Bambu Labs' 3D Printer 'Authorization' Update Beta Sparks Concerns

Slashdot reader jenningsthecat writes: 3D printer manufacturer Bambu Labs has faced a storm of controversy and protest after releasing a security update which many users claim is the first step in moving towards an HP-style subscription model.
Bambu Labs responded that there's misinformation circulating online, adding "we acknowledge that our communication might have contributed to the confusion." Bambu Labs spokesperson Nadia Yaakoubi did "damage control", answering questions from the Verge: Q: Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network?

A: For our current product line, yes. We will never require a subscription to control or print from our printers over a home network...

Q: Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

Yes...
Bambu's site adds that the security update "is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware."

Hackaday notes another wrinkle: This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that's supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key... As the flaming wreck that's Bambu Lab's PR efforts keeps hurtling down the highway of public opinion, we'd be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing.
The Verge asked Bambu Labs about that too: Q: Does the private key leaking change any of your plans?

No, this doesn't change our plans, and we've taken immediate action.
Bambu Labs had said their security update would "ensure only authorized access and operations are permitted," remembers Ars Technica. "This would, Bambu suggested, mitigate risks of 'remote hacks or printer exposure issues' and lower the risk of 'abnormal traffic or attacks.'" This was necessary, Bambu wrote, because of increases in requests made to its cloud services "through unofficial channels," targeted DDOS attacks, and "peaks of up to 30 million unauthorized requests per day" (link added by Bambu).
But Ars Technica also found some skepticism online: Repair advocate Louis Rossmann, noting Bambu's altered original blog post, uploaded a video soon after, "Bambu's Gaslighting Masterclass: Denying their own documented restrictions"... suggesting that the company was asking buyers to trust that Bambu wouldn't enact restrictive policies it otherwise wrote into its user agreements.
And Ars Technica also cites another skeptical response from a video posted by open source hardware hacker and YouTube creator Jeff Geerling: "Every IoT device has these problems, and there are better ways to secure things than by locking out access, or making it harder to access, or requiring their cloud to be integrated."

Requiring cloud access..

[MpVpRb]

...for ANY tech product sucks.
While it may be true that the cloud can be useful in some cases, local operation must always be possible.
The cloud is a trap.
Run away.

Re:

[buck-yar]

Another bait and switch is how a software receives "updates" but these software modifications can sometimes remove features or be what the user considers downgrades. Under the guise of security and fixing issues, nearly full control of the software has been handed to another party. Some systems allow updates to be optional but others are removing the choice from the user, like Windows. Its conceivable some changes to the software benefit the software company but not the customer. With the customers's recour

Re:

[JustAnotherOldGuy]

After you 'upgrade' the Bambu Labs firmware, it's over- you cannot downgrade or revert the firmware to a previous version, period.

This isn't my opinion, that's direct from Bambu Labs own release notes.

It's a one-way 'upgrade' where you literally hand control of your printer to them and their cloud 'service' from here on out.

Re: Requiring cloud access..

[beelsebob]

It was also never billed as a beta test, until they realised how badly theyâ(TM)d fucked it. I didnâ(TM)t trust them much before after they came out with printers that heavily relied on the open source work of others and tried to pass it off as their own. I donâ(TM)t trust them at all now.

What if I told you...

[HotNeedleOfInquiry]

The Cloud is just someone else's computer.

Re:

[thegarbz]

My question would be how well that computer is run. Yes we all know the cloud is someone else's computer, that's one of the selling points of it. It's a stupid meme that ignores the whole point: - outsourcing, often to someone who is more capable than you.

I am capable. I don't use cloud apps, but I was the first to recommend my father use Google Drive because his existing backup strategy was just outright dangerous, and a cloud sync is better than nothing - even though it's not a proper backup. My own empl

Zeroing in

[marcle]

"There, I think we've got our toes in the crosshairs -- ready, aim, fire!"

Full Refund

[bill_mcgonigle]

First they "require" a cloud sign on, next they require accepting the new ToS to "continue using the product" and that new ToS requires submitting to binding arbitration of the company's choice, in person, in their location and waiving rights to the Warranty Act.

Reportedly the way Australia dealt with this is you can pull this shit but the purchaser can demand a full refund and refusing gets you huge penalties.

Maybe just don't be a dick.

Always remember...

[NewtonsLaw]

Bambu Lab (like most corporations) is *NOT* a charity nor a philanthropic organisation. Its goal is to make money. Their own interests will always outrank the interests of the customer.

A healthy cynicism should be maintained at all times and decisions made by the consumer accordingly.

Re:Always remember...

[Mr. Dollar Ton]

That's why you need

a) regulations that remove the option of the company to change the contract after the sale and

b) open hardware/software for 3D printing, which is completely possible in this case, as these produce only filament 3D printers.

Healthy competition carried out by a well-regulated industry being necessary for the prevention of product enshittification, the power of the corporation to influence market structure or regulation should be removed ;)

Re:

[CalgaryD]

Unfortunately, all regulations are controlled by bureaucrats, who are also humans and may have their own interests.

Re:

[Mr. Dollar Ton]

Unfortunately, all regulations are (and have been for a while) controlled by corporate interests who have stuffed them with bureaucrats that they own, because we let them to.

Institutionalized corruption is now the norm, and humans, bureaucrats or else, and their own interests have zero bearing on policy.

It has always been very hard to fight it, but now it is completely impossible, what was an art of subverting democracy is now a fully developed, effective and well financed technology that is unstoppable.

A b

Re: Always remember...

[beelsebob]

Yes, the point here is that theyâ(TM)ve entirely misjudged what is in their own interests. They thought they could extract more cash and restrictions from every user, but didnâ(TM)t realise that they were still vulnerable to the 3D printing community generally still being pretty tech savvy, even if they did make a good step towards printers that âoejust workâ.

Bambu are so far ahead

[ickleberry]

They are so far ahead of the competition that they have built up a "head of steam" that they can eat into in order to implement enshittification (DRM, Vendor lock in) and people will still buy their products.

You need huge market share, vast technological superiority or a well sewn-up cartel in order to be able to pull these things off. If Bambu successfully steamrollers the other manufacturers everything will be cloud, they'll only print from bambu spools and they'll upload every gcode to China to make sure you're not printing anything that insults Xi Jingping & the CCP. Also DRM'ed models will become a thing.

Re:

[CAIMLAS]

"So far ahead"?

I'm not an expert in the field, but how is this anything but fanboy propaganda? I've not been able to identify anything Bambu does which can't be beaten by Prusa.

You can cover 90% of what both manufacturers can do -at a lower speed- for $300 from Flashforge or Creality.

It's not exactly a saturated market but it wasn't until this whole fiasco that I'd even heard anyone mention something positive about Bambu.

Re:Bambu are so far ahead

[caseih]

I've been 3D printing for years and I can confirm that Bambu is indeed way out ahead of nearly everyone. Prusa has quality printers and they charge a lot for them. Bambu's printers are fast, tuned, and turn key. Their core XY printers are way faster than a Prusa Mk 3 or 4 at just as good print quality. The A1 is a bit faster than the Prusa bed slinger too. And Bambu supports multiple materials with the AMS at a fraction of the price of the Prusa XL (which is a fantastic printer now that they are getting the bugs worked out). I use the AMS all the time, even though I rarely do multi-color prints. It's fantastic for automatically unloading and loading filament. I can easily change between PLA, PETG, and ABS just by loading the right spool into the AMS and hitting print. This is a killer feature for me. Other printers are catching up now, such as ones from Qidi, Creality, and others.

Before the controversy, if someone said they wanted to try a 3D printer I'd have recommended the Bambu A1 with AMS lite without hesitation. I probably still recommend it. But I am closely watching Qidi and Creality with their new offerings including core XY and automatic loaders.

I don't really have issues with the cloud connectivity. It makes for a fantastic print experience. I can send prints from anywhere and watch them as well. Helpful when I have three or four workstations that we print from. But if I lose the ability to use OrcaSlicer, then I'm very unhappy indeed.

Meanwhile my Bambu X1C gets regular use. Some recreational prints, and lots of practical parts for around the shop and farm. Totally revolutionized 3D printing for me.

Anyway it's a pretty widespread sentiment in the 3D printing community that Bambu got pretty far out ahead, at least for a while.

Re:

[caseih]

Modded flamebait? Really? Oh wow.

Re:

[WarlockD]

Yea I have to agree with that settlement. Qidi and Creality, while not really bottom of the barrow, requires quite a bit of community support when things go wierd. You do have Ultimaker out there, but they seem to hunt for the high end market, priced WAY beyond what Prusa did and with less features. Prusa just works out of the box but the style is a bit older.

Then you look at the Bambu and out of the gate its flying. Take it out, put it down and print WITH the AMS. It shows the market had been waitin

Re:

[Racemaniac]

Give a bambu & a creality to your mother, and observe the difference.

Technically there is little difference, practically one is made to be usable by everyone, and the other is more for enthousiasts.

Bambulab is the first brand 3d printer enthousiast dare to recommend to people who want to just print stuff, and don't care how the machine works.

Re:

[ctilsie242]

I wouldn't say they are that far ahead of the competition. The one thing they have over the other guys is the AMS. This is a system that is compact, reliable, and for most people, "just works". Yes, it uses a lot of filament when changing from one color to the other, but for what people do, that is an adequate trade-off.

Before that, there is the Prusa MMU2 and MMU3, but to get those working takes some time and effort, perhaps hours to get it working as per some YouTubers, and you have to still position r

Re:

[JustAnotherOldGuy]

Stop spreading your fanboy FUD.

They are most definitely not "so far ahead". There are lots of printers out there that are easily as good or better than Bambu.

Yes, Bambu makes a decent printer, but there are no compelling features that aren't available elsewhere.

If you believe there are, then tell us, what feature does Bambu have that other manufacturers don't have? I'm not aware of any. Maybe you could name one or two of them for us?

The fact is that Anycubic, Phrozen, Elegoo, Prusa, Formlabs, etc etc all ma

Re:Bambu are so far ahead

[caseih]

Spoken like someone who's had zero experience with the Bambu printers. I have bought an X1C and I use that printer now way more than my older printer. It's literally more than three times faster and higher quality prints. So now I can more quickly do up a quick design and iterate it a few times in the time it used to take me to do one print. It's a turn-key tool now, not a toy. The GUI walks you through maintenance (lubricating the ball screws mainly) and troubleshooting. It's just a very polished experience, aimed at someone that just wants to print something. The AMS has made it simple and fast to change filaments. I print the PLA prototype, iterate it, then switch to PETG or ABS for the production print. All without touching the printer. This was the big deal for Bambu originally. Others are now catching up which is a good thing.

I have no particular feelings one way or the other for Bambu the company. The X1C has been the best printer I've ever used to date. Hope that changes in the future with competition.

One thing's for sure I'm hard pressed to go back to a bed slinger after using CoreXY.

If you want to heavily mod and tweak your printer, then no, Bambu isn't for you. If you run a build farm, Prusa is still an excellent, albeit expensive choice.

Re:

[JustAnotherOldGuy]

True, I have no direct experience with Bambu printers and still I'm glad I never got one.

Enjoy printing whatever they let you.

Re: Bambu are so far ahead

[beelsebob]

âoeSo far aheadâ. In what way? A Prusa Mk4 will do everything an X1 Carbon will do, as will almost every other respectable brand of FDM printer.

Re:

[hjf]

lol imagine comparing a mk4s, a bedslinger to the x1c, a corexy, and claiming both are the same.

Re:

[beelsebob]

I know right... The Mk4s prints about 20% faster than the X1C, that's almost in a whole other category.

Re:

[ickleberry]

In terms of cost and consumer "just works" friendliness.

Re:

[beelsebob]

How so? You pull the printer out the box, you run through the steps on the screen, you slice your model with a very similar slicer, and it just prints. In what way is the Bambu lab better? A Mk4s and an X1C cost about the same cost, and have about the same capabilities.

Re:

[Khyber]

Bambu fucking sucks. Every hinge this one company prints for me using their Bambu printer delaminates, no matter the filament or heat settings.

Meanwhile, my on-sale-then $99 Anycubic Photon Mono 3D Resin printer prints the same hinge STL, and it doesn't fucking delaminate or shatter.

Hmm.

Re:

[caseih]

Comparing a Resin print with a Bambu FDM print is an apples to oranges comparison though. SLA and FDM are quite different in terms of material properties and strength being affected by the printing process. In fact you would want to design differently for the two processes.

That said, fast FDM printing does have some drawbacks in terms of strength. Normally I design around the strengths and weaknesses of FDM. Also you don't state what material they printed with. Living hinges made of PLA are not great.

Re:

[Khyber]

"no matter the filament or heat settings"

I very explicitly state what material is used. All of them which are feasible to use for making hinges that can hold a lightweight 8x10 acrylic tooled clamshell test jig together.

Simply put, heat-bonded crap is not as good as molecularly-bonded crap unless you're 3D printing dildos.

Re:

[serviscope_minor]

Hey sig stalker! Are you ever going to let me know what you're so sore about that you decided to put me in your sig. Who on earth is Jessica Price?

Re:

[Khyber]

God your memory sucks, because I've told you plenty of times afterwards and you've apparently forgotten all the simping you did for her during Gamergate.

Brainless as always. No wonder you're stuck simping instead of getting laid.

Re:

[serviscope_minor]

Gamergate?! You're still holding a torch for a decade old harassment campaign?

This is absolutely precious. I don't need to know who Jessica Price is, and honestly, I don't much care. Apparently I've been living rent free in your head for 10 years simply for being against a campaign of harassment and abuse. You know what I'm cool with that and you have told me all I need to know.

'Beta' doesn't help.

[fuzzyfuzzyfungus]

It's not a surprise; but invoking the "it's just a beta" in response to concerns about the objective and design of a piece of software seems like deliberate obfuscation.

If it's beta-ready you've already nailed down what you want it to do and how you want it to do it; just not necessarily squashed all the bugs or filed off every rough edge. If they hate the beta because it's buggy then by all means remind them that it's a beta; but if they hate the beta because they are against what it seeks to do the fact that it's a beta is irrelevant.

Re:

[3vi1]

Agreed. Beta means "this is our intended direction".

Acting like "It's just beta" is any defense against the architecture is just insulting. Beta is only an excuse for bugs, not an implementation design that's brazenly anti-consumer.

As someone who knows a little about 3D printing

[JustAnotherOldGuy]

As someone who knows a little about 3D printing, my advice is to NEVER by a Bambu Labs printer.

They've *already* shown you, the user, that your needs and preferences don't mean jack shit to them, so why in the world would you patronize and encourage them?

I almost bought a Bambu printer but ended up going with an M5s from Anycubic (which I'm very happy with so far).

All of Bambu's 'explanations' and their hand-waving doesn't change the fact that they ARE locking down their printers and you WILL lose functiona

Re:

[caseih]

The M5s is an SLA printer. Bambu's printers are all FDM (thus far). Different materials, different slicing, different design strategies, completely different hardware. Difficult to compare them.

Personally I just don't want to deal with the multi-step SLA process and the toxic resins and all the solvents. So I stick with FDM. But some day I will also buy an SLA printer.

Re:

[JustAnotherOldGuy]

You're correct, but in terms of them locking down their firmware, it's a distinction without a difference.

The thing is that it's running on their firmware. I have no doubt if they ever make a resin printer it'll be locked down from the start with no hope of redemption.

And yes, the purchase of my (SLA) printer was a crossroads-moment of deciding whether to stay with FDM or move to SLA; Bambu was one of the manufacturers whose printers I looked at for the FDM side of the argument. (I knew nothing about their

I considered Bambu, but avoided them

[Pravetz-82]

Year an a half ago I was looking for good 3d printer, having played around with one 9-10 years ago.
Bambu was all the rage at the time with their X1C and P1S. I liked how reliable they were in reviews, but I didn't like how hard they were trying to push you to use their cloud. The thought of handing over your models to someone out there didn't sit right with me and I decided to pass on Bambu. I was sure it was just a matter of 'when', not 'if' they were going to pull something like this.
I got Qidi X-Plus

Still customer friendly.

[Truekaiser]

Considering all core functionality still works while offline. it's very consumer friendly.
Especially when you factor in what they give you, compared to the steps and the time it would take to roll an equivalent setup on your own.
Not an exhaustive list but just off the top of my head;

1. Buy a creality or other cheaper Chinese printer compared to the higher end Chinese bambu lab, or a prusia if you have money to burn.
2. Spend just about as much on the printer, especially if it's an ender 3 or clone of that, in upgrade parts and weeks worth of time. Assuming you need to learn the small electronic skills to upgrade the printer. All to get it to the level of quality on a bambu lab.
3. Learn a bit of low level assembly language so you can compile and install Klipper, either to replace their non compatible one for what you want to do version, or marlin.
3A. Have a good chance the SOC that runs the printer can't support Klipper or the version you need. necessitating all the other parts you would need to change to run the board. better psu etc.
4. Buy, somehow in this supply strained market at 'least' a raspberry pi 4(5 is preferred, you're going to be running a 'lot' on this).
5. Learn how to install hats onto the pi. You'll need one to connect to your printer. And one focused around home automation, specifically cctv. and one for storage that's faster than the microsd card.
6. learn how to install and administer a raspberry pi os, you're now on the hook for all the software and security updates. After all, you don't want some random internet user making your printer print dildos or crash the motors.
7. Install and learn how to use Octoprint, and the various plugins you will need to duplicate functionality. You're again on the hook time wise to keep it and the plugins up to date and working.
8. Buy one of those remote webcam's that 'do not' require a connection to their cloud to work. Buy a large ssd and the needed hardware to connect to your pi.
9. Set up a webserver on your pi so you can point a phone's web browser to see the camera feed. and the webserver plugin for octoprint so you can control it remotely.
10. Pray to whatever gods or higher beings that your jenga tower of software and hardware projects work. Spend about a week every month fixing it.

Or

Spend about 500 to 1000 and get it all in one package that just works.

Re:

[hjf]

Considering all core functionality still works while offline. it's very consumer friendly.

Fuck you, shill.

You are literally saying "STILL" works while offline. Guess what: "it MAY not" in the future. And "MAY" means "WON'T". We see this all the fucking time with companies nowadays. Lifetime subscriptions suddenly cancelled, "bought" movies deleted from your collection, and printers that stop working with the subscription ink when you cancel the subscription.

Spend about 500 to 1000 and get it all in one pack

Re:

[caseih]

No one is forcing you to buy a Bambu printer! My word. The strong reactions here are very strange. Particularly from people who don't seem to do any 3D printing.