HP is installing new spyware, “HP Touchpoint Analytics Client,” but the infection vector remains unclear

Topic

New Reply

I can’t tell which versions of Windows are getting infected, or what is installing the “telemetry” (love that word) enhancement, but there are lots of
[See the full post at: HP is installing new spyware, “HP Touchpoint Analytics Client,” but the infection vector remains unclear]

6 users thanked author for this post.

Lori, jburk07, SueW, Fred, JDeC

Reply | Quote

Replies

I recall seeing a lot of bloatware in a client’s HP desktop about a dozen years ago, much of which was very resistant to removal. It was discovered by accident, spotting Task Scheduler entries.
I must admit to shying aware from their hardware since then, when possible.

Reply | Quote

I had to remove quite a bit of bloatware from my old HP too, but it’s over when it’s over and no reason to avoid the manufacturer if the product works otherwise.

Maybe things were a little simpler about six years ago, and the bloatware or something else would have its claws deeper into the machine now.

1 user thanked author for this post.

Kirsty

Reply | Quote

HP had used (if my information sources are right) the Windows Platform Binary Table approach to survive a fresh install using an non HP Windows image. I’ve covered that within my German blog post Backdoor ‘Windows Platform Binary Table’ (WPBT).

But as far as I know (from my sources and German blog readers), WPBT isn’t used on those systems, and clean Windows installs never received the Hp Touchpoint Analytics Client.

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

Reply | Quote

A FreeDOS or GNU/Linux system look better everyday.

Reply | Quote

Well, plug-and-play means just that. Attach the device, and done!

Reply | Quote

Or in HP’s case “Plug & Snoop” lol

Reply | Quote

Welcome back.  This is the first time I have seen the site “alive” since about the 21st.  And I had about a half dozen new posts to catch up on.

Anyway, my Internet computer is an HP from about six years ago, running Win 7.  HP Touchpoint Analytics is not listed among the services.

2 users thanked author for this post.

ryegrass, woody

Reply | Quote

“This is the first time I’ve seen the site “alive” since about the 21st. And I had about half a dozen new posts to catch up on” – wdburt1

I’ve noticed that I have to hit the Refresh/Reload button on my browser (Pale Moon) to bring the site up to date lately. It doesn’t seem to update itself ‘automatically’ for some reason?

Same thing happens on my old Samsung tablet using the default browser that came with it so it doesn’t seem to be specific to Pale Moon.

Back to topic – I’ve just checked my 11 year old HP laptop (Windows 7) and there’s no trace of the “HP Touchpoint Analytics Client” but I’m not surprised since I haven’t had any HP software installed on this old machine for years now.

–

Reply | Quote

Why isn’t this illegal? It’s analogous to an HP employee breaking my door down, sitting at my computer, and installing something I don’t want on MY computer. (My 8 year old HP laptop is now running only Ubuntu)

6 users thanked author for this post.

Steve, fk5353, HiFlyer, BobbyB, Elly, woody

Reply | Quote

DrBonzo wrote:

Why isn’t this illegal? It’s analogous to an HP employee breaking my door down, sitting at my computer, and installing something I don’t want on MY computer. (My 8 year old HP laptop is now running only Ubuntu)

You ask a question that’s quite apt.

But you’re NOT SUPPOSED TO THINK THIS WAY!

The companies advancing what they like to couch in today’s friendly terms as “cloud computing” are making their software do precisely what just a few short years ago defined spyware and malware.

Those things were loathed and blocked, so these companies realized that to achieve their goals to become more intrusive (and thus move closer to your wallet) they needed to change the very norms of our society.

What was shunned by parents must now embraced by kids in order to accomplish business goals.

Thing is, the parents really weren’t stupid. Some things they held dear, such as keeping control of one’s technology, really were good and reasonable.

-Noel

P.S., I always get a kick out of remembering that Windows Defender started out as an anti-spyware product.

P.P.S., The 2010s are most definitely the time of “using up your company’s reputation”.

7 users thanked author for this post.

Steve, SueW, jburk07, fk5353, Elly, HiFlyer, Cybertooth

Reply | Quote

Same as not giving away personal information.

When I was growing up I was always told NEVER to give my real name or personal info out online.

Now kids are bombarded with adverts left, right and centre to splurge all their personal info, pics and everything on facebook and so on. Now even to the point of sending intimate photos to the services for “protection”. Completely mad.

Reply | Quote

So I see where I can opt out. I think I should have the option of opting in in the first place so that I never have to opt out. I’d like to opt out of breaking and entering.

Reply | Quote

Good thing my new HP tower never had Windows on it. It doesn’t even have the factory-installed HDD any more, as that’s been replaced by an SSD. So there should be no prayer of any of this “Device as a Service” nonsense getting onto my computer.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

4 users thanked author for this post.

BobbyB, Elly, HiFlyer, Noel Carboni

Reply | Quote

I cannot post the complete configuration file because of possible identity information exposure. My best logical guess is the spyware must have been installed when HP Support Assistant software updated its configuration files. It uses Amazon Cloud services with a destination target named “activehealth-stream”. An option exists for a (new) compressed configuration file to be downloaded, I don’t know where the log files are sent.

For now data are collected every hour(?) (“sampleFrequency”:60); One log file can be up to ten megabytes and there can be a maximum backlog of 500 megabytes of data. Most data points are collected with a frequency of one day for one minute (“frequency”:”1d”,”refreshFrequency”:”1m”). Dashes may mean one time only or never collected data.

Do you want to see the list of collected data points?

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

Yes, please.

Reply | Quote

Some of this is theory of operation gleaned from reading the log and configuration files.

On start-up Touchpoint Analytics Client checks for an internet connection, and does download a new configuration file. Here is a list of 38 “providers” (modules and applications):

ApplicationsInstalled
Battery
Biosphere
Bios
DiskLogical
DiskPhysical
DiskSelfTest
Display
DriverCrash
EnvironmentVariable
Graphics
HPBios
HPBiosSensors
HPITImage
HpsaMessages
HpsaUpdates
InstalledWindowsUpdates
MemoryPhysical
Memory
Network
OperatingSystem
PnPDevice
PnPDriver
Processor
RealTimeClock
Security
SmartDrive
StorageUsage
System
SystemSlots
SystemStateMonitor
SystemState
Thermal
WebHistory
WindowsEvents
WindowsProcesses
WindowsServices
WindowsUpdates

The Touchpoint Analytics Client checks which of these need to be executed for data collection, via the configuration file. Right now most of these data are harvested, however WindowsUpdates, Monitor and DiskSelfTest are not.

Data will be collected if the frequency fields have a time listed, fields with dashes equate to ‘do not collect the data’. I’m not sure if ‘WebHistory’ is collected from every known browser installed or just Microsoft’s offerings.

Here are few lines from a mostly raw configuration file:

“Battery”:{“frequency”:”1d”,”refreshFrequency”:”-“} = Collect data everyday
“Bios”:{“frequency”:”1d”,”refreshFrequency”:”1m”} = Collect data everyday, check/log every minute
“StorageUsage”:{“frequency”:”1w”,”refreshFrequency”:”-“} = Collect data every week
“WindowsUpdates”:{“frequency”:”-“,”refreshFrequency”:”-“} = Do not collect/log any data

3 users thanked author for this post.

SueW, woody, BobbyB

Reply | Quote

The provider module ‘WebHistory’ contains the words Firefox, Chrome, Internet Explorer, and Opera.

2 users thanked author for this post.

woody, BobbyB

Reply | Quote

Seems an awful lot but thinking about it here you probably can make a case, with the possible exception of “Smart Drive” for potential effects on a mere Printer and interactions with any given machine. Sort of gives me a hankering for the old OkiData days a pain to set up but at least you knew it wasnt sending all your data who knows where. Thx for that

Reply | Quote

Your welcome. Yes, I do miss the days of only just trying to get hardware configured and fiddling with drivers.

Reply | Quote

That’s amazing.

Although variable names aren’t definitive (you can call a cow a Moose, eh?), the list there is certainly alarming. (FWIW, WindowsUpdates isn’t harvested, but InstalledWindowsUpdates may be.)

So it looks like HP Support Assistant – installed by the manufacturer – updated itself and started gathering all of this information. The fact that folks noticed just after this month’s Patch Tuesday is likely a coincidence. And there’s no apparent limitation on which versions of Windows are affected.

Looks like the stink’s all on HP. What do you think?

Makes me wonder what other hardware manufacturers (Dell, Lenovo, etc.) are collecting…

Reply | Quote

You are correct they do have a setting for collecting installed Windows updates.(“InstalledWindowsUpdates”:{“frequency”:”1d”,”refreshFrequency”:”-“})

Hmm, you can call these what you like… The names match the dynamic linked libraries found stored in the Providers subdirectory. For example, InstalledWindowsUpdatesProvider.dll and SmartDriveProvider.dll. SmartDriveProvider, parses and collects information from HP’s S.M.A.R.T. utility. Daily HP wants to know of all S.M.A.R.T capable storage device’s health.

Yes I believe the stink is on HP. For people that don’t tell HP Support Assistant not to self update it must have appeared to be a collusion with Microsoft. Most of the files are from HP even though they used software from other companies and some Open Source software. Have you seen definitive evidence the Touchpoint Analytics Client was bundled with Microsoft provided drivers?

I had manually updated the HP Support Assistant on a different day and the Touchpoint Analytics Client files have the right time and date to have been installed via Support Assistant.

Hmm… I guess, If the Touchpoint Analytics Client is compatible with the Windows version and it has the right version of .NET runtime maybe it will spy on you.

Reply | Quote

More info … I checked my settings for HP Support Assistant and it was still set to automatically install updates Hewlett-Packard deems to be important “when possible”. (oops)

Good news, disabling the Touchpoint Analytics Service seems to stop data collection.

4 users thanked author for this post.

woody, SueW, jburk07, BobbyB

Reply | Quote

I just ordered a new HP for the HomeOwner’s Assn. office. Should be delivered next week. Guess I’ll face all the bloatware when it comes in – and Win10 too (Yuk!).

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Now, I’m curious about contents of any Hewlett-Packard printed end user license agreement inside the box and what you may have to read during initial device set-up. Specifically any clauses about the scope of data collection, and if they will claim you consent to such activity by using the computer.

1 user thanked author for this post.

Steve

Reply | Quote

Must have come from HP direct via their Support Assistant, not MS.  I have Win 8.1 with updates off, group B and have not done updates recently, but I do have HP Analytics spyware.  Also, the dates of most folders/files in the the Analytics Client folder correspond to the day of week and time of day that HP Support Assistant routinely checks for things – though it is not supposed to install anything without permission.

Finally, the executable TouchpointAnalyticsClient.exe is dated Nov 21 and has a version number 4.0.2.1439, which suggests HP has already issued an update to the original (perhaps to reduce system resource usage).

Anecdotally, it has felt like my system is slower, especially when running Firefox (have not updated it to the latest version yet, so it should be running same as previous).

The big question  – if you remove it per Brinkmann, does it stay removed or does it come back the next time HP Support Assistant runs?

5 users thanked author for this post.

SueW, jburk07, HiFlyer, woody

Reply | Quote

If HP Support Assistant is the source, perhaps uninstalling this nearly totally useless program would help put the beast at bay.

Anyway, I tried it after finding the spyware from HP on my HP desktop computer.

After uninstalling HP Support Assistant, HP put up a dialog box asking me why I was uninstalling Support Assistant. After a checklist, they provided a comment box. So I did!

Sorry I can’t quote here what I said… Woody does not want that sort of language used on his very useful website. Perhaps if thousands of us uninstalled Support Assistant and told HP it was because of their spyware a change in attitude at HP could occur. Don’t bet the farm on it however.

3 users thanked author for this post.

Steve, jburk07, SueW

Reply | Quote

Heres a thing to consider, quite often especially with new installs or when I have been less than 100% attentive Windows update is good enough to furnish a driver.
If you use the readily avialble HP package you cant possibly just pick out the “bare bones” driver you invairiably have to accept some of the accompanying “bloarware” and features. Which includes the “nag ware” and last time I checked was a humougous 3-400MB package.
Does the M$ driver(s) have any of this telemetry nonsense in thier “bare bones” driver?
The catalogue has varying degrees of sizes for my brand of HP printer, from about 10mb to about 50mb.
Thats quite a chunky package for basic printer initialisation stings. I am assuming that HP and M$ work together to add support to vers of Windows supported. So are they slipping any of this in?
Quite a few of the modern Printers around now have the inate ability to connect to the internet, direct; But what if your networked printer shares a network that has a web connection with of course “file & Printer sharing” enabled. Quite a few home networks fall under that criteia, including mine, and I know for a fact most if not all Business networks work that way.
Lastly I am not going to don my “tin foil hat” but home use I rarely print anything of any use to anyone let alone detrimental to any sort of National Security or Business confidentiality, however its really not HP’s Business what I print. Business, however, including the one of I work for print literally reams of confidential stuff off. Thats not going to inspire confidence if your Printer is constantly, in the words of ET “Phone home”

PS apparently Win10 generic driver for the HP C4400 series doesent, install that service. PHEW! Hope I havent given them any ideas, seeing as these days it appears to one giant Data “Hoovering\Vacuuming” session every time you hit the on button.

2 users thanked author for this post.

Noel Carboni, Cybertooth

Reply | Quote

Got it too:
after the Micro$oft updates november15th to patch 6 crucial ! vulnerabilities the HP-AcceleroMeter-gui wouldn’t start (“cannot start at this WindowsOS” was the popup).
The parent proces HP3DD_protection cannot be repaired….. during the try of this repair after uninstalling the HP3DD~service the HPsupportAssistant just installed just the old service PLUS this “HP Touchpoint Analytics Client” ((this service + the installer + process….. ALL 3 wanted internet access to HP)).
a SNEEKY way to distribute SPYware…… ASWELL HP Cannot,Will not,Refuses to repair the Intel_processor 6/7/8th generation Vulnarability INTEL_SA-00086 =>
~~ this a walk through for anyone when the pc is connected to powerline and internetline, no switched-on or login or infection needed~~  This asks for/needs a urgent BIOS upgrade to re-control the processor. NO ANSWERS from HP……
I am loosing believe in these HPguys (and the agencies they work for),
*YAK !*

* _ ... _ *

1 user thanked author for this post.

woody

Reply | Quote

Hello everyone. I have an HP business model, and have been wondering why there is a subtle situation/problem with it. I am presently in the euro-zone and go between two countries. In the first one, there is not much going on system wise; in the second one, there is an ongoing problem with the s/w vs h/w. This applies to 10 and 8.1 and have read in several publications that HP is controlled by the intelligence community.

1 user thanked author for this post.

woody

Reply | Quote

That’s an interesting question, but… conspiracy theories about HP and the US intelligence community are not germane to the subject at hand. You can discuss them, of course, but I’d rather put those in the Rants forum.

Reply | Quote

HP laptop running Windows 7 Pro here. No problems with the telemetry program since I have HP Support Assistant disabled. Discovered some time ago that Support Assistant created more problems than it solved. Everything I’ve needed is handled by basic Windows systems. I also avoid driver updates. If it works, why tamper with it?

Reply | Quote

My next computer will likely not be purchased from any of the mainstream OEMs such as HP or Dell.

It is impossible to purchase from them without receiving unwanted trial versions of commercial software, their own bloatware, spyware and management software that introduces security vulnerabilities.

My next system will be built for me by a local tech company and it will be powered by Linux from inception.  Windows usage will be restricted to virtual machines.

Reply | Quote

In 30+ years of owning PCs, I have never had an OEM / “Name Brand” as my personal desktop. Built my first PC at the tender age of 16 and never have looked back. Back then, they were called “Clone PCs.”

I’m not a shill for any of these companies or websites, but NewEgg, TigerDirect, and especially pricewatch dot com are good places to start looking.

Reply | Quote

I’ve also built my own PCs for decades. My production PCs, all desktops, are all home-made.

Laptops are a different kettle of fish.

Reply | Quote

Humm. So now we have drivers and PC makers that will need to use telemetry to guess which Windows update causes issues to help fix them? Where are we heading, a Windows computer that has 10+ telemetry processes all verifying every hour the same things about your computer in case your printer, video card, SD card reader, mouse would need a fix to work properly on the new and ever changing Windows as a service? And they all need your browsing history, because you know, it correlates very well with your issues?

Sorry, you can’t work for the next few minutes, we need to make sure your computer will be able to run later. Oh, you don’t have unlimited bandwidth to upload all this? Oh, too bad for you. You should choose a better partner for providing internet access.

 

1 user thanked author for this post.

Noel Carboni

Reply | Quote

About fifteen years ago I had a Windows 98 laptop with the Zone Alarm firewall on it. This was a neat program in that you could easily tell it to allow or deny Internet access on a per-program basis. So, for example, the first time this HP Touchpoint Analytics Client tried to go on the ‘Net, the ZA firewall would have popped up and asked if it should allow it. You would simply tell it Yes or No — no arcane, convoluted rules to contend with, or obscure menus to navigate.

I wonder if there are still any firewalls out there that have this simple per-program capability?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

ZoneAlarm is still around. Works on Win10.

1 user thanked author for this post.

Cybertooth

Reply | Quote

@ Alex Eiffel

Quite true. Eg …

(Source: Anonymous)
“Purchases a new HP Laptop with the new I5-8250 cpu on black Friday. It works fine with the installed W10 1703, but upon updating with Win10 1709, the HDMI port doesn’t work. I’ve tried connecting to two TVs. On one you get a message the resolution isn’t supported–despite trying all resolutions. On the other you get a garbage image. I’ve update the video driver to the latest Intel generic driver with no luck. Reverting to 1703 solves the problem so it is clearly related to 1709.”

1 user thanked author for this post.

AlexEiffel

Reply | Quote

I think I have missed an important point. Does this apply only to HP computers, or to any computer (of any brand) which has an HP printer installed?

Reply | Quote

I think it’s most HP devices, especially Windows computers and printers. HP monitors seem unaffected.

Reply | Quote

I believe that’s the case. Specifically computers from HP that have the original HP monitoring software installed.

Reply | Quote

Many thanks.

Reply | Quote

I have two HP: one with Win7 Home, the other with Win7 Pro. Neither have been infected.

Reply | Quote

Hello HP – telemetry is not a service.

“Ultimately the real issue is installing management software meant for an enterprise environment onto the PCs of regular users, who should in the end be in full control of their PCs.”

https://mspoweruser.com/hp-accused-stealthily-installing-spyware-pcs/

A business service: A commercial enterprise that provides work performed for the benefit of its customers.

1 user thanked author for this post.

woody

Reply | Quote

I worked on a five-year-old HP computer (Win8.1) yesterday. It had the Support Assistant running with 11/14/2017 as the installation (update) date.
I found the Touchpoint Analytics Client installed on it – installation date 11/17/2017.

1 user thanked author for this post.

woody

Reply | Quote

My wife loves her HP Envy laptop probably closest to a MacBook I have seen in a while. I uninstalled all of the “value added” HP software as soon as I got it. These days none of these application are worthy of taking up space anymore. They install them for people who just can’t figure out their PC without them. Who needs all that stuff running in background when you already have plenty of Windows stuff running too. You know its amazing how much faster a PC runs without all that poorly conceived OEM c***.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

_Reassigned Account wrote:

You know its amazing how much faster a PC runs without all that poorly conceived OEM c***.

Not to mention a whole realm of Windows c***.

Most people have no idea how far this can go.

Folks are expected to pay more for a faster machine. Application of the “less is better” school of configuration and tweaking can save thousands of dollars. It’s a lot like how race car builders eliminate things from cars to make them lighter…

Everyone should download and use Autoruns by SysInternals at some point.

-Noel

Reply | Quote

For another take on this, with HP’s response:
https://www.laptopmag.com/articles/hp-touchpoint-analytics-controversy
They seem to think it’s not really what you think it is.  I can verify that the devices in our environment I’ve checked, the log files under ProgramData\HP\HP Touchpoint Analytics Client\Transfer Interface\logs are indeed 0 byte empty files.

Edit to remove HTML

 

1 user thanked author for this post.

woody

Reply | Quote

Henry Casey and Avram Piltch have a good point – and I’m sure HP doesn’t view it as spyware. But it’s hard to draw any firm conclusions from one machine. And there’s no doubt in my mind that most of the people who have the Client installed are NOT aware of any option to turn the data collection off.

Moreover, there doesn’t appear to be any way to look at what data HP has collected or stored online. And there’s no way to delete data that has been collected.

It’s possible that HP “got permission” by including a vaguely-worded reference in a EULA somewhere. If they did, I don’t know of anyone who recalls accepting the EULA – and certainly haven’t seen the text of what they accepted.

Reply | Quote

I agree completely, and I plan on removing it from our machines, but what I’ve found on them so far seems to back up the Casey and Piltch. (I forgot to log in when I posted above)

1 user thanked author for this post.

woody

Reply | Quote

In the settings for Support Assistant I opted into getting warranty reminders, messages and notifications, I choose to opt-out of sharing that kind of data about hardware and any software usage to HP!

I can try to find the first-run end user license agreements, somewhere…

Reply | Quote

I found a Second Edition HP EULA. In section 2 Upgrades, it states  “…By using the Software Product, you also agree that HP may automatically access your HP Product when connected to the internet to check the version or status of certain Software Products and may automatically download and install upgrades or updates to such Software Products on to your HP Product to provide new versions or updates required to maintain the functionality, performance, or security of the HP Software and your HP Product and facilitate the provision of support or other services provided to you. In certain cases, and depending on the type of upgrade or update, notifications will be provided to you (via pop-up or other means), which may require you to initiate the upgrade or update. …”

Section 8a it states “…HP will use cookies and other web technology tools to collect anonymous technical information related to HP Software and your HP Product. This data will be used to provide the upgrades and related support or other services described in Section 2. …”

So if a person doesn’t opt out of everything (or maybe telling HP software no doesn’t matter), this silent software installation activity seems to be okay?

Here is a link to the HP Privacy statements.

2 users thanked author for this post.

woody, SueW

Reply | Quote

There are zero byte logs there, but there are likely encoded JSON files in the retry-later directory, did you see any on your computers?

Reply | Quote

My quick & dirty research indicates this is not a real issue…notes:

NOT SPYWARE https://mspoweruser.com/HP-Responds-To-Touchpoint-Analytics-Service-Spyware-Allegations/
* https://www.laptopmag.com/articles/HP-Touchpoint-Analytics-Controversy
* HP said:    HP Touchpoint Analytics is a service we have offered since 2014 as part of HP Support Assistant. It anonymously collects diagnostic information about hardware performance. No data is shared with HP unless access is expressly granted. Customers can opt-out or uninstall the service at any time. HP Touchpoint Analytics was recently updated and there were no changes to privacy settings as part of this update. We take customer privacy very seriously and act in accordance with a strict policy, available here.
Service  only designed to collect hardware performance data for which HP asked permission on the initial setup of your PC. While the data is collected on your local hard drive, they are only uploaded to HP if there was an actual support incident, and then only with the user’s permission.  denied that the app consumed significant resources, saying it underwent intensive performance testing to make sure that it doesn’t have a negative impact on the user experience.
The app (HP Touchpoint Analytics Client) can also be easily uninstalled in the Apps & Features section of Windows 10.

Reply | Quote

Oh?! Why would they need your complete browser history?

Reply | Quote

MrToad28 wrote:

HP Touchpoint Analytics is a service we have offered since 2014 as part of HP Support Assistant.

Günter Born has updated his original article:

My sources had the HP Touchpoint Analytics Client installed, while the HP Touchpoint Manager (paid software) was never on their systems… He had not installed the HP Touchpoint Manager, but found the HP Touchpoint Analytics Client on his system after reading my article here… After all, I claim, the ‘infection vector’ is still unknown.

You can sort through the various names, and I have no doubt HP’s been snooping for the past three years. But this is the first analysis I’ve seen of TouchpointAnalyticsClient.exe .

MrToad28 wrote:

No data is shared with HP unless access is expressly granted.

I have problem with the phrase “expressly granted.” Is the snooping something a user has to check in order to implement – or is it a default with description buried in a EULA?

MrToad28 wrote:

While the data is collected on your local hard drive, they are only uploaded to HP if there was an actual support incident, and then only with the user’s permission.

I haven’t seen this in action, or reported online, and would like to see what the notification looks like. Regardless, the fact is that almost all HP owners don’t realize this information is being collected by default. It certainly came as a surprise to me.

If HP is going to snoop, they should tell people, clearly, what data is being collected, ask for explicit permission before collecting the data, and give folks an opportunity to scrub or delete the data that’s already been uploaded to their servers.

By the way, HP has not reached out to me.

Reply | Quote

Geez — add me to the list!  I have a program called AnVir Task Manager that monitors a number of things, including when a piece of software wants to add a Startup item (e.g., Adobe Flash wants to add a ‘run once’ at Startup to notify me that there’s a new update).  AnVir will generate a popup that asks if I want to ‘Allow’ or ‘Quarantine’ or ‘Delete’ an item in Startup.

This is what I saw on 11/22 around 12:30 pm:

Name: HP Touchpoint Analytics
Value: “C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe”
Product: HP Touchpoint Analytics Client Service
Startup: Services: HPTouchpointAnalyticsService

Taking a closer look:

C:\Program Files\HP\HP Touchpoint Analytics Client\ folder is dated 11/22/17 12:12 pm, and all folders & files within it are dated 11/22 and 11:42 am; size is 14.8 mb; version is v4.0.2.1439, so it was installed on the 22nd.

As noted, it “Harvests telemetry information that is used by HP Touchpoint’s analytical services” – whatever that means . . .

After doing some research, I uninstalled HP Touchpoint Analytics, and then added Registry subkeys to disallow TouchpointAnalyticsClientService.exe from running.  So far, it has not reinstalled itself . . .

Note: I have not even checked for Windows Updates yet (Group B), so I eliminated that as a trigger.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote