HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.

There's no way.

[Anonymous Coward]

It's 5:36PM as I write this, and this posted at 5:30PM. And yet I see no comments.

So, the fascist douchehammers stepped back.

[Anonymous Coward]

Interesting. I like the hurt tone of the press release. "We're just trying to protect you from your cheap piratatical impulses. You could catch something horrible from those illegal immoral filthy aftermarket cartridges, and when you buy one of those things your money goes straight to ISIS' Fund for Killing Adorable Puppies. But whatever, you cretinous monkeys, if you want to hate Freedom and break all the laws of Nature and This Great Country, go ahead and download this new firmware. Download and be damned!"

Re:

[Anonymous Coward]

I love this contorted verbiage...

" For customers who don't wish to be protected from the ability to buy less expensive ink cartridges"

Oh please protect me from the ability to sav3e money !

Re:

[Anonymous Coward]

That was added by the editor or the person who submitted the story. Notice that it is outside the quotes.

Re:

[Big Hairy Ian]

Isn't it about time someone came up with a printer that isn't based around proprietary rip off cartridges! The sooner HP cease to be the better

Re:

[plover]

Isn't it about time someone came up with a printer that isn't based around proprietary rip off cartridges!

You mean someone like Brother, or Canon? I have never bought a printer from either company that had a DRM-chipped ink tank.

I stopped buying Epson printers when they came out with chipped ink tanks. And I have never bought HP printers because their older Windows drivers were always heinous pieces of crap, and by the time they figured out that drivers shouldn't cause clumsy on-screen popup dialogs, they had added chips to their cartridges.

That said, I've never had good luck with refills or third party ink, s

Thanks, HP

[Opportunist]

But I think we can brave the perils of untested ink, we will chart for you the untested waters of that dangerous substance that mortal men (and HP engineers, obviously) don't dare to touch, we shall make it our mission to ensure that these nefarious cartridges and ink tanks shall not remain on the shelves, for we will drain them, use and abuse them, test them to the limit, so no longer you have to endure the dangers of untested ink in your printers.

No, there is no need to thank us. That's our gift to you, our beloved maker of printer hardware. This is brand loyalty!

(tl;dr: HP, don't try to out-bullshit internet users, we are better at this than even your marketing department)

BOOM!

[Daetrin]

To be fair, Samsung also makes ink cartridges. It's possible that HP just cast the safety net a little too wide.

Best Customer Experience

[Thelasko]

That's quite some spin they put on it. If only the invested as much money in their products as their PR.

The only thing "protected" is profit

[Dr_b_]

If you didnt spend so much $ on putting security chips in your ink cartridges then maybe you could sell them for less $. Ink is a commodity, if someone wants to put generic ink in their machine, it should not be an intellectual property crime to do so, but since you sell the printers at a loss and make all of your $ on ink sales, maybe you need to rethink your business model. What's next people? Coffee machines that prevent you from using your own coffee that didn't come from the manufacturer of the coffee machine?

Re: The only thing "protected" is profit

[Anonymous Coward]

Funny you mention coffee. Take a look into Keurig's business model.

Re:

[justthinkit]

"Make the world's worst cup of coffee so that people stampede to better coffee [peetscoffee.com]?"

Re:

[Anonymous Coward]

Whoosh.

Re:

[FlyHelicopters]

What's next people? Coffee machines that prevent you from using your own coffee that didn't come from the manufacturer of the coffee machine?

Yea, that'll never happen...

Oh crap, wait a minute...

Re:

[DidgetMaster]

I really question if HP sells printers at a loss. They are often cheap enough that I don't think they make much profit from the printer itself, but I wonder if they really suffer a loss when someone buys one and never uses it.

Re:

[Anonymous Coward]

exactly. there is no "infringing" on their "IP" when someone services and refills a "genuine hp ink cartridge". they made the fucking thing in the first place.

hp is prohibited from denying warranty coverage if someone uses a third-party consumable (ty magnuson-moss [wikipedia.org]), so they should also be prohibited from rigging their products to reject them; just like automakers do not and cannot restrict what brand of consumables (oil filters brake pads etc) you can use in their cars (iirc that was what triggered lawmake

Re:

[evilviper]

What's next people? Coffee machines that prevent you from using your own coffee that didn't come from the manufacturer of the coffee machine?

You mean K-cups? Yeah, Keurig sure tried...

Re:

[mwvdlee]

Ink these days is a commodity in the way that when my ink runs out, it's cheaper to buy a new printer instead.

Re:

[AUX4Ever]

What's next people? Coffee machines that prevent you from using your own coffee that didn't come from the manufacturer of the coffee machine?

They already have those, its called K-Cups.

"New company?"

[Man On Pink Corner]

HP engineers the best and most-secure printing systems in the world. We strive to always provide the highest-quality experiences for our customers and partners. As a new company, we are committed to transparency in all of our communications and when we fall short, we call ourselves out.

WT actual F?

HP was "new" in 1939 when they sold audio oscillators to Walt Disney to help develop the sound systems needed for Fantasia. Learn your history, dweeb. If Fred Terman could see your company now, he'd kick Bill Hewlett and Dave Packard out of EE school and then shoot himself.

There's a reason why the very first verb in the very first sentence of the Wikipedia article [wikipedia.org] on Hewlett-Packard is "Was."

Re:"New company?"

[Solandri]

If Fred Terman could see your company now, he'd kick Bill Hewlett and Dave Packard out of EE school and then shoot himself.

FWIW, Bill Hewlett and his son fought tooth and nail against gutting HP of everything except the computer and printer businesses, and the merger with Compaq. (Dave Packard died in 1996 before these shenanigans began.) They lost. The board and Fiorina won, and "succeeded" in turning HP from a high-tech company into a computer/printer parts reseller (buy tech developed by other companies like Intel, Samsung, Nvidia, and assemble them into a computer to sell to the general public).

Re:

[Man On Pink Corner]

It'll make a good movie someday. They just need to start filming it before Christopher Lee dies, because it's hard to imagine anyone else playing the role of Carly Fiorina.

Wait, what? He's already dead? Even better. The producers can cut a deal with Satan to reanimate him for the duration of the shoot. He won't even have to act, just lurch around aimlessly and stink up the building.

Re:

[Anne Thwacks]

They just need to start filming it before Christopher Lee dies, because it's hard to imagine anyone else playing the role of Carly Fiorina.

Come on, that role would justify raising Lon Chainey Jr from the dead! (Or just maybe, undead?)

Re:

[Grishnakh]

They could just get Carly to play herself. It looks like she's jobless right now anyway, so maybe she'd like a new gig.

Re:

[unixisc]

Actually, HP had already started changing before Carly's entrance, since they had already spun off Agilent and KeySight, which made the things that made HP HP.

Re:

[darkain]

The old HP company split into two "new" companies: HP Inc. [wikipedia.org] and Hewlett Packard Enterprise [wikipedia.org], so yes, on an exaggerated technicality, it is indeed a new company.

Re:

[Man On Pink Corner]

I'm using the same name they're using in their press release: "HP."

This argument is reminiscent of the case against blaming Sony for the rootkit they distributed on audio CDs, on the grounds that it was actually their BMG subsidiary that did the dirty deed. Sorry, but publicity doesn't work that way. You put your name and corporate logo on the product, you get the credit and the blame.

Re:

[Man On Pink Corner]

So, to you, a company is precisely as much as its branding?

I don't know if you're familiar with the term "goodwill," but this is an example of it. Without the HP name and logo, would this chickenshit outfit be worth anything at all?

Re:

[unixisc]

Looks like HP, Inc. is new under this definition. Not technically inaccurate, since it would have been new had they changed the name, like w/ Agilent or KeyStart.

Great response. NOT.

[JustNiz]

An optional temporary solution for certain OfficeJet printers?
Wow thats big of them.
I'm VERY glad I already broke a long-time habit and chose other than HP for my last printer purchase. With this kind of response from HP I will actively avoid ever buying another HP product.

Re:

[Obfuscant]

An optional temporary solution for certain OfficeJet printers?

An optional update that will fix the problem permanently for the printers in which it became an issue. I don't know why the word "temporary" applies. Software updates are not "temporary" fixes.

Yeah, if you're stupid enough to apply MORE updates after this one, then this fix will be temporary. If you say "please change my printer software" then you deserve to have your printer software change.

Re:

[swb]

It wouldn't surprise me if the full consumer install on these printers has a "keep my printer software up to date" opt-in selected along with "spam me with offers" and "upload my information to HP and our partners every hour".

It also wouldn't surprise me if they mean this to be a temporary solution for the average consumer -- OK, add this firmware, use up the remaining third party ink, and in 4 months we'll issue a new auto-installed firmware which makes them unusable again.

Re:

[Obfuscant]

and in 4 months we'll issue a new auto-installed firmware which makes them unusable again.

You are ignoring the context. We've just had an "update" prevent the use of third party inks, and people are going to install an optional update that puts things back to the way they were.

In other words, these are users who are unhappy that their printers stopped doing what they wanted them to after an HP update, and who have manually installed an optional update to fix that. They have been burned once by updates and have taken specific action to undo one of them. If they then continue to automatically ac

Re:

[Obfuscant]

Fool me twice, shame on ME.

Re:

[mwvdlee]

You assume all users affected by the bug HP introduced are aware of the fix.
How about users who are still using HP ink today but who will be buying non-HP ink tomorrow?
Most users won't even know what a firmware is, let alone understand it can be updated. Not even mentioning that it can be updated optionally.
HP didn't really fix the problem at all; the non-optional update is going to screw users for years to come.

Re:

[rihac]

Thats the problem, most people dont realize that automatic updates are already switched on and not everyone is clued up on technology to know what firmware even is unfortunately

HP to customers:

[Narcocide]

Sorry, we didn't realize any of you were smart enough to notice! LOL!

Cartridges

[Shadyman]

So from what I get from this is that some third party cartridges actually use HP chips (presumably from reels of chips sold to a re-manufacturer of cartridges so HP can track down the re-manufacturer/batch if Joe has a printing quality problem, or whatever) and some just clone whatever chip they found first (I'm picturing thousands of printers all reporting that they have cartridge with SN#2477751135432 installed and it amuses me).

I've seen some pretty convincing fake cartridges in my time that hold themselves out to be genuine, brand new in box units. That said, the firmware had previously said "This cartridge has been previously used or is non-genuine" upon insertion and you could click okay to continue.

I haven't read specifically whether self-refilled, store-refilled or store-bought third-party cartridges were affected, or whether this was just for cartridges bought from the usual suspects (some ebay sellers, amazon vendors, ali*, etc). Working in a big box store, though, I haven't yet had customers complain about it, though, so with my tiny sample size, I'm going to theorize that is the case.

!!!! Do not buy INK printers !!!!

[xose]

See "The Dirty Little Secret Of Inkjet Printers":
https://www.youtube.com/watch?v=ycD4XkUtbIw

Laser ones are cheap enough. Jus follow this page recommendations.
Top 5 laser printers for refilling:
http://www.urefilltoner.co.uk/test-lab-printer-reviews.html

Maybe my next printer won't be an HP

[lbates_35476]

I've been a loyal seller, fan, user of HP printers since the first HP Laserjet. This has made me pause to think perhaps my next printer won't be an HP. To HP: I don't need or require your protection. If I purchase a non-HP ink cartridge and it doesn't work properly, I'll get burned and will then purchase your cartridges. If I find that other (lower cost) cartridges work just fine, I'll use them and you will learn to be more competitive.

Just submit an official request form

[AlanBDee]

To get the update you'll need to submit a form. To get the form you'll have to walk down to HP headquarters. Go to the "display department" in the cellar and look for a disused lavatory with a sign that says, "beware of the leopard"

Inside you'll find locked file cabinet with the form to fill out.

Bring a ladder, flashlight and a towel, just in case.

It's that easy!

Re:

[Joe_Dragon]

the lights don't work down there and You are likely to be eaten by a grue

One time update?

[DidgetMaster]

What do you want to bet that the optional firmware gets reset whenever the printer checks for updates. Users who manage to wade through the steps to get the optional firmware (probably have to register to even get it), might find themselves needing to repeat the process many times.

Courage

[HideyoshiJP]

Y'know, I thought Apple had shown me true courage when they pushed headphones into the future for no good reason. HP showed me I didn't know what true courage was. I'm so impressed that they allowed customers to save some dough on third party ink cartridges like they were already doing on the printers they'd already purchased. They are so brave.

We'll allow you to wash off this fire hydrant,

[jenningsthecat]

but we're going to continue to piss on every other fire hydrant we sell you, repeatedly; and we will do our level best to make sure you can never wash our territory-marking stench off the product which you paid for, but which we continue to own. Because IP, because we're pissy little mutts with delusions of grandeur, because we'll do everything in our power to screw you if it fattens our bottom line, because we can, and because you let us get away with it.

You know, consumers still have tremendous power to s

They can't even hide it.

[The MAZZTer]

Before I get into it, I must admit it's not clear if refilled cartridges work or not. I think we have just some anecdotes that they don't but it could be isolated cases. So HP's claims there might have merit.

Now that that's over with, I want to draw your attention to this gem that caught my eye from HP's statements:

We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP,

This is amazing when you break it down. First of all you have this reasonable part:

We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges

So far so good. Without any context it seems a reasonable enough statement.

that

The use of "that" here, though, indicates they are talking about a specific subset of counterfeit or third party ink cartridges (or that they believe all of them fit the following criteria). This is where they shoot themselves in the foot I think.

do not contain an original HP security chip

So, in other words, they are requiring you to only buy cartridges with their DRM in order to ensure you only buy cartridges with their DRM. Great circular logic there. But the best part is next:

and that infringe on our IP,

Why do they infringe? Because big companies have lobbied for laws to give themselves more power when it comes to their IP, and its these laws that give HP the authority to do what they do (as opposed to laws that might protect creators of competitive products). So HP's reasoning here is because it's legal, they're gonna do it. So if you strip away will the corporate speak, their OFFICIAL statement is not too far from that they're doing it because they thought they could get away with it.

Re:

[rhazz]

The use of "that" here, though, indicates they are talking about a specific subset of counterfeit or third party ink cartridges (or that they believe all of them fit the following criteria). This is where they shoot themselves in the foot I think.

do not contain an original HP security chip

They are talking about the subset of counterfeit or third party ink cartridges that do not license or purchase an "original HP security chip" from them. If HP doesn't get a cut of the sale, they don't want it on the market. The whole "protecting their IP" is the real circular argument because that IP only exists to lock out competitors. It's K-cups all over again, but without the easy consumer work-around.

Re:

[radarskiy]

"The use of "that" here, though, indicates they are talking about a specific subset of counterfeit or third party ink cartridges (or that they believe all of them fit the following criteria). This is where they shoot themselves in the foot I think."

If there is no way for the counterfeit or third party cartridges to contain the authentication DRM then 'that' merely indicates a property common to the entire set, i.e. a property then usable to test for 1st party vs. non-first party. The use of 'that' only read

It's not a security chip!

[Anonymous Coward]

It's a fuck you chip to use any other cartridge or ink in 'your' printer.
The chip is largely a joke to the consumers and is purely for anti-competetive practices.

Fuck you HP

Dripping insincerity

[Anonymous Coward]

The press release on the HP website has to be the most contrived, insincere piece of corporate BS that I've ever read.

I think the fact that they would put out a release worded in that way just highlights the utter malfeasance of the decision that they made, and the excuses used - 'Security' (your printer cartridge is reading your documents!?) and 'Protection from using counterfeit cartridges' just stink of lawyers lining up their defense for a class-action suit.

And that line "Although only a small number of

Protect their IP?

[Beeftopia]

From the link: "HP said it will continue to use security features that "protect our IP..."

What IP is being protected exactly, by preventing consumers from using cheaper, third party ink?

They (again) got caught with their hand in the cookie jar and are dropping buzzwords to draw attention away from their anti-competitive practices.

Re:

[Obfuscant]

What IP is being protected exactly, by preventing consumers from using cheaper, third party ink?

None. But they're also making it harder to reverse engineer the IP they have in the cart by people who want to profit from HPs engineering without doing any of it.

Ink is not just water and black stuff. It has chemical and physical properties that the delivery system relies on. Use the wrong stuff and it doesn't work so well. It clogs, it drips, it smears on the paper. All things that people will blame the printer for when the ink is at fault.

I use fountain pens. They have no-tech cartridges that have a ni

Re:

[Grishnakh]

It isn't rocket science, but it also isn't just taking a bucket of carbon black and mixing it with water. The claim that there is IP involved is hardly ridiculous.

The claim that HP inkjet ink is *that* different from the inkjet ink used in all the competitors' products is, however, as is the claim that only HP could possibly make ink that works well in their printer.

Re:

[evilviper]

What IP is being protected exactly, by preventing consumers from using cheaper, third party ink?

That's why companies made-up the term IP, so they can make up any imaginary property they wish to claim they own. You can't conjure up patents/trademarks/copyright out of thin are, but "IP" you can just go crazy with.

"Optional"

[JustAnotherOldGuy]

"Optional" as in "We got caught and now we're going to try and pretend we're good guys by unfucking what we deliberately fucked up."

Why...

[ewhenn]

Serious question - why does your printer have access to the Internet? This is poor security protocol. Proper security is to drop traffic by default, white list what you need. You never truly know what your devices will try to do. As an example, I installed security cameras outside my home and linked them to a linux based PVR for the interface/recording. I noticed that my firewall was dropping tons of data from the IPs assigned to the cameras. A quick dump of the traffic uncovered all cameras trying to connect out to a pair of IPs hosted on amazonaws. I never asked or gave consent for this to happen. The same thing would go with a printer, I don't want it to have access to the Internet. The only thing I want it to do is to print pages I send to it. It doesn't need to update firmware unless I manually push it, in which case I'd have a pretty damn good reason - which wouldn't include limiting my ink cartridge choices. For reference, here is a data dump from one of those cameras.

master@EdgeRouter:~$ sudo tcpdump -i eth0 host 192.168.1.248
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:13:46.947684 IP 192.168.1.248.58611 > 192.168.1.1.domain: 895+ A? www.nwsvr1.com. (32)
22:13:46.948215 IP 192.168.1.1.domain > 192.168.1.248.58611: 895 1/0/0 A 54.247.103.91 (48)
22:13:46.996373 IP 192.168.1.248.33102 > 239.255.255.250.1900: UDP, length 421
22:13:48.191871 IP 192.168.1.248.14620 > ec2-54-245-98-57.us-west-2.compute.amazonaws.com.32100: UDP, length 4
22:13:48.192026 IP 192.168.1.248.14620 > 123.56.159.92.32100: UDP, length 4
22:13:48.192104 IP 192.168.1.248.14620 > ec2-54-217-201-148.eu-west-1.compute.amazonaws.com.32100: UDP, length 4


Do you want your devices to serve you, or do you want your devices to serve the device maker and their will? It might seem extreme to some but as far as I'm concerned the only sane thing to do is treat *every* device as hostile until you know otherwise, drop all packets with a hardware firewall by default, and only approve the traffic you want to go out.

Fine Print

[ThatsNotPudding]

"By installing this firmware, the user waives all rights to make warranty claims on the machine in perpetuity."