According to a recent Reddit post, Dell has been shipping laptops containing a self-signed digital certificate and private key. This is reminiscent of what occurred earlier this year when the advertising company Superfish preloaded its software on Lenovo computers. Dell could face a consumer backlash very similar to the one Lenovo did.
The self-signed root CA named eDellRoot was discovered on a new XPS 15 by a user who was troubleshooting an issue. A private key was included with the root CA and although it was non-exportable it was easy to obtain a copy using NCC Group's Jailbreak tool. While discussing his discovery with another user it became clear that other laptops have been shipped containing identical root certificates and private keys.
When approached with the issue, Dell responded that it takes the security and the privacy of their users very seriously and are not in the habit of bundling bloatware with its systems. The company is very strict in regards to limiting the number of applications that are preloaded onto its machines. Dell also screens the software that comes preinstalled to ensure that it meets the criteria for usability and security. The company has assembled a team to investigate the matter and also has engineers looking into it as well.
Dell has responded quickly to the allegations made against the company to avoid being cast into the same negative light that Lenovo was following the Superfish scandal. One of the main differentiators between these two events is that the certificate was issued by Dell itself and not even by a third party. There is also no indication of the purpose which this certificate even serves.