Rendered at 14:17:46 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
devttyeu 3 hours ago [-]
This is so much worse that the title makes it out to be:
1. Your OS installs malware (technically manufacturers software) from a 3rd party vendor in background, zero user interaction
2. Happens as soon as you or anyone with physical access plug in a device into the HDMI port
3. That malware has internet and full system access, no sandboxing
4. It starts with every system boot
5. This software gets installed when you plug in a new LG monitor
6. OR ALREADY HAD AN OLDER LG MONITOR PLUGGED IN, BECAUSE LG APPARENTLY ROLLED THIS OUT FOR MANY OLDER MODELS TOO!!
7. And yes, if you think that's horrendous, as mentioned in the video below, that also applies to 'Professional' LG monitors!
This situation has.. no precedent as far as I can tell..
>This situation has.. no precedent as far as I can tell..
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.
stego-tech 56 minutes ago [-]
This. Microsoft has chosen to allow this functionality, despite it being a very clear breach of trust with customers.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
solarkraft 26 minutes ago [-]
You’re acting like Microsoft aren’t pushing malware themselves.
brookst 2 minutes ago [-]
How in the world does that absolve Dell/etc, OR reduce Microsoft’s culpability for letting their update service be abused?
embedding-shape 3 hours ago [-]
> This situation has.. no precedent as far as I can tell..
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
MichaelZuo 2 hours ago [-]
Maybe some decision makers do indeed have negative aspirations…
ihsw 2 hours ago [-]
If you have been reading the news about Windows 11 then I will enlighten you -- they view the Windows 11 consumer business as a cost center that must be mitigated.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
necovek 49 minutes ago [-]
As long as you have a computer that can run unsigned software, or software signed by yourself, this won't come to Linux as non-optional features: you can always recompile your kernel removing things you do not want like this.
treyd 8 minutes ago [-]
> don't fool yourself if you think this won't come to the Linux world.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
Grombobulous 54 minutes ago [-]
Just look at Microsoft’s revenue breakdown that they publish. Windows revenue is alarmingly small.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
geon 36 minutes ago [-]
Aren’t ms completely dependent on consumer windows for mindshare?
I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.
eastbound 28 minutes ago [-]
MS owns Typescript and NPM and Azure and LinkedIn. I know you meant programming on Windows, but even if Windows disappears, many of us will owe our job to Microsoft.
VorpalWay 10 minutes ago [-]
Dont forget they own github too. The vast majority of open source software is on there these days.
Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.
solarkraft 23 minutes ago [-]
They own Typescript? I wasn’t aware that they control the organization, but that ought to be easy enough to fork. NPM is a bigger one, but also not too huge. Azure is only used by people who already have Microsoft/Windows buy-in.
SinkingRock 9 minutes ago [-]
And VS Code, and Github...
joe_mamba 2 hours ago [-]
>I don't know what Microsoft is thinking even allowing and enabling this sort of thing
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
coldtea 1 hours ago [-]
>and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
threetonesun 53 minutes ago [-]
And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog? I think extra options in an app is fine, but you should have to download it. At which point who knows what you’ve opened yourself to but at least you chose to do it.
VorpalWay 4 minutes ago [-]
> And then what, ever single gaming mouse/keyboard config is going to appear in the Windows UI dialog?
Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.
You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.
And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.
solarkraft 21 minutes ago [-]
Yes! Extra apps suck.
michaelmrose 6 minutes ago [-]
Linux users think of a driver as the thing that makes my silently hardware do the existing things its supposed to do like every other item in its class.
Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.
wat10000 31 minutes ago [-]
Auto-run when inserting a CD worked great, until people realized you could do bad stuff with it. User action must be required to run or install new software.
Findecanor 2 hours ago [-]
A few years ago, plugging in a Razer USB mouse made Windows download and run a installer from which the current user could start PowerShell with administrator privileges. Razer first tried to downplay the issue, but fixed it later. [1]
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward.
A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
not a usb programmer, but are you saying i can buy any old usb chip and program it with any vendors ID and spoof windows into giving me admin? if so, gj micrcosoft.
nottorp 21 minutes ago [-]
You can pretend to be any vid:pid with usb gadget mode. For example with a raspberry pi zero something.
But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.
But yes, usb device identifier is done through software/firmware.
dathinab 18 minutes ago [-]
> This situation has.. no precedent as far as I can tell..
depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"
other wtf. microslop cases include:
- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)
- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"
- "init scripts on USB devices", I think they stopped doing that
- ...
given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)
most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).
combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them
Sharlin 2 hours ago [-]
Perhaps no precedent in hardware, but it's basically the same as the good old Sony CD autoplay rootkit fiasco. Except this one runs in mere userland AFAICS.
sigio 3 hours ago [-]
I can only conclude that Windows is basically malware now... Thank $deity I haven't used any form of Windows for 10+ years anymore.
bunderbunder 1 hours ago [-]
“Now”?
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)
RetroTechie 1 hours ago [-]
> I can only conclude that Windows is basically malware now...
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
flaunf221 59 minutes ago [-]
> why would you use such a sleazy company's product for daily driving
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
fooker 1 hours ago [-]
You're missing out on 37 different unrelated things being named copilot.
Copilot’s T&Cs clearly explain that it is for entertainment purposes only though.
actionfromafar 1 hours ago [-]
Like Fox News
bcraven 2 hours ago [-]
This is one of those typical HN replies that adds absolutely nothing to the discussion.
Geezus_42 1 hours ago [-]
Much like your own, and this one!
phikappa 51 minutes ago [-]
I wonder if this ritual of meta-self-policing serves some particular purpose or if it's just a case of the brain drawing comfort from going through a familiar ritual. "This comment adds nothing" is like the reverse amen in church of our days.
1 hours ago [-]
coldtea 59 minutes ago [-]
It's a discussion, it's not a panel to further scientific inquiry. Sentiments and opinions also further a discussion.
exe34 1 hours ago [-]
It confirms for me that I too made the right choice and it reminds people that haven't made the jump yet that they have a choice in how their operating system treats them. I'd say it added a lot more than your comment.
halJordan 57 minutes ago [-]
Unprecedented? Have you installed a Dell/Alienware monitor recently? I hope you enjoy having the unsigned awcc.exe autostarting with no visible ui doing good knows what with no documentation from Dell
Kelteseth 3 hours ago [-]
It is the same when you plug in a Logitech mouse nowadays, no? At least they don't install McAfee
vladvasiliu 2 hours ago [-]
I have a logitech mouse and I'm pretty sure I was asked whether to install the logitech app, it didn't do it automatically. Same for the dell mouse I have at work, it asked to install dell somethingorother, which I declined, and it left me alone.
d_k_f 2 hours ago [-]
Anecdata from two days ago, after installing a fresh Windows 10: after inserting the dongle, a definitely non-native (styled by Logitech) popup asks me whether I want to install their app. I decline. One reboot later, the app is available in the start menu.
Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m
2 hours ago [-]
herbst 1 hours ago [-]
As if the world needs more reasons to understand that windows is activly making your life worse. Step by step.
coldtea 1 hours ago [-]
And people think macOS sandboxing is "hyperbolic"
IshKebab 2 hours ago [-]
USB devices can also do this now. I have a Razor microphone which is otherwise a great device and requires no software to function. At soon as you plug it in to windows it tries to install some Razor crapware.
It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.
beAbU 32 minutes ago [-]
Logitech pulls (pulled?) the same shit when you connect one of their pheriferals to your PC.
silverlimetea 1 hours ago [-]
Buddy let me welcome you to the Internet where your phones and emails are literally listening to your microphone like it’s Watergate.
It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.
The days of antivirus were replaced by advertising a long time ago. There is no privacy.
Most savvy types are hyper aware of every process running on their machine especially those using network lol
Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules
brynnbee 20 minutes ago [-]
Savvy types use Linux
ikidd 6 minutes ago [-]
I've gotten to the point that if you're trying to show me something and I see you're using Windows, I just assume you're an unserious person and it's worthless.
All the major tools for advanced work are Linux-based, and there's maybe a Windows version, but it's probably a kludge like Docker Desktop.
delta_p_delta_x 3 hours ago [-]
Workaround:
gpedit.msc
Computer Configuration > Administrative Templates > System > Device Installation
Prevent automatic download of applications associated with device metadata
Set to enabled
OK
On home editions sans gpedit.msc:
sysdm.cpl
Hardware tab
Click Device Installation Settings
Under 'Do you want to automatically download manufacturers' apps for your devices?', select 'No'
Save Changes
mrbluecoat 2 hours ago [-]
Very helpful, thank you. But it does remind me of that Yzma quote in The Emperor's New Groove: "Why do we even have that lever?"
delta_p_delta_x 1 hours ago [-]
> Why do we even have that lever
For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.
Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That LG have exploited this to provide McAfee is on them.
nottorp 20 minutes ago [-]
> It is nice to be able to click
You said click. This happens without clicking anything.
Saris 1 hours ago [-]
Oh definitely, it's more a question of why Microsoft allows any 'driver utility' to have internet access or do anything outside of just configuring the hardware.
tremon 56 minutes ago [-]
> why Microsoft allows any 'driver utility' to have internet access
Firmware updates for devices are not a thing in your world?
Saris 51 minutes ago [-]
It seems like windows update should handle distributing the verified new firmware file if it is also distributing the driver utility to avoid any issues like this post talks about.
tremon 30 minutes ago [-]
That would be a good idea actually, but I'm not sure how viable that is within the current Windows Update instrumentation. Allowing local binaries to fetch random URLs through the Windows Update API is no different from them using the HTTP Service unless there's some kind of whitelisting/validation happening there. The alternative would be that Microsoft uses their own Windows Update cdn to host random firmware files that they're not able to verify themselves. Both cases sound like maintenance overhead for Microsoft without benefit to them.
darig 1 hours ago [-]
[dead]
szundi 1 hours ago [-]
[dead]
Someone1234 2 hours ago [-]
Worth noting that gpedit.msc isn't included in Windows Home editions (although there are unsupported ways of adding it). This is also technically asking a lot for working around issues that shouldn't exist.
Microsoft needs to intervene here, this cannot be a normal expectation for using their product.
yonatan8070 12 minutes ago [-]
> Microsoft needs to intervene here
Yeah, they've never pushed ads or installed software without the user's consent.
AlienRobot 2 hours ago [-]
Me on Windows 7: I don't want to use Linux, you have to keep configuring every single thing so it works.
Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.
driverdan 56 minutes ago [-]
Can you even disable all the ads on Windows 11?
delta_p_delta_x 2 hours ago [-]
Edited with another method.
Someone1234 25 minutes ago [-]
That's great, thank you.
What's frustrating about that is that Microsoft has also gone out of their way to make it difficult to access the [legacy] System Properties (sysdm.cpl), while not fully reimplementing all the features into the Settings app. Including this one.
They've only been working on this 10+ years...
delta_p_delta_x 16 minutes ago [-]
*.cpl, *.msc, etc are Windows sysadmins' (and developers') bread and butter; Microsoft will never get rid of them. I am betting (maybe hoping...?) that Windows 12 will undo the changes in Windows 8, 10, and 11 as bad experiments and return to what Windows has done best, which is discoverable GUI configuration. Let's see.
Someone1234 12 minutes ago [-]
You're much more "glass half full" than me, but one can dream.
fuzzfactor 28 minutes ago [-]
Also found in the GUI:
System > About > Advanced System Settings link > Hardware tab > Device installation settings
Do you want to automatically download manufacturers' apps for your devices?
set to No
The default setting has been "Yes" for a very long time but most monitors over the years have simply used the default plug-and-play Windows monitor driver instead of installing their own. Triggering no additional downloads for the life of most computers. It just so happens that monitor manufacturers better adhered to the Microsoft guidelines for hardware compatibility earlier and more adequately than most devices. This might very well have been a reliability tactic since graphics drivers were still quite a moving-target shitshow, which in some ways is still ongoing.
So people have mostly never gotten accustomed to monitor drivers having any consideration at all, while drivers for graphics themselves and other new hardware has often had some associated downloads that people have become familiar dealing with.
Looks like LG finally took this long-standing opportunity to do some deeper enshittification than previously imagined. Simply taking advantage of a domino effect that has been lurking for decades.
A couple other related gpedit options if you don't even want the drivers themselves to change after you have gotten them correctly installed:
gpedit.msc
Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
Turn off Windows Update device driver searching
Set to enabled
OK
gpedit.msc
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update >
Do not include drivers with Windows Update
Set to enabled
OK
rkourdis 12 minutes ago [-]
I had a mouse that would keep on installing its driver when plugged in, even with this setting off.
I remember Windows keeping a cache of autodownloaded drivers ("Driver Store") and reinstalling them when the device is plugged in, so the mouse bloatware kept on coming back.
Is this still the case?
Grombobulous 51 minutes ago [-]
This is getting technical enough that you might as well install Linux if you figure out how to do this.
In other words, we all know that regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.
fuzzfactor 19 minutes ago [-]
>regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.
Keep in mind the well-known quote from so many pages of Microsoft documentation over the decades, where the main useful function of a feature is the only one completely crippled in what's obviously got to be a complete engineering snafu:
"This is by design."
throw0101a 1 hours ago [-]
> On home editions sans gpedit.msc:
I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?
Are there editions or scripts or a setup workflow that would make it suck less?
delta_p_delta_x 1 hours ago [-]
Use autounattend.xml[1] to pre-configure an image before installation. This is what corporate sysadmins have done in the past three decades to administer Windows NT fleets. Use PowerShell and various admin modules to configure an online installation.
Then, to get a better version of Windows, use MAS[2].
To be frank, no. In order to make windows not suck, you must invest a lot of time into knowing what to disable on the various SKUs, and in my opinion, it stopped being worth it around the time of windows vista (2006-7ish). I worked for Microsoft back then and ever since I left in 2007 i have thankfully been able to have a no-windows policy. I did briefly try going back last year for Unity dev but it was a mistake that made me want to quit computers entirely.
tialaramex 3 hours ago [-]
Assuming they don't get a revenue cut, pushing back on Microsoft can in principle be effective here.
Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?
If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.
Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.
vladvasiliu 2 hours ago [-]
The issue is that most corps disable Windows Update and only allow whatever goes through the on-prem Windows Update thingy. This can, of course, fire back if they don't think to include all the updates. We had one such issue where they didn't provide an up-to-date Intel driver for the Wi-Fi cards, and the version we had was a bit broken...
But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.
stefan_ 22 minutes ago [-]
Ah, the usual take. Want to sign everything before it can run, but take responsibility for nothing. And when in doubt, well, the computer did it.
When do we start calling out this crap?
raverbashing 3 hours ago [-]
Honestly yeah
MS should get all the flack (which is mostly deserved) of this
Manufacturer does whatever crap they want with "it works" and then MS gets the complaints
A driver should only be that. A driver
embedding-shape 2 hours ago [-]
> MS should get all the flack (which is mostly deserved) of this
I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.
rbanffy 2 hours ago [-]
> A driver should only be that. A driver
I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.
al_borland 2 hours ago [-]
This was always one of my biggest pet peeves on Windows. A bunch of junk running in the system tray just for basic hardware functionality.
mr_toad 1 hours ago [-]
> A driver should only be that. A driver
What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box it’s still going to function.
gkbrk 2 hours ago [-]
A monitor cannot install software on your computer by the way. It's Windows installing this software automatically (for some reason), so the blame should be on Microsoft.
Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.
krige 10 minutes ago [-]
The monitor should absolutely take the major part of the blame by being the source of the malware and poisoning the system for everyone else.
felooboolooomba 11 minutes ago [-]
> A monitor cannot install software on your computer by the way.
I think everyone in the HN crowd knows that.
> the blame should be on Microsoft
No, they blame should ALSO be on Microsoft, they are the enablers.
daveidol 41 minutes ago [-]
The blame should be on Microsoft and LG, both.
tantalor 2 hours ago [-]
Blame should be on the user for buying Windows
mystifyingpoi 57 minutes ago [-]
Please do not blame the user.
mosselman 1 hours ago [-]
You are describing 'the blame should be on Windows'.
The consequence of Windows having the blame is that one should not buy it.
grayhatter 1 hours ago [-]
that's funny; because my root cause analysis didn't show the user as the person making the decision to show themselves ads? did yours, or was the victim blaming intentional?
zajio1am 7 seconds ago [-]
Not making the specific decision (showing ads) but making the general decision (giving power to Microsoft). Blaming customers for buying MS products is not really much different than blaming Trump voters for voting for him. In both cases risks were obvious beforehand.
k33n 38 minutes ago [-]
The word “victim” is honestly pretty funny in this context. Nothing really happened to anyone.
gkbrk 30 minutes ago [-]
I wouldn't classify getting random malware as "nothing happening".
I'm wondering if we in Europe gets vastly different experience compared to Americans or elsewhere in the world. People complain about LG having ads everywhere in the monitors, displays and what not, but none of our LG products (bought and used in Spain) have any ads anywhere. I'm sitting here with a LG monitor and our main TV is a LG OLED TV, neither of them have ads anywhere, although I haven't booted Windows in a couple of days and I guess I won't, until this malware issue been fixed.
But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.
throwa356262 3 hours ago [-]
In general, yes.
But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.
Right, I'm wondering about the amount of ads though.
throwa356262 2 hours ago [-]
No, I think the ads are limited to own services and third party apps right now. Same goes for Samsung in EU.
bloqs 3 hours ago [-]
Same here in the UK
15155 3 hours ago [-]
> Americans are receiving more ads than in other parts of the world
Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.
embedding-shape 3 hours ago [-]
So because the US is the largest consumer market in the world, the TVs LG sell in the US has more ads in the UIs than TVs sold in Europe? Why would it be like that? If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China, as the EU consumer market is larger than the China one?
15155 2 hours ago [-]
> Why would it be like that?
Ads aren't free - this isn't a "theory," it's basic economics. Cost can be political (you cause the entire EU government to outlaw the practice) or monetary.
> If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China
Probably? The markets have little overlap, but again, this is a function of cost. Where people have more money to spend, I have more money to spend on ads, or more money to spend on campaigning to be allowed to show ads.
embedding-shape 2 hours ago [-]
> Probably?
Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe. Seemingly (https://news.ycombinator.com/item?id=48957229) with Samsung it's the same. Even though EU is a larger consumer market than China, so obviously your theory doesn't hold, it's something else than "Bigger consumer markets === more ads in UIs in TVs".
15155 2 hours ago [-]
> obviously your theory doesn't hold
Cost is my "theory." A larger market can sustain larger ad spend, and in some areas it's cheaper to make larger ad buys. Both are true.
Also, "larger market" obviously implies a category-specific qualifier. People in the United States might have more of an appetite for televisions than people without running water - news at 11.
> Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe.
"Spoiler:" is an unnecessarily cunty way to lead a declaration of fact with zero objective accompanying evidence. Any citation you care to provide?
"More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
embedding-shape 2 hours ago [-]
> Any citation you care to provide?
Not really, the question I posed initially was a casual one, based on reading around basically. I'm guessing you then have a citation handy for the US LG TVs having more ads because the US is a bigger consumer market?
> "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
If you open up the TV home dashboard, do you see ads? On my LG TV I don't, looking at screenshots from LG TVs in the US, there seems to be.
15155 2 hours ago [-]
> the question I posed initially was a casual one, based on reading around basically
So your "Spoiler:" was based on something you pulled out of your ass casually?
> I'm guessing you then have a citation handy
I qualified with "probably" and "might," I didn't lead with "Spoiler, asshole, I'm right:"
> If you open up the TV home dashboard, do you see ads?
The plural of anecdote isn't data.
embedding-shape 2 hours ago [-]
> The plural of anecdote isn't data.
Hey, I learned something new! Thanks :) Hope you enjoy the rest of your Saturday as much I'm enjoying mine, time to hit the beach.
jdw64 2 hours ago [-]
Europe has strong GDPR regulations. As for China, I've heard that hardware margins are low, so the hardware itself is just bait, and they embed ads in the software inside. But this is just something I heard from another Korean programmer, so it's not really a serious claim
InsideOutSanta 22 minutes ago [-]
The cost of ads already accounts for the audience. Ads in the US are more expensive, so the number of ads people see should be roughly the same despite higher ad spend.
dvdkon 1 hours ago [-]
More spend doesn't equal more ads. Given a fixed number of ad spots, demand dictates the price advertisers would pay for ad placement. But ad platforms have no incentive to reduce the number of ads they show just because placement price is low; keeping ad spots around costs them nothing.
reaperducer 2 hours ago [-]
You must be getting downvoted by people who have never run an ad-supported web site.
When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.
However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.
15155 1 hours ago [-]
It's afternoon in Europe, and folks generally don't like to be reminded of the fact that their market is decreasing in global relevance.
In this case, ads are even a product people actively want to avoid, but it's still unsettling to be undesirable. Imagine banning smoking and then getting upset that Philip Morris doesn't want to sell to you anymore.
buzer 3 minutes ago [-]
If someone is in EU and is affected by this they could potentially utilize GDPR to make both Microsoft and LG take responsibility for this.
It's hard to say directly from the article if there is any GDPR breach. If everything was part of the installer and it doesn't actually submit anything (including downloading the ad) to LG then it's harder to argue that there is GDPR violation, but knowing the SOP of these kinds of software that is unlikely.
If the software did indeed send personal data to LG then there are at least following question: How was Article 13 notice delivered to user? Article says that this was installed quietly. Did Microsoft deliver Article 13 compliant notice to user at some point? They probably did deliver their own notice (though it's open question if it's compliant), but not LG's. However since Microsoft is the one that installed the software and they exercise control over the standards which must be met, it's possible that they would end up being joint controller at least for some processing.
I should add that Article 13 requires that the notice is given "at the time when personal data are obtained". The only exception is when "data subject already has the information" and possible Article 23 restrictions, but those are unlikely to apply.
If someone wants to make a complaint they should first make Article 15 request to LG. Copy of personal data is useful, but 15(1) information is the primary goal. Additionally ask for information on how and when did LG provide you the Article 13 notice if they did indeed process your personal data.
After that if they cannot show that they provided Article 13 notice when they received your personal data submit a complaint to your local DPA. You can additionally flag other violations as well if they are applicable (e.g. not naming recipients as part of Article 15 response, not giving actual retention time or meaningful information how that is determined, invalid legal basis etc.). You should also flag in the complaint that Microsoft is likely joint controller for some of the processing given that they are the ones who approved the automatic install of the software which violated GDPR.
Ciantic 16 minutes ago [-]
I also discovered that these days motherboards come with a payload in their chipset, which gets installed automatically in background unless you figure out to turn it off from BIOS before installing Windows. In my case it was bunch of ASUS useless stuff, not just drivers, some "Armoury Crate" etc. Which just keeps running in background. I've switched to KDE, that kind of solved itself.
kingleopold 3 hours ago [-]
They used to call this spyware/malware. Now it's a regular practice by eng. teams and managers inside these big corp. Well played guys :) Congrats with new type of tricks
flowerbreeze 3 hours ago [-]
From FTC website: Malware is harmful software that’s installed on your device without your knowledge.
So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.
sys_64738 2 hours ago [-]
If it's not malware then what is it called today?
supertrope 1 hours ago [-]
"Telemetry." "Personalized experiences."
Basically doublespeak.
someothherguyy 1 hours ago [-]
I mean, nothing new there. (Mal/Ad/Spy)ware just has been more prevalent in the browser and on mobile apps the last ~15yrs instead of being installed via modified windows installers.
delusional 2 hours ago [-]
I would be very surprised if some random manager of some low level engineering team made this decision. It seems more likely this was a marketing or partner relations department idea that was presented to high level leadership.
I don't understand why we expect some manager somewhere to stop stuff like this.
sinoue 10 minutes ago [-]
Trust is a valuable commodity that once lost is very hard to regain. LG's big brother installs has me questions buying anything LG to bring in my home.
motbus3 3 hours ago [-]
I am tired of this. LG is now on my blacklist alongside EA and Blizzard Entertainment for their anti consumer practices.
I can't change them, I can't change policies about it. I can choose to not buy.
delusional 2 hours ago [-]
> Blizzard Entertainment
You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.
BatteryMountain 2 hours ago [-]
I've successfully avoided these companies the last 5 years. Gaming as a whole is dead for me, I just play a couple of old games now & then. The culture is toast too, not just bad games or expensive hardware. So not really losing much sleep over any of this. I have linux on all my machines, so I really only play the one's that perform well on linux. Haven't played online multiplayer games since ~2013. Many of us are like me.
edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.
nottorp 17 minutes ago [-]
> Gaming as a whole is dead for me
There are millions of indies out there. Some are worth the time. It's a bit of a problem to figure out which though.
> Haven't played online multiplayer games since ~2013
I don't think there are any non predatory online multiplayer games since 2013 :)
And there are many online multiplayer games that would have been really good as single player.
lloydatkinson 1 hours ago [-]
I'm still angry at how they ruined Overwatch
Hikikomori 49 minutes ago [-]
Not that hard, last game I played was WoW Classic, last I bought was diablo 3, only game that is remotely interesting is diablo 2 resurrected. Microsoft deleted my mojang account as well. Seems like new xbox mgmt will accelerate their slow enshittification.
thejokeisonme 3 hours ago [-]
Your OS silently installs malware. Doesn't get much worse than this.
inigyou 3 hours ago [-]
Your OS is malware, if it's Windows.
3 hours ago [-]
discordance 3 hours ago [-]
McAfee should be classified as a virus
chrismorgan 2 hours ago [-]
When preinstalled (as multiple major OEMs do), or when bundled in unrelated installers in these sorts of ways, it matches the definitions of scam excellently, and protection racket not badly.
When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.
fragmede 2 hours ago [-]
How exactly does it match the definition of a scam? Windows does get viruses, and it does protect against them. It's not something you actually need, like most consumer VPNs, but they have high pressure
sales tactics to trick people into buying it, but they do deliver what is promised, which makes it not a scam. They are creating artificial demand with their scare mongering, and I tell everyone I know not to get it, and to enable Windows Defender, but that's still not a scam.
supertrope 1 hours ago [-]
It depends on your definition of scam. Is McAfee a total fraud, not delivering on its core functionality of anti-virus scanning? No. But it's selling something most people don't need and uses information asymmetry, fear, and dark patterns to make money. Microsoft Defender has solved the anti-virus problem. (It doesn't solve the computer security problem but that's out of scope of AV). To play devil's advocate, without bundled bloatware PCs might cost $10 more.
chrismorgan 46 minutes ago [-]
They push this message hard: unless you pay us, the bad guys will eat your lunch.
The truth is that if you uninstall their software (and hopefully also if you just let the trial lapse, though I don’t actually know whether Defender Antivirus gets enabled automatically in that case) Microsoft will defend you against the lunch-eating bad guys just as well as McAfee, for free.
That easily qualifies it as fraud.
For that reason, I’m willing to call it a scam when preinstalled or otherwise installed without user intent. I wouldn’t call it a scam if people installed it deliberately (though I would still disparage it and its tactics).
supertrope 1 hours ago [-]
If a software package can't be uninstalled through the normal process and needs a separate uninstaller program, it is similar to malware. Many anti-virus suites and anti-cheat software require this. Take from that what you will.
BatteryMountain 2 hours ago [-]
10 Years ago. Complete garbage spyware.
lapelusa 2 hours ago [-]
LG is not a computer OS developer. Microsoft is. Microsoft has steered from developing software to developing malware for years now. This is simple: LG and McAfee paid MS to DP this, and they did.
It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.
dhash 3 hours ago [-]
it's worth noting that the price of these monitors got cut in half due to this news -- great for the linux users out there
I don't feel like spending my money on some horrible corpo pulling out stuff like this, even if I've been using linux since 2006. Who can tell if they will do this to other OS in the future?
ptx 2 hours ago [-]
My understanding is that the monitor doesn't do anything by itself - it's just Windows detecting the device and automatically downloading and installing LG:s proprietary add-on software. The monitor itself isn't attacking the machine by exploiting vulnerabilities or spoofing user input or anything like that.
So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.
embedding-shape 2 hours ago [-]
> My understanding is that the monitor doesn't do anything by itself
The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.
I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.
ptx 49 minutes ago [-]
Sure, but I was addressing the question that was asked (although perhaps it was asked rhetorically): LG cannot do this to you if you don't install their proprietary software, so Linux users are safe (assuming they use a trustworthy distro).
You could choose to buy from another vendor, but other vendors have the same incentives to abuse your trust in the same way once they manage to persuade you into running their proprietary software on your machine.
leni536 3 hours ago [-]
This is probably Windows pulling LG software through Windows Update bases in EDID. Linux won't ever do this BS.
delta_p_delta_x 2 hours ago [-]
> Linux won't ever do this BS.
Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.
I wouldn't be so categorical. This isn't really a kernel concern, and I could completely believe that there are some distros out there that pull in random packages based on hardware detection.
The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.
sigio 3 hours ago [-]
Why do people even install 'drivers' for things like monitors. (Or usb devices running 'standard' protocols). The OS handles these just fine by itself.
wccrawford 3 hours ago [-]
In this case, they aren't.
I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.
Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.
Joel_Mckay 3 hours ago [-]
Indeed, our Windows 11 offline Steam box also needed to disable LG & Switch App in taskmanager, and set LG apps to manual start in Services.
Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.
So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3
subscribed 1 hours ago [-]
The article is about people NOT installing it but getting it installed anyway :)
As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.
With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.
functionmouse 2 hours ago [-]
the OS handles these now by installing the malware. Zero click.
embedding-shape 3 hours ago [-]
Sounds like this malware gets installed even if you don't manually install anything.
> Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions
I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.
onaclov2000 3 hours ago [-]
But this assumes you plug in USBC .... Right? HDMI and display port can't....install over right?
embedding-shape 3 hours ago [-]
I don't see any details in any of the texts I came across, but in theory the implementation could be that Windows sees the ID of the monitor once connected through any sort of connection, then when matching ID is found it installs the malware. Rather than the installer is sent from the monitor to the computer. Would make updates a lot easier, and if they really want to spread this malware, can activate it for a lot more monitors.
onaclov2000 2 hours ago [-]
That makes some sense to me, I think for some reason my brain assumed they were like actively controlling the PC to download things other than updates, (and low key assumed part of this update was supposed to be for software on the monitor not the desktop)
jdw64 3 hours ago [-]
Most commercial solutions are Windows-based and use the Windows API. HDMI and DP also have two-way communication channels. This is something you learn when you do hardware coding.(Of course you already know this, but this is for the other people reading this comment.)
Typically, the Windows update server downloads packages mapped to hardware IDs in the background. Since LG's business in Korea has been failing and their AI efforts are stagnating, they exploited their McAfee partnership marketing as a pipeline. Windows' Plug and Play does make development convenient. The DX experience is good.
Linux is quite fragmented. That's good from a 'my computer' perspective, but not from a 'product' perspective. And then there's the jitter issue. Windows has stable paid solutions, while Linux has version discrepancies.
In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.
In programming terms, we all know singleton is bad, but for Plug and Play, it's overwhelmingly convenient.
zahlman 2 hours ago [-]
> simply because hardware vendors haven't standardized enough to build automatic deployment pipelines
Wouldn't it require cooperation from the distros anyway? You say "HDMI and DP also have two-way communication channels", but that doesn't force the OS to communicate over those channels. And it also doesn't force the "mapping of packages to hardware IDs" to be what the hardware manufacturer wants it to be.
jdw64 2 hours ago [-]
Your point is idealistically correct, but realistically it's not. Because when people install Windows, they don't want to go through the process of installing drivers for other hardware devices. And usually the driver versions depend on the OS version too.
Right away, with numerous distributions like Ubuntu and Arch, it's hard to account for all the possible cases from a production standpoint. But Windows has very few versions. As long as you pass Microsoft's standard specification, it just runs on Windows. That difference is huge. What you're saying is ideal, but when selling a product, time is money.
In other words, to summarize our conversation:
'As you said, separating them is the right thing to do. But UX Uesrs basically wanted that kind of deployment authority, and in the process, the problem of abusing it arose.'
It's a beginner level problem, but at the same time, it's also a difficult one.
chmod775 3 hours ago [-]
Windows automatically tries to download and install drivers for some hardware you plug in, including monitors. That's what is happening here.
Someone1234 2 hours ago [-]
The monitor itself isn't installing anything, Windows detects the device by unique ID, and uses Windows Update to get the driver which itself triggers a Windows Store application (malware) to install.
The monitor only sends a unique device ID, everything else is handled by Windows.
Joel_Mckay 2 hours ago [-]
We have an offline account Windows 11 Steam box, and the stupid popup still hit our machine a few days back. It did ask for screen access (said no), but there is no obvious button to opt out of the adware popups (select don't show, and click X to close).
Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.
A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3
3 hours ago [-]
throwa356262 3 hours ago [-]
Last time a company abused platform driver delivery to install adware, Microsoft threatened to pull their drivers altogether.
But those were different times...
Havoc 56 minutes ago [-]
Why are hardware manufacturers so shit at software?
Whether it’s router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that they’re specializing on hardware but why so very bad?
Edit. This isn’t even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page
Kelteseth 3 hours ago [-]
Can confirm. This happened to me yesterday on my Windows 11 machine. Uninstallation was only listed in the Microsoft Store -> Library.
adamtaylor_13 2 hours ago [-]
This is an excellent use of agentic AI, btw. Fire Claude up and say, "Remove LG malware and mcafee from this computer. Make regex changes so it can't be installed again."
My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.
someothherguyy 1 hours ago [-]
> excellent use of agentic AI
you run claude code unsanboxed on your machine and give it privileged access?
adamtaylor_13 1 hours ago [-]
On my windows machine I do. Not on my important machines.
bcraven 2 hours ago [-]
"Prevent this software having unfettered access to your machine by giving some other software unfettered access to your machine"
adamtaylor_13 59 minutes ago [-]
That's a hot-take, but yeah. Something like that.
Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."
If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.
Gud 1 hours ago [-]
Not surprised.
My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.
Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...
regexorcist 50 minutes ago [-]
I have a pihole in front of my LG TV blocking nearly every DNS query it tries. I only allow a couple streaming apps I do use and see zero ads.
whalesalad 1 hours ago [-]
LG TV’s are really really good. If you never connect them to the internet. And that rule should be applied to all TV’s. Use an external device like an Apple TV or a self-crafted solution (Roku, Amzn stick, etc all garbage phoning home and listening with Alexa crap)
Treat your TV like a computer monitor (ironic here in this context lol)
BoingBoomTschak 22 minutes ago [-]
Image quality may be good (minus the horrible banding and ABL) but I'd put LG and Samsung in the same bag concerning hardware reliability: don't expect it to last much more than the warranty period and if it does, give some offerings to your lucky star.
regexorcist 59 minutes ago [-]
Seriously, why use Windows in 2026? Such a hideous OS and ecosystem with endless malware, backdoors, and dark patterns.
999900000999 6 minutes ago [-]
Linux is great if you win the hardware support lottery.
I've had several laptops where audio just doesn't work even on rolling releases. Or the screen freezing up constantly.
This was all with relatively new hardware within the last year or so.
My issue with the Linux community is if you bring this up it's all of a sudden the fault of everyone but Linux.
The end user should of picked better hardware.
The hardware OEMs should of shipped Linux support.
The end user is lazy for not installing an RC kernel.
Macs are great, but my current workhorse computer has a 2TB SSD, and only cost 550$ with the SSD upgrade.
Vs 2000$ for the cheapest MacBook with a 2TB SSD
whobre 52 minutes ago [-]
The worst OS except for all the others.
gambiting 55 minutes ago [-]
IMHO it's the best OS as a games developer, Visual Studio just doesn't have anything remotely close. And all console toolchains are windows only. But genuinely as a C++ dev I much much much prefer it over MacOS or even Linux for work.
Grombobulous 43 minutes ago [-]
Of course this is a “I need the OS for work” situation. It reminds me a lot of 20 years ago when we’d say things like “I’d love a Mac but it’s not compatible with anything I do for work,” and that sentiment didn’t last.
I definitely wouldn’t predict that Linux is taking over the world or anything but it wasn’t that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.
Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.
The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoft’s financial results.
If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.
infinite_spin 1 hours ago [-]
the paranoid part of me thinks this is a war of attrition, where if every company imaginable has to be taken to task for intrusive behavior that we'll eventually grow numb to it, or that with a large enough onslaught we'll never be able to outpace it. It's not like there is profit to be made from preventing this behavior, and incredible incentives to, at minimum, turn a blind eye.
dcj4 1 hours ago [-]
windows update is a well known malware vector, how does this warrant any news?
if you absolutely have to use windows, you either go through the effort of stripping the particular version you chose from all the spyware and malware it comes packaged with and gut the malware loader paths out of it, or you accept that you're running a botnet node you have little to no control over.
inigyou 3 hours ago [-]
They also come with terms of service which assert that you will inform everyone in the vicinity of your TV that their voices are being recorded by your TV.
pluralmonad 1 hours ago [-]
A malware OS installing other malware seems fitting.
2 hours ago [-]
boomskats 3 hours ago [-]
Not great, but also not at all surprising.
Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.
rbanffy 2 hours ago [-]
At this point, such shenanigans are to be expected when using Windows.
I guess my next machine will have a VGA port ;-)
And no Windows.
classified 2 hours ago [-]
As long as you don't need some Windows-only software, Linux is a viable alternative now. KDE Plasma is a great desktop environment and even most games run flawlessly on Steam. And if you do need Windows occasionally, you can put it into a VM.
subscribed 1 hours ago [-]
Eh, kinda. I have new-ish MSI laptop with nvidia and it's still not good enough. I tried on the spare nvme and it just doesn't work well enough with these few games I want.
Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).
tantalor 2 hours ago [-]
Windows is malware
lloydatkinson 1 hours ago [-]
That's the second time, probably more, you've been saying this in the thread. Blaming users for "buying" Windows is ridiculous too.
atoav 2 hours ago [-]
Good to know. LG is now on my blacklist.
throawayonthe 3 hours ago [-]
? isn't this normal windows behaviour?
GuestFAUniverse 56 minutes ago [-]
Oh, come on! LG force fed people with ads on TVs.
And now everybody acts surprised?
Do. Not. Buy. LG.
There are a lot of decent alternatives. Stop buying from the sick heads.
HighGoldstein 52 minutes ago [-]
> Do. Not. Buy. LG.
> There are a lot of decent alternatives.
Can you name them? Dell and Samsung are the main competitors for displays as far as I'm aware, Dell tends to be hit-or-miss when it comes to monitor features and quality, Samsung's high end displays come preloaded with a whole OS. The monitor market is really in the toilet.
astonex 3 hours ago [-]
Shame on Microsoft for allowing this
motbus3 3 hours ago [-]
I think this is how they are going to make us pay rent for what we bought. They will make everything unusable unless you pay more and make some cuckoo TOS saying that you agree to be held in contempt if you circumvent their measurements.
Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.
grayhatter 1 hours ago [-]
So I own 5 LG monitors. But now I can't buy LG. I also refuse to support Samsung.
Are there any high quality panel manufacturers left that aren't run huge pieces of shit? Or at least try to respect the people buying their hardware?
BoingBoomTschak 15 minutes ago [-]
Panel? Not really since Panasonic exited the market.
For complete monitors, the sole make I trust is Eizo but they only make professional (business or photography) products these days, and I'm _not_ going back to 60 Hz. Dell doesn't deserve trust but their UltraSharp line usually is "okay" even if my U2724D has uniformity issues near the bottom. Iiyama also remains a good one in my books.
But if you want OLED, abandon all hope. The technology is so compromised and the market so monopolized by the collective Market for Lemons style race to the bottom targeting gaymers that I intentionally went for IPS black (yes, LG.display, I know...) instead.
grayhatter 8 minutes ago [-]
I think Eizo is what I'm looking for. I've never heard of the brand before, so I really appreciate the recommendation! I don't mind paying for a bit more for professional gear. In part, because quality is important, but much more important to me is respect.
Hikikomori 3 hours ago [-]
Last 2 were LG, been looking at a new one but I guess I'll go with another brand that has their panels.
justsomehnguy 3 hours ago [-]
And Razer, Logitech, nvidia and everyone else who has it's driver package accepted into WU.
No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.
sys_64738 2 hours ago [-]
I avoid installing Logitech spyware on my Mac but there are FLOSS apps to do the equivalent. There's even a pairing FLOSS app for Linux to avoid installing Logitech spyware. FLOSS is amazing. LinearMouse is the Mac app.
maccard 3 hours ago [-]
With the quality of that software, it wouldn’t surprise me if the driver didn’t work without the userspace app at all. The GeForce experience at least you can disable, but if you have any branded components getting all of their management software off your PC is incredibly difficult
justsomehnguy 3 hours ago [-]
Logitech M720 Triathlon is currently listed €64,99 at their site.
The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.
No app running? No replace.
App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)
Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.
On a third day I just turned it off and went for the other vendor altogether.
To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.
Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.
maccard 2 hours ago [-]
The logitech software is absolutely awful. All of the functionality is on device, but you can manage it with https://logiwebconnect.com/ instead. I’ve used Logitech mice as my daily driver for years with this.
This is a wonderful app for pairing. No Logitech spyware needed!
mbrndtgn 3 hours ago [-]
Razer mice are the worst because they are just HIDs and could work without any special driver at all! Also I don't need their whole suite on every Windows computer I plug my mouse in. I think most people would just configure their Razer mouse on one PC, save the settings in the firmware of the mouse itself (I guess, I've actually never used their driver suite) and then never touch their software again.
It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.
I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.
zahlman 2 hours ago [-]
…Do these devices just not work on Linux or something?
AlienRobot 2 hours ago [-]
I have an LG monitor and I think I managed to avoid this by using Linux.
greatgib 2 hours ago [-]
If you had time to spend, I'm wondering if you couldn't sue LG or Microsoft in some countries for something equivalent of "hacking". Like intrusion in a computer network. As it is unsolicited installation of something that is unexpected.
As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.
luciana1u 3 hours ago [-]
we finally cracked self-installing software, it just turns out the payload is McAfee and the installer is an HDMI cable
supriyo-biswas 3 hours ago [-]
We had autorun.inf in the past installing automatically from any random USB drive[1]. The fun days where you always feared contracting malware if you so happened to plug a random USB drive in :)
In Korea, pretty much all devices come with Windows. It's hard to live outside of Windows. Most programming is done in CPP,C#, and even when people use C, the majority are working on top of an IDE. The OS kernel layer only really appears in things like Samsung phones—the vast majority of work is on the application layer, and most consumers are on Windows on their desktops. It seems unavoidable
inigyou 3 hours ago [-]
This is also true outside of Korea.
anonym29 3 hours ago [-]
If you're using Windows on a personal device in the first place, you're pretty loudly declaring that your consent doesn't matter anyway.
That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.
If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.
BoingBoomTschak 3 hours ago [-]
[Laughs in Linux/BSD]
throwa356262 3 hours ago [-]
HN doesn't like your tone and you are being down voted. But in general you are correct, Linux and bsd users are less affected by such shenanigans.
Short personal story:
I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.
But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.
microtonal 2 hours ago [-]
But in general you are correct, Linux and bsd users are less affected by such shenanigans.
Mac users too (at least for now).
tialaramex 3 hours ago [-]
I don't know about the BSDs but in Linux the reason is that a volunteer (in principle it could be a paid employee, I guess maybe it is for RHEL etc?) decides what gets installed
It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.
It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.
† Obviously YMMV but such "plug and play" features are commonplace because they're useful
microtonal 2 hours ago [-]
I have absolutely no clue what you are talking about. There is no mechanism in standard Linux distributions to automatically download software from a vendor when you plug a device (apart from firmware updates through fwupd, but those are curated).
So perhaps you could elaborate?
tialaramex 2 hours ago [-]
> no mechanism in standard Linux distributions
Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.
But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.
> from a vendor
Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.
[Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]
> but those are curated
I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.
I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.
GamersNexus has a video diving deeper into what LG did here - https://www.youtube.com/watch?v=Q9uefFYe6bM
Printer, mouse, tablet and display tablet makers use this to insert their crapware since at least Windows Vista or Windows 7, I think. The last one I remember is plugging a Razer mouse just to watch it instantly pulling 1.5GB of bloated junk with "telemetry" exfiltrating the data from my gaming PC in realtime. At least it doesn't leave my mouse in a non-working state when I disconnect the internet, like it used to. Thanks, Razer!
Microsoft is to blame here, really. They have a mechanism to block any vendor (supposedly to avoid reputational risks to their brand due to buggy drivers, at least that was their excuse back in the day), but aren't even using it to block these contraptions. Entire businesses are built on this, e.g. Razer is probably more of a marketing/data company now rather than a hardware shop.
LG/Dell/et al should be shamed and blamed for even trying this shit in the first place, but it’s Microsoft who holds the blame for allowing such malware and spyware trash through their own update service.
Microsoft has been allowing this sort of ludicrous behavior for decades at this point, it's not a new issue. What's new is how visible LG made their malware, compared to previous auto-installs that happen like this, where they try to make the thing not so in your face, as they know there will be a huge backlash.
I don't know what Microsoft is thinking even allowing and enabling this sort of thing, they've lost all touch when it comes to building things for users.
As such, all manner of monetization has been approved and it will continued to be approved without regard for user experience.
This article obviates that this is not an LG problem, it is a Microsoft problem.
Also, don't fool yourself if you think this won't come to the Linux world.
I'm curious what you mean by this. I'm not necessarily rejecting the point, but I also don't see how this could happen without substantial shifts in the industry first.
I don’t think it’s a loss leader but Microsoft gets almost nothing from OEM Windows licenses and basically nobody buys it retail.
This is not coming to the Linux world. The moment this sort of thing happens, distros get forked.
I doubt anyone would bother getting into programming with ms tech unless they just happened to run it on their desktop.
Yes there are other options: gitlab.com, some project specific gitlab instances (freedesktop for example), forejo / codeberg, and the Linux kernel is off doing it's own thing with mailing lists instead. I even come across code on SourceForge every now and then still. But all of these are super niche.
This has been a feature since Windows 7, and it worked great since it would pull all necessary drivers after installation without you going hunting on the internet like in the Windows XP days.
Just that no HW manufacturer thought to push spyware in their driver repos at that point to improve some team's KPIs.
A driver shouldn't be a front-facing program that shows ads of any kind. It should be sandboxed and follow strict APIs to talk to the OS and that's it - any extra options should be shown inline in the main e.g. printer or mouse dialog.
Actually, why not? The driver could declare a list/tree of extra configurable options, and windows could generate a configuration dialog for them. I think this is already is thing in Windows for NICs, I remember seeing TCP offload options when I go into properties for a NIC in the device manager.
You just need to make it a bit more accessible to non-tech users and with more modern control options such as colour wheels for RGB.
And the Linux software for these sort of devices (when such software exist) don't tend to be as bloated. Usually the driver just exposes some control files under /sys and someone else builds a GUI or such on top. But there is no reason you couldn't also expose a schema that describes what the options do to make a more generic GUI for those.
Windows users think of the driver as what makes the hardware do what everything in its class does but subtly different and somehow glued to a command center with its own unique and bad GUI auto started, in the tray, with its own update schedule, and ads.
The USB protocol does not have any authentication, just a VendorID/ProductID pair: 2×16 bits that Windows uses for looking up the driver package to install. Programming a MCU to use any VendorID/ProductID is straightforward. A USB device could even appear innocuous at first but after a timer or external trigger disconnect and reconnect masquerading as another device.
1. https://arstechnica.com/information-technology/2021/08/need-...
But you can't pretend to be any vendors id, only the ones with vulnerabilities. And the drivers or spyware will be downloaded by windows from the vendor's site, not from your peripheral.
But yes, usb device identifier is done through software/firmware.
depending on how you look at it it has quite a bit of precedence as this falls under a long list of MS shipping "intended behavior most security researcher would assign a CVE and require it to be fixed as min. requirement for Windows usage in any company"
other wtf. microslop cases include:
- "install arbitrary software w. admin rights hooks" in BIOS which theoretically is there to install BIOS update software but there had been cases of 1. it installing other unwanted software, 2. the updater not fulfilling most minimal security standards (i.e. similar, due to 2. maybe even worse then the monitor case)
- "on boot without password requirement boot arbitrary stuff from a USB stick if correctly named" allowing a trivial bypass of TPM based full disk encryption, yes different thing but another "MS without authentication runs potentially harmful 3rd party software"
- "init scripts on USB devices", I think they stopped doing that
- ...
given that Microsofts security researchers are definitely _not_ incompetent idiots, you can safely assume that all of this features where implemented knowing what user hostile hazards they are and against their own security teams recommendations (or bypassing that team knowing they would say "wtf. no", or similar)
most absurdly MS has in all of this cases enough means to enforce a "just drivers no ad-ware/spy-ware or you get banned" policy, and could do it in a way where they still allow non-allow-listed/ban-listed hooks to be run iff the user consented to it with appropriate warnings and "remember this decision" functionality in case they say no (which besides other aspects might be relevant from a "not steeping onto anti-trust landmines" POV, through mostly older judgements as the US kinda moved from hindering oligopoly to pushing for it).
combine that with the huge f*-up of Azure in the past and their systematic mishandling of it, and no indication they will change this behavior, I really don't understand how any Company/Government agency could trust them
This is nothing new. For about 30 years now Microsoft has been constantly repeating various flavors of this “make it so a thing can automatically and silently run programs as soon as it touches your computer” thing. It’s always done in the name of user convenience. It always ends up being a fiasco. I don’t know why they keep doing it, it’s not like the exact same PHB keeps making the same decision over and over for 30 years. It’s probably one or a combination of the many well documented flavors of stupid that are deeply baked into the company’s organizational culture.
(And before the inevitable response, no this is not defending Microsoft. Pointing out that an organization’s culture is too deeply, chronically stupid to avoid opening the exact same obvious and gaping security hole over and over and over and over again is not the same as saying, “it’s fine, actually.”)
Windows has worked like spyware since what, the late Windows 7 days or thereabout?
End users should not regard this as inevitable. Or get caught up in the how-it-works-how-to-disable swamp. Instead, cut through to the essence. It's about respect:
# Microsoft does not respect Windows users (or users of any of their offerings?).
# LG does not respect people who buy their monitors (and perhaps other products?).
Knowing that, why would you use such a sleazy company's product for daily driving? Or give them your money? Would you buy bread from a baker who pisses on your lawn every time you're not looking?
User rights or consumer protection laws aren't even part of this equation. Although they do help (sometimes a lot!) to keep companies honest.
Because alternatives are much worse or not available for scenarios people need.
There, I've said the obvious.
Edit: To be fair, I immediately uninstalled it, so I don't know if this was "just" a link to their installer app or the full app. But something definitely got downloaded and moved to a place I could not have moved it myself without accepting a UAC prompt m
It's not quite as bad because it's not silent and you can say no, but I'm pretty sure that's only because Razor decided not to be completely evil.
It’s not unprecedented at all for Microsoft or anyone to download what amounts to spyware.
The days of antivirus were replaced by advertising a long time ago. There is no privacy.
Most savvy types are hyper aware of every process running on their machine especially those using network lol
Kill the process or don’t by an LG. Everyone just uses Dell, or you’re rich and you get a Mac one. I don’t make the rules
All the major tools for advanced work are Linux-based, and there's maybe a Windows version, but it's probably a kludge like Docker Desktop.
For plug-and-play devices with multiple configuration knobs. It is nice to be able to click through a printer wizard to configure how one wants to print their documents. Likewise with an audio interface: loopback settings, codec, sampling rate, gain and volume of channels, etc. Or consider a USB CNC mill; configuring things like milling revolution rate, setting which bit is installed, what lubricant is used, etc. Or consider the Nvidia/AMD control panels for their GPUs; things like colour depth and space, resolution, scaling, anti-aliasing, vertical synch, power settings, etc.
Some of these settings are device- and even manufacturer-specific; one might argue these are more than a driver or the platform can or should provide. That LG have exploited this to provide McAfee is on them.
You said click. This happens without clicking anything.
Firmware updates for devices are not a thing in your world?
Microsoft needs to intervene here, this cannot be a normal expectation for using their product.
Yeah, they've never pushed ads or installed software without the user's consent.
Me on Linux: I don't want to use Windows, you have to keep configuring every single thing so it doesn't show ads.
What's frustrating about that is that Microsoft has also gone out of their way to make it difficult to access the [legacy] System Properties (sysdm.cpl), while not fully reimplementing all the features into the Settings app. Including this one.
They've only been working on this 10+ years...
So people have mostly never gotten accustomed to monitor drivers having any consideration at all, while drivers for graphics themselves and other new hardware has often had some associated downloads that people have become familiar dealing with.
Looks like LG finally took this long-standing opportunity to do some deeper enshittification than previously imagined. Simply taking advantage of a domino effect that has been lurking for decades.
A couple other related gpedit options if you don't even want the drivers themselves to change after you have gotten them correctly installed:
I remember Windows keeping a cache of autodownloaded drivers ("Driver Store") and reinstalling them when the device is plugged in, so the mouse bloatware kept on coming back.
Is this still the case?
In other words, we all know that regular consumers will never find this and they’ll never understand that their LG software is spyware in the first place.
Keep in mind the well-known quote from so many pages of Microsoft documentation over the decades, where the main useful function of a feature is the only one completely crippled in what's obviously got to be a complete engineering snafu:
"This is by design."
I've managed to generally avoid running Windows (at home and at work) for a long time now, but if there was a situation where I needed to get a PC (at home?), is there a recommended least-sucky way of living with?
Are there editions or scripts or a setup workflow that would make it suck less?
Then, to get a better version of Windows, use MAS[2].
[1]: https://schneegans.de/windows/unattend-generator/
[2]: https://massgrave.dev/
Microsoft decides what happens here, and presumably today they just take it on trust that hardware makers know what software to install. New driver? Sure. McSpam installer? OK. Maybe they have a guideline saying "Don't ship unrelated garbage" but today it's not enforced because why would you do that?
If the Microsoft customers (particularly larger corporate customers) tell Microsoft they hate this that policy will get tightened or if there isn't a policy one is introduced, and outfits like LG get told if you do this again we're taking away your update privileges, 'cos our customers hated this. Because (as I said assuming MS don't get a taste) this is all downside for Microsoft.
Pushing back on LG will be less likely to work because you already bought their product, so at most you can insist you'll forgo LG next iteration and they know such pledges evaporate in practice usually. Whereas Microsoft has contract negotiations every day, somewhere a $$$ contract is being renegotiated next week and if "Yeah, these LG popups suck" comes up - even if it's not a corporate system but the VP's niece's video editing suite for her vlog that's strictly unrelated - that Microsoft sales droid reports this was an impediment and it's on the list of things that don't benefit Microsoft.
But the point is that companies will probably not complain about this because they'll most likely not see it. Also, they're used to Windows being generally crappy.
When do we start calling out this crap?
MS should get all the flack (which is mostly deserved) of this
Manufacturer does whatever crap they want with "it works" and then MS gets the complaints
A driver should only be that. A driver
I don't see why we can't blame both here? And I'm a big LG user, I'm writing this comment via a LG monitor, our main TV is LG, dishwasher and clotheswasher is also LG. But still, that Microsofts enables this behavior should rightly put them at the stake for this, and also LG should get flack too, just because something is possible doesn't mean you have to automatically go that route.
I still remember the massive amounts of crapware installed with video cards, printers (hello, HP), and just about anything where the manufacturer can squeeze some money from.
What does a monitor even need a driver for? I presume if you plug one of these into a Mac or a Linux box it’s still going to function.
Autorun of malware when you plugged in a USB drive was also a Windows issue, I'd classify this as the same security problem.
I think everyone in the HN crowd knows that.
> the blame should be on Microsoft
No, they blame should ALSO be on Microsoft, they are the enablers.
The consequence of Windows having the blame is that one should not buy it.
[1] https://www.linkedin.com/posts/callam-d-b38b05105_windows-is...
https://www.youtube.com/watch?v=Q9uefFYe6bM
But still, is it possible Americans are receiving more ads than in other parts of the world? Certainly online sentiment gives me that impression.
But in case of LG TVs, they record your activities in EU too. You can opt out, but the settings has a very non-descriptive name ("live plus") and resets by itself when you are not looking.
https://www.consumerreports.org/electronics/privacy/how-to-t...
Ads aren't free, so yes, it would stand to reason that people in the largest consumer market in the world might garner more ad spend.
Ads aren't free - this isn't a "theory," it's basic economics. Cost can be political (you cause the entire EU government to outlaw the practice) or monetary.
> If that theory is true, does that mean TVs sold in the European Union then have more ads than TVs sold in China
Probably? The markets have little overlap, but again, this is a function of cost. Where people have more money to spend, I have more money to spend on ads, or more money to spend on campaigning to be allowed to show ads.
Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe. Seemingly (https://news.ycombinator.com/item?id=48957229) with Samsung it's the same. Even though EU is a larger consumer market than China, so obviously your theory doesn't hold, it's something else than "Bigger consumer markets === more ads in UIs in TVs".
Cost is my "theory." A larger market can sustain larger ad spend, and in some areas it's cheaper to make larger ad buys. Both are true.
Also, "larger market" obviously implies a category-specific qualifier. People in the United States might have more of an appetite for televisions than people without running water - news at 11.
> Spoiler: LG TVs sold in China also seem to have more ads than the LG TV we end up buying in Europe.
"Spoiler:" is an unnecessarily cunty way to lead a declaration of fact with zero objective accompanying evidence. Any citation you care to provide?
"More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
Not really, the question I posed initially was a casual one, based on reading around basically. I'm guessing you then have a citation handy for the US LG TVs having more ads because the US is a bigger consumer market?
> "More ads" is already a pretty subjective, ill-defined thing. More screen time? More individual advertisers? More unique advertisements? Larger screen area?
If you open up the TV home dashboard, do you see ads? On my LG TV I don't, looking at screenshots from LG TVs in the US, there seems to be.
So your "Spoiler:" was based on something you pulled out of your ass casually?
> I'm guessing you then have a citation handy
I qualified with "probably" and "might," I didn't lead with "Spoiler, asshole, I'm right:"
> If you open up the TV home dashboard, do you see ads?
The plural of anecdote isn't data.
Hey, I learned something new! Thanks :) Hope you enjoy the rest of your Saturday as much I'm enjoying mine, time to hit the beach.
When I used to do that, North American traffic got ads 100% of the time. European traffic might get ads 5% of the time. Otherwise, there were few advertisers that cared.
However, this was back before Google AdSense upended the industry, and you could still make a living showing one static ad per page.
In this case, ads are even a product people actively want to avoid, but it's still unsettling to be undesirable. Imagine banning smoking and then getting upset that Philip Morris doesn't want to sell to you anymore.
It's hard to say directly from the article if there is any GDPR breach. If everything was part of the installer and it doesn't actually submit anything (including downloading the ad) to LG then it's harder to argue that there is GDPR violation, but knowing the SOP of these kinds of software that is unlikely.
If the software did indeed send personal data to LG then there are at least following question: How was Article 13 notice delivered to user? Article says that this was installed quietly. Did Microsoft deliver Article 13 compliant notice to user at some point? They probably did deliver their own notice (though it's open question if it's compliant), but not LG's. However since Microsoft is the one that installed the software and they exercise control over the standards which must be met, it's possible that they would end up being joint controller at least for some processing.
I should add that Article 13 requires that the notice is given "at the time when personal data are obtained". The only exception is when "data subject already has the information" and possible Article 23 restrictions, but those are unlikely to apply.
If someone wants to make a complaint they should first make Article 15 request to LG. Copy of personal data is useful, but 15(1) information is the primary goal. Additionally ask for information on how and when did LG provide you the Article 13 notice if they did indeed process your personal data.
After that if they cannot show that they provided Article 13 notice when they received your personal data submit a complaint to your local DPA. You can additionally flag other violations as well if they are applicable (e.g. not naming recipients as part of Article 15 response, not giving actual retention time or meaningful information how that is determined, invalid legal basis etc.). You should also flag in the complaint that Microsoft is likely joint controller for some of the processing given that they are the ones who approved the automatic install of the software which violated GDPR.
So I think that is what we should continue to call it. LG monitors are installing malware, because they install the software silently and it harms the system by making it slower and disrupting the work of the user with advertisements.
Basically doublespeak.
I don't understand why we expect some manager somewhere to stop stuff like this.
You mean "Microsoft Xbox Activision Blizzard King Bethesda Mojang"? I wish you luck with your boycott.
edit: like if a game doesn't work, I no longer spend hours trying to fix it, I don't go ranting on the internet about it.. I just uninstall and play something else. Really simplifies things if you can detach from gaming as a core identity anchor.
There are millions of indies out there. Some are worth the time. It's a bit of a problem to figure out which though.
> Haven't played online multiplayer games since ~2013
I don't think there are any non predatory online multiplayer games since 2013 :)
And there are many online multiplayer games that would have been really good as single player.
When you uninstall, they give you an opportunity to type a reason. I wonder if anyone actually reads my accusations of them being scammers and bad people. I have uninstalled McAfee from more people’s computers than I care to remember.
The truth is that if you uninstall their software (and hopefully also if you just let the trial lapse, though I don’t actually know whether Defender Antivirus gets enabled automatically in that case) Microsoft will defend you against the lunch-eating bad guys just as well as McAfee, for free.
That easily qualifies it as fraud.
For that reason, I’m willing to call it a scam when preinstalled or otherwise installed without user intent. I wouldn’t call it a scam if people installed it deliberately (though I would still disparage it and its tactics).
It still blows my mind that most people still put up with this kind of behavior. I get that some people can't get away from Windows due to genuinely needing to use software that will only run on it, but that has to be around 0.1% or less of current windows users. There is no justification for the other 99.9% to choose to stay in such a toxic relationship.
So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.
The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.
I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.
You could choose to buy from another vendor, but other vendors have the same incentives to abuse your trust in the same way once they manage to persuade you into running their proprietary software on your machine.
Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.
[1]: https://lists.archlinux.org/archives/list/aur-general@lists....
The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.
I woke up the other day to a notification that my LG monitor driver was installed, with a little window on how to use the on-screen crap.
Absolutely useless, since the buttons for the monitor are right there on the bottom of it, and probably easier to use than the software.
Apparently the 3 applications have some sort of screen partitioning/sharing capabilities, but it is still unclear if the LG App was remote access or not.
So far, LG is earning a lot of justified bad press. Should have returned it when I had to turn off the screens power-save mode to get it to stop fading out randomly. =3
As to why people do install such software? It sometimes provides additional features, controls and settings. For example with touchpad you could set the sensitivity, hot corners, set the scroll behaviour the way you like it, etc.
With monitors you might get a better colour profile (P3 instead of just sRGB), I don't know. I don't use monitors like this.
> Connecting some LG monitors to a Windows PC may automatically install software that promotes McAfee subscriptions
I too have a LG monitor, but haven't booted Windows in some days, guess I'll stay put in my Arch environment until they've fixed this shitshow.
Typically, the Windows update server downloads packages mapped to hardware IDs in the background. Since LG's business in Korea has been failing and their AI efforts are stagnating, they exploited their McAfee partnership marketing as a pipeline. Windows' Plug and Play does make development convenient. The DX experience is good.
Linux is quite fragmented. That's good from a 'my computer' perspective, but not from a 'product' perspective. And then there's the jitter issue. Windows has stable paid solutions, while Linux has version discrepancies.
In fact, the reason Linux is considered secure is simply because hardware vendors haven't standardized enough to build automatic deployment pipelines.
In programming terms, we all know singleton is bad, but for Plug and Play, it's overwhelmingly convenient.
Wouldn't it require cooperation from the distros anyway? You say "HDMI and DP also have two-way communication channels", but that doesn't force the OS to communicate over those channels. And it also doesn't force the "mapping of packages to hardware IDs" to be what the hardware manufacturer wants it to be.
Right away, with numerous distributions like Ubuntu and Arch, it's hard to account for all the possible cases from a production standpoint. But Windows has very few versions. As long as you pass Microsoft's standard specification, it just runs on Windows. That difference is huge. What you're saying is ideal, but when selling a product, time is money.
In other words, to summarize our conversation:
'As you said, separating them is the right thing to do. But UX Uesrs basically wanted that kind of deployment authority, and in the process, the problem of abusing it arose.'
It's a beginner level problem, but at the same time, it's also a difficult one.
The monitor only sends a unique device ID, everything else is handled by Windows.
Disabled LG & Switch App in taskmanager auto start, and set to Manual for all 3 LG process names in Services.
A lot of bad karma, for such an buggy monitor that doesn't even work properly till you turn off the silly power-saver auto-dim mode. =3
But those were different times...
Whether it’s router safety or NVIDIA software hammering DNS servers hundreds of thousands of times or this. Across the board they seem below average competent when it comes to software. I get that they’re specializing on hardware but why so very bad?
Edit. This isn’t even the only thread today. See TPlink fucking up on leaking your GPS coordinates also on front page
My current windows 10 install is cleaner than any other windows machine I've ever owned due to using Claude to deep dive and rip stuff out.
you run claude code unsanboxed on your machine and give it privileged access?
Probably more like, "Prevent adversarially installed software from having unfettered access to your machine by giving software you specifically requested unfettered access to your machine."
If it makes you feel safer, you can just tell it to give you the commands run them yourself. The point is, I'm not a Windows sysadmin so idk how to do stuff like this--claude does.
My wife CONVINCED me to buy an LG tv instead of my typical dumb monitor.
Now I get constant ads and a constant nagging of updates available, that will install more ads and spying features...
Treat your TV like a computer monitor (ironic here in this context lol)
I've had several laptops where audio just doesn't work even on rolling releases. Or the screen freezing up constantly.
This was all with relatively new hardware within the last year or so.
My issue with the Linux community is if you bring this up it's all of a sudden the fault of everyone but Linux.
The end user should of picked better hardware.
The hardware OEMs should of shipped Linux support.
The end user is lazy for not installing an RC kernel.
Macs are great, but my current workhorse computer has a 2TB SSD, and only cost 550$ with the SSD upgrade.
Vs 2000$ for the cheapest MacBook with a 2TB SSD
I definitely wouldn’t predict that Linux is taking over the world or anything but it wasn’t that long ago that playing AAA games on Linux on day one of release was ludicrous. Now the most popular PC handheld runs Linux, a PC console launched that runs Linux.
Now we have hardware like the MacBook Neo that threatens Windows even more. Sure, the XPS 13 came out and is arguably a compelling alternative. But I think the mindshare damage has been done on that one.
The idea that Windows might disappear entirely is not that far-fetched, especially when you look at Microsoft’s financial results.
If I was a PC OEM like Dell I would probably band together with other OEMs like Lenovo to make my own Linux distribution and support Windows offboarding even further as a hedge to my business.
Not sure about other solutions, but one suggested workaround here would be to silently uninstall Windows without consent.
I guess my next machine will have a VGA port ;-)
And no Windows.
Close but still not there. And Plasma has its own problems (I have it on my work laptop with Fedora).
Do. Not. Buy. LG.
There are a lot of decent alternatives. Stop buying from the sick heads.
> There are a lot of decent alternatives.
Can you name them? Dell and Samsung are the main competitors for displays as far as I'm aware, Dell tends to be hit-or-miss when it comes to monitor features and quality, Samsung's high end displays come preloaded with a whole OS. The monitor market is really in the toilet.
Honestly, if we don't push it back hard, it will only get worse and worse. Why we were cancelling people if they used wrong pronouns and suddenly we got tired of doing the same with stuff that we all should agree on that is terrible.
Are there any high quality panel manufacturers left that aren't run huge pieces of shit? Or at least try to respect the people buying their hardware?
For complete monitors, the sole make I trust is Eizo but they only make professional (business or photography) products these days, and I'm _not_ going back to 60 Hz. Dell doesn't deserve trust but their UltraSharp line usually is "okay" even if my U2724D has uniformity issues near the bottom. Iiyama also remains a good one in my books.
But if you want OLED, abandon all hope. The technology is so compromised and the market so monopolized by the collective Market for Lemons style race to the bottom targeting gaymers that I intentionally went for IPS black (yes, LG.display, I know...) instead.
No, you can't have a "(o) just the driver" checkbox because... honestly there are a lot of reasons and the device manufacturers are the guys who demand that in the first place.
The "programmable buttons" on it works through the user space app which is needs to be running in order to intercept and replace the button actions.
No app running? No replace.
App is stalling because the CPU was busy? No replace. (EDIT: or no action at all, lol)
Is €65 mouse could store the less than a 1 kilobyte of the settings on itself? Of course not.
On a third day I just turned it off and went for the other vendor altogether.
To add an insult to an injury I knew the software would be mess so I installed it on a notebook relegated for the 2nd line duties. Less than a year later the notebook started to cry what there is no space left on the disk - which was quite strange because there was nothing what would fill up quite a plenty of a free space.
Well, every month or two the Logi software (which I no longer even used because I didn't use the mouse) downloaded ~1GB update, stored the update, installed the update. Never cleaning up nor the updates nor the previous versions. Tens of GBs of a useless software just for the sake of the process.
It's just crazy to me that a lot of keyboard manufacturers have basically standardized on VIA as their firmware which can be configured via WebUSB without installing any additional driver. But my mouse somehow needs a gigantic driver suite just to configure and save some settings? It's just madness.
I like Razer mice and their headsets, but I will never install any of their drivers. Ironically I feel more comfortable using Razer hardware on non-Windows devices than on Windows precisely because they don't support other operating systems.
As there is no consequence for them, again there is no reason that it changes or that it doesn't get worse in the future.
[1] https://en.wikipedia.org/wiki/Autorun.inf
https://en.wikipedia.org/wiki/U3_(software)
That's not your computer, that's Microsoft's computer. You're the threat model they lock it down against, you're the schmuck that keeps them fed, and you're the possible terrorist/hacker to be surveilled, tagged, tracked, and monitored.
If you care about consent as it relates to your use of technology, you shouldn't be using Windows in the first place, and this has been obvious for well over a decade now.
Short personal story:
I had a win10 machine were HP kept installing some "analytics" service. This happened even on a clean windows install so I guess they used the same delivery mechanism LG is using here. After having read the HP ToS (where they basically gave themselves unlimited rights to monitor anything I did on that machine), I decided to wipe the disk and install Linux.
But I guess it is just a matter of time before EU or US make spywares mandatory on Linux too. Chat control and age verification seems to be the first step towards that.
Mac users too (at least for now).
It is absolutely possible that when you plug in an LG display it installs and runs software on your Linux system†, just that rather than "Somebody at LG who earned a bonus" the decision maker was Sara in Portugal who fat fingered a change when trying to make a Python script for a PCI digital TV receiver work properly on 32-bit.
It does feel more like an amusing mistake in that case whereas even if LG tells us it's a mistake we know it was to earn $$$.
† Obviously YMMV but such "plug and play" features are commonplace because they're useful
So perhaps you could elaborate?
Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.
But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.
> from a vendor
Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.
[Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]
> but those are curated
I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.
I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.
Remember when you used to own your "personal" computer?