/gist:65ede8f58438544afab6

## gistfile1.txt
See: http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html

What this customer feedback tool actually does is update entries from the "event log" called "Lenovo-Customer Feedback".
If you open the Event Viewer you will see entries with a large hexadecimal string. This string is simply the text representation of the bytes of a gzip compressed xml file.

The contents of this XML file looks like this:
<root>
  <events>event1</events>
  <eVar20>Open</eVar20>
  <visitorID>aca1232d265941f7ae2259e402ab350c</visitorID>
  <eVar1>aca1232d265941f7ae2259e402ab350c</eVar1>
  <eVar2>N</eVar2>
  <eVar3>System Update</eVar3>
  <eVar4>2015-09-23</eVar4>
  <eVar5>5.7.0.6</eVar5>
  <eVar8>20AL00FGMH</eVar8>
  <eVar9>Think</eVar9>
  <eVar10>ThinkPad</eVar10>
  <eVar11>X240</eVar11>
  <eVar12>Windows 7 Professional</eVar12>
  <eVar13>US</eVar13>
  <eVar14>en</eVar14>
  <pageName>System Update</pageName>
  <timestamp>09-23-2015 19:54:13 PM</timestamp>
  <reportSuiteID>lenovoappssystemupdateprod</reportSuiteID>
  <serverUrl>http://lenovoappssystemupdateprod.112.2o7.net/b/ss/lenovoappssystemupdateprod/6</serverUrl>
  <assemblyName>Lenovo.TVT.CustomerFeedback.InnovApps</assemblyName>
</root>

The value aca1232d265941f7ae2259e402ab350c is a unique ID created for the Lenovo application for the user running it. This key is stored in the registry at:
HKEY_CURRENT_USER\Software\Lenovo\MetricCollectionSDK\UserAppIDs
Removing it will give you a new key when events are logged.

The server URL is the server where this data will be posted to. The kind of things logged appear events for the various Lenovo tools, like starting and which Lenevo system update you installed. (Along with data about your hardware/OS).

Logging of events is also controlled via the the registry at:
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\MetricCollectionSDK\ReportSuites
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\MetricCollectionSDK\ReportSuites
You can change the "ReportMetrics" setting for each entry to disable it, but I do not know for how long as this data might be overwritten when a new MetricCollectionSubscription.xml file is downloaded from the Lenovo servers (this is stored in C:\Users\USERNAME\AppData\Local\Lenovo\MetricCollectionSDK )

There is also a unique machine id stored at:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\Customer Feedback
This one is generated when it does not exist, and is included in "Lenovo-Customer Feedback" event entries for OmnitureSiteCatalyst. I do not know when these event entries are created .
These entries contain XML data like this:
<root>
  <visitorID>10e7794c7d254b4784e77df5c37963e7</visitorID>
  <eVar12>224d213ffaa14c5aa0d638b2e3a19c72</eVar12>
  <reportSuiteID>lenovotvtlenovosolutionscenterprod</reportSuiteID>
  <serverUrl>https://s.lenovo.com/b/ss/lenovotvtlenovosolutionscenterprod/6</serverUrl>
  <sc_xml_ver>1.0</sc_xml_ver>
  <pageName>lsc</pageName>
  <timestamp>2015-09-12T21:35:09.2631913+02:00</timestamp>
  <events>event11</events>
  <eVar1>20AL00FGMH</eVar1>
  <eVar2>2.8.005</eVar2>
  <assemblyName>Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst</assemblyName>
</root>

So the collected data looks mostly harmless and somewhat anonymous, as far as posting data to a website with a stored ID can be considered harmless.

You can disable the uploading of the data by simply disabling the scheduled tasks. And of course you can try to disable the event logging completely by updating the registry.
	See: http://www.computerworld.com/article/2984889/windows-pcs/lenovo-collects-usage-data-on-thinkpad-thinkcentre-and-thinkstation-pcs.html

	What this customer feedback tool actually does is update entries from the "event log" called "Lenovo-Customer Feedback".
	If you open the Event Viewer you will see entries with a large hexadecimal string. This string is simply the text representation of the bytes of a gzip compressed xml file.

	The contents of this XML file looks like this:
	<root>
	<events>event1</events>
	<eVar20>Open</eVar20>
	<visitorID>aca1232d265941f7ae2259e402ab350c</visitorID>
	<eVar1>aca1232d265941f7ae2259e402ab350c</eVar1>
	<eVar2>N</eVar2>
	<eVar3>System Update</eVar3>
	<eVar4>2015-09-23</eVar4>
	<eVar5>5.7.0.6</eVar5>
	<eVar8>20AL00FGMH</eVar8>
	<eVar9>Think</eVar9>
	<eVar10>ThinkPad</eVar10>
	<eVar11>X240</eVar11>
	<eVar12>Windows 7 Professional</eVar12>
	<eVar13>US</eVar13>
	<eVar14>en</eVar14>
	<pageName>System Update</pageName>
	<timestamp>09-23-2015 19:54:13 PM</timestamp>
	<reportSuiteID>lenovoappssystemupdateprod</reportSuiteID>
	<serverUrl>http://lenovoappssystemupdateprod.112.2o7.net/b/ss/lenovoappssystemupdateprod/6</serverUrl>
	<assemblyName>Lenovo.TVT.CustomerFeedback.InnovApps</assemblyName>
	</root>

	The value aca1232d265941f7ae2259e402ab350c is a unique ID created for the Lenovo application for the user running it. This key is stored in the registry at:
	HKEY_CURRENT_USER\Software\Lenovo\MetricCollectionSDK\UserAppIDs
	Removing it will give you a new key when events are logged.

	The server URL is the server where this data will be posted to. The kind of things logged appear events for the various Lenovo tools, like starting and which Lenevo system update you installed. (Along with data about your hardware/OS).

	Logging of events is also controlled via the the registry at:
	HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\MetricCollectionSDK\ReportSuites
	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\MetricCollectionSDK\ReportSuites
	You can change the "ReportMetrics" setting for each entry to disable it, but I do not know for how long as this data might be overwritten when a new MetricCollectionSubscription.xml file is downloaded from the Lenovo servers (this is stored in C:\Users\USERNAME\AppData\Local\Lenovo\MetricCollectionSDK )

	There is also a unique machine id stored at:
	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenovo\Customer Feedback
	This one is generated when it does not exist, and is included in "Lenovo-Customer Feedback" event entries for OmnitureSiteCatalyst. I do not know when these event entries are created .
	These entries contain XML data like this:
	<root>
	<visitorID>10e7794c7d254b4784e77df5c37963e7</visitorID>
	<eVar12>224d213ffaa14c5aa0d638b2e3a19c72</eVar12>
	<reportSuiteID>lenovotvtlenovosolutionscenterprod</reportSuiteID>
	<serverUrl>https://s.lenovo.com/b/ss/lenovotvtlenovosolutionscenterprod/6</serverUrl>
	<sc_xml_ver>1.0</sc_xml_ver>
	<pageName>lsc</pageName>
	<timestamp>2015-09-12T21:35:09.2631913+02:00</timestamp>
	<events>event11</events>
	<eVar1>20AL00FGMH</eVar1>
	<eVar2>2.8.005</eVar2>
	<assemblyName>Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst</assemblyName>
	</root>

	So the collected data looks mostly harmless and somewhat anonymous, as far as posting data to a website with a stored ID can be considered harmless.

	You can disable the uploading of the data by simply disabling the scheduled tasks. And of course you can try to disable the event logging completely by updating the registry.