Lenovo knows my OS?

Depend on manufacturer

windows boot manager

Windows Activation Code in here is digital OEM key

Extensible Firmware Interface

I think the answer could be much simplier. Assuming you didn’t conceal your IP address when ordering. Then, after the Qubes were installed, you browsed Lenovo website, or other websites associated with Lenovo, or maybe even Google and they shared this information with Lenovo. I’m just guessing here.

They fingerprinted your browser, and concluded that you are running Linux. Check out https://coveryourtracks.eff.org, and you will see how much information they can collect from your computer. Since a web browser running on Qubes OS is actually running in a context of one specific qube, it would appear to them that you are using Fedora Linux (assuming you used the default template). This is probably why they think you are running on Linux. How do they know its the laptop they shipped, and not some other hardware? There is enough hardware information collected by fingerprinting to have high level of certainty about this: screen resolution and color depth, graphics device params, and audio device params, to name a few.

I don’t work for Lenovo, so I don’t know how they did it, but combined with the fact that Windows installation never reported back to them, I’m not shocked that they reached the conclusion they did.

not so true
yes they can know you running fedora but very low chance they know you running lenovo laptop, even if that false and they know you running lenovo, they don’t know who that
they might know you after a period of time

correct

totally yes if you use default browser and not harden it, https://www.deviceinfo.me/

I’m fairly certain I had not visited lenovo or even used a browsing qube before getting the email

so how do you know that you received an email

Phone, but also the laptop isn’t my only form of accessing the internet

As with many such reports, there just isn’t enough detail here to draw
any conclusions.
“I’m fairly certain…” isn’t enough.
The original report seemed to lay emphasis on not having signed in to
any websites, or perhaps not having connected to the internet at all: it
isn’t clear to me.

I’m not saying that there isn’t a back door in all lenovo machines that
phones homes reporting on .
It’s just that the detail here, or lack of it, makes that less likely as a conclusion.

I do not know where OP is based. In some jurisdictions you would be able
to ask for details of all information that the company hold. You could
also ask directly, in a formal request, for an explanation of the email,
and keep escalating until a reply.

1 Like