PC MAKER HP is allegedly installing a telemetry client on customers' machines without asking permission.
According to a report at ComputerWorld the sneaky software, which was first identified on 15 November, is dubbed 'HP Touchpoint Analytics Service', which HP itself says "harvests telemetry information that is used by HP Touchpoint's analytical services."
A user on the Bleeping Computer forums first spotted the software, saying: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test."
This comment, as ComputerWorld notes, points the finger squarely at Windows updates. However, it remains unclear as to whether Microsoft or HP is at fault.
Regardless, given that HP made no effort to ask users for permission before the software was dumped on their PC, it's no surprise that complaints have since flooded the company's own forums, where users have moaned that the software is slowing down their system.
One miffed HP customer wrote: "This CPU gobbling nonsense also cropped up on my desktop machine in the past few days - I noticed the fan was constantly running and looked to see what was causing the load on my system."
Another added: "I noticed my mouse lagging significantly on Chrome, went to Programs & Features in Control Panel on my Windows 7 HP desktop and saw this "HP Touchpoint Analytics Client" was installed on my PC without my permission on 11-17-17."
Thankfully, it appears the offending software can be removed fairly easily, and a detailed report on how to do so can be found here.
In a statement, HP said: "HP Touchpoint Analytics is a service we have offered since 2014 as part of HP Support Assistant. It collects diagnostic information about hardware performance that is used anonymously. No data is shared with HP unless access is expressly granted. Customers can opt-out or uninstall the service at any time.
"HP Touchpoint Analytics was recently updated and there were no changes to privacy settings as part of this update. We take customer privacy very seriously and act in accordance with our Privacy Statement, available here."
This isn't the first time the firm has found itself caught up in a spyware scandal. Back in May, it was revealed that HP had been shipping audio drivers with built-in keyloggers since 'at least' Christmas 2015.
Security firm Modzero at the time revealed that the audio driver package, developed and digitally signed by the audio chip manufacturer Conexant, has been poorly implemented, turning the driver "effectively into keylogging spyware." µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe