arguably? That's orders of magnitude worse

Well, I dunno. In one case Superfish can see all your data and store it on their servers, in the other case _anyone on the internet_ can spoof any site (as soon as someone extracts the key). Either way is pretty bad.

But proxying all traffic from all Lenovo laptop owners through a third-party server without someone immediately noticing a problem is just not feasible, so I think we can assume that's not what they're doing.

Are you sure? Android Chrome proxies all non-HTTPS traffic through a third-party server, by default. So it isn't like the traffic volume is impossible.

It's not by default, you have to enable it.

https://support.google.com/chrome/answer/2392284

Yes but that's Google. I'd be surprised if Superfish had resources like that, or could generate that much traffic from their servers and not be noticed (by, say, Google). I could be wrong.

Superfish might have "benefactors" with deep pockets who want a scapegoat who won't squeal on them.

Wow, really? I never knew that and some googling didn't find any decent sources. do you have one?

Many thanks, easy when you know the right keywords >.<