Imagine that you are a major global seller of laptop computers and that you were just caught preloading those machines with ultra-invasive adware that hijacks even fully encrypted Web sessions by using a self-signed root HTTPS certificate from a company called Superfish. How do you explain why you did it?
If you’re Lenovo, you tell customers that you thought they would like having their visits to banking websites interfered with and their machines left open to potential man-in-the-middle attacks!
The company this morning issued an oddly tone-deaf statement addressing the controversy with equal parts innocence and chutzpah. The Superfish software, Lenovo says, was “to help customers potentially discover interesting products while shopping”—apparently by throwing up related ads while visiting encrypted retail sites, which would otherwise be invisible to the adware.