks.net/2017/11/27/hp-installing-hp-touchpoint-
analytics-client-telemetry-service/)

------
cmurf
Microsoft makes it much easier these days to download an install image of
Windows 10 that's devoid of non-Microsoft crapware. They're also kept up to
date, so if you download Windows 10 ISO today, you will get version 1709 (fall
creator's update).

And during an update [1] it seems smart enough to get most of the model
specific drivers installed. The things that remain for one off download and
install from the manufacturer web site are firmware updates.

The next time I do a clean install, I won't install HP's Support Assistant.
It's OK UI/Ux, a bit laggy to discover what updates to apply, but more
importantly it regularly fails to inform of and install firmware updates, even
though they appear on that model's support page.

[1] Windows Update times are incredibly shitty. On a system fully updated as
of 2017-09-25, and then not used at all (Fedora is my main OS) until last
weekend, it took 7 hours and 6 reboots to get it updated. That includes one
update with "Getting Windows Ready Don't turn off your computer" for 4+ hours.
I have never had macOS or any Linux distro take more than 10 minutes for a
minor update, or more than an hour (slow embedded spinning rust system) for a
major version update. It's obscene and any wonder why people prefer to opt out
and end up with riskier systems as a result.

------
AdmiralAsshat
A technical analysis of what the service is doing would be nice. Right now the
article is basically just a collection of user complaints from the HP forum.
And to be clear, I don't doubt that it's happening, but some actual analysis
would be nice. Even if it's just a screenshot of the system resources monitor.

~~~
strictnein
Unfortunately the last thing we're going to get from an Engadget article is
anything resembling technical analysis. The author refers to the software as a
"driver" twice.

------
abrowne
This link is a summary of
[https://www.computerworld.com/article/3238512/microsoft-
wind...](https://www.computerworld.com/article/3238512/microsoft-windows/hp-
stealthily-installs-new-spyware-called-hp-touchpoint-analytics-client.html)

------
a_imho
I quite like how the title says _its_ instead of e.g customers.

 _Lenovo has only just settled a massive $3.5 million fine for preinstalling
adware on laptops without users ' consent, and now it seems HP is getting in
on the stealth installation action, too._

How is that a massive fine? Instead of deterring anyone, it looks more like a
bargain.

~~~
chimprich
That's absolutely outrageous. And now that the outrage has died down they're
denying that they did anything wrong either.

------
mnw21cam
This is (again) why I would not consider owning a computer with a
manufacturer-installed OS. Even Linux.

~~~
na85
I used to be this way but eventually I got to the point where I'm willing to
run macos just to have things like working suspend/resume and WiFi/Bluetooth
that won't require periodic fiddling when some jerk decides to embrace
systemd.

~~~
majewsky
How long ago was this? The last time I had problems with suspend or WiFi, even
on brand-new laptops, was maybe 8 years ago.

~~~
na85
2015

------
ssijak
Windows laptops always did this. First thing you need to do when buying
windows laptop is to do a clean install of whatever system you want.

------
tbrock
I can’t believe HP is popular as a desktop and laptop hardware vendor. Their
products are absolute shit and the prices aren’t low enough to make up for it.

They remind me of the ultra cheap office pens that I bought once. I was new
and my boss sent me out to get a box. When I got back he used one and said
“these are too cheap, we use these every day”. He was right.

If you are buying a laptop get a Thinkpad or a Mac. If you are want a desktop
and don’t play games get a Dell.

~~~
SadWebDeveloper
In the valley and some big US cities you have choices but in the rest of the
world, HP is highly valued not because their quality but for their support,
even with the basic one they will send a representative in less than 72 hours
with the spare part. Lenovo, Dell, Samsung, Asus et al would take weeks if not
months for the shipment part to arrive (most of the times without a
representative to install it) or ask to send back the laptop just to get it
back with the same issue a couple of months later.

On point: HP and Apple are the worst companies to buy a laptop, expensive as
hell but they usually have local support staff in your city. Also Thinkpad
suck, they feel super cheap for the price they ask and install even worst
spyware preloaded.

~~~
lowbloodsugar
I've been in a different country, with a broken dell laptop keyboard, and the
dell guy arrived the next day. When I pointed out I needed a US keyboard not a
UK keyboard, he went out to his van and got one. The next day, onsite is
~$300. Its worth it.

------
agumonkey
Well what's the issue ? just suffer 6 months and then spend 600$ on a new
machine with, finally, the latest intel cpu, octocore, capable of making even
hard computing tasks like idleing fast !

</snark>

I think we oughta make a common repo + windows service to remove crapware.

    
    
        [user-complaints] -> [scripts] -> IO happiness

~~~
hiram112
There are already plenty:
[https://www.google.com/search?q=windows+telemetry+github](https://www.google.com/search?q=windows+telemetry+github)

But as someone above already noted, it really is a cat & mouse game with MS.
Things that worked yesterday will not work today, after MS silently installs
new updates.

It wouldn't surprise me to learn that MS has full-time staff dedicated to
_fixing_ any issues the most popular of these tools modify.

~~~
arca_vorago
This is why after over a decade of supporting their crap as a sysadmin, I've
gone completely gnu+Linux. Windows 8/10 were simply the last straw, plus I
realized RMS was right the whole time.

------
lousken
Did nvidia get permission when installing telemetry for their drivers?

------
vectorEQ
windows, aptly named for the thing you should be chucking it out of :D as for
vendors installing vendor software... whats new? really people are mad about
this? what about their smart phones... they must have blood pressure issues
throwing a fit over this nonsense. if you want a good running laptop where you
are in control of the software chose linux, or if you prefer windows, atleast
install and manage it yourself... don't need to have all this vendor nonsense
if you dont want it. just re-install it clean!

------
JustSomeNobody
> One complaint on the HP support site says: "It's been making my computer
> work so hard I can hear it like cranking away and the light in the back of
> my computer is flashing rapidly in-tune with the cranking. In Task Manager I
> can see it starting and stopping numerous applications."

How can an app be so poorly implemented? This had to have been noticed in QA
and yet some exec prioritized gathering user analytics of user experience. How
pathetic!

~~~
takluyver
It may only behave like that in some particular conditions which didn't come
up in QA.

------
shoover
I'm told national labs won't touch Lenovo PCs since superfish (despite the
fact that from what I can tell business models were not affected). Is HP next?

------
Animats
So why did HP do this? Their customers, which are mostly big companies, don't
like it. Were they pressured to do so by a government agency? Did their in-
house "analytics" people get out of control? Why won't HP say anything?

~~~
whoopdedo
HP Enterprise is a different thing. Those big companies are customers HP
actually cares about and they don't push things like this on them. They also
honor warranties for them and respond to support calls.

The HP that sells laptops in department stores is consumer-hostile and sees
the purchasers of their computers as cash cows to be farmed out to third
parties and upsold remote support plans when the computer has a problem. And
problems will inevitably occur since the machines are built with such poor
quality control.

It's sad to see a brand new computer be slower than one that is 10 years old
but can't be used because it has the wrong operating system.

------
dingo_bat
First step when you buy an HP laptop: format and install an official copy of
windows from Microsoft. The hardware is usually good. The software is usually
crap.

------
Hasz
Install a program like Fiddler and watch the call-homes roll in. It's truly
amazing how many request are made while the computer is ostensibly doing
nothing.

------
markbnj
I bought my kids a couple of HP laptops back in the day. First step was always
a reformat. But back then I had an MSDN account and the wherewithal to set the
machines up the way I wanted, which many people do not. For myself I have not
bought an OEM system for many years. I always build my own and if I need
windows I buy an OEM disk. There's not much money in computers anymore so the
manufacturers try to monetize them essentially the way news sites try to
monetize stories.

------
zanedb
Does anyone know the domain this data is being transmitted to?

Seems to be fixable via hosts file blocking.

~~~
barneygumble742
It's more than just the data being sent back. The fact that it's present and
is causing systems to slow down is a huge concern.

I personally don't know of anyone that uses a HP system for personal use. When
I think of HP or Dell, I think of bloatware.

------
shmerl
The first thing to do with such new PC is to wipe out Windows and install
Linux.

