Data Security and Data Gathering


In another thread, the conversation veered a little off topic so this thread is being created to continue that conversation.

Point of contention:

Bambu’s data gathering and what could be occurring on the back end of that.

That’s an interesting take, but I doubt Bambu would spend millions on the infrastructure to put the data gathering in place. There needs to be a gain for Bambu to do that initial outlay for the servers, databases, switches, and routers. I agree, the info may have a value to the government (although I don’t feel they can leverage it as much as some believe), I just don’t see BBL footing the bill for the government to set up the data gather apparatus.

I do however, see BBL setting up the data gathering apparatus for their own gain. Not to steal your model data (although that has to be considered), but to improve their products. Similar to what Tesla did, this data transfer back and forth can aid the company in honing in their plans and offerings. They can also aid you by having that instant data transfer out to your vehicle for firmware fixes or improvements, but they also win by using your driving data to do things like supplement their A.I. learning, to learn about the average customer’s needs, and to find weak points in their system. The data collection is hugely useful to companies that can make use of it.

This is where I think Bambu falls, but I do think the Chinese government can make use of the data too. Just not sure if they care about your Bambu data… at least now.

I got my start during my college days working in computer operations for a list maintenance company that rented lists and marketing data on behalf of some major publications such as “The National Law Review”, “Penthouse Magazine”, “The National Star”, “Variety” as well as “Scientific American Magazine”. It was amazing the profiles we could assemble back 40 years ago with just name and address data alone. Today, the data harvesters compile even greater dossiers on individuals living at each address thanks to social media and browser cookies.

The warehousing of data that is what’s of value at a later date to be named. What’s more, when it comes to signal intelligence, for all intents and purposes there is no budget. It’s important to understand that Signal Intelligence(SIGINT) is employed as a “Long Game” endeavor and it’s not a single piece of data that compromises anything and every government engages in it it not just the PRC. It’s just that the PRC answers only to the Chairman.

Here’s an interesting table of some of those agencies in NATO alone.

Agency Description
NSA (National Security Agency) United States agency responsible for SIGINT and information assurance.
GCHQ (Government Communications Headquarters) United Kingdom’s SIGINT agency.
CSE (Communications Security Establishment) Canadian agency responsible for SIGINT.
BND (Bundesnachrichtendienst) German Federal Intelligence Service, involved in SIGINT operations.
AIVD (Algemene Inlichtingen- en Veiligheidsdienst) Dutch General Intelligence and Security Service, involved in SIGINT.
DGSE (Direction Générale de la Sécurité Extérieure) French external intelligence agency, responsible for SIGINT.
CSIS (Canadian Security Intelligence Service) Canadian intelligence agency involved in SIGINT activities.
DIS (Defence Intelligence Service) Danish intelligence agency involved in SIGINT operations.


So picture if you will, someone is either asked to print a part or takes with them work from home. Now let’s say that part is a component in a missile guidance system. The 3D print by itself is worthless but the filename of the print, the person who printed it, where they live can then be used to cross reference against a geography, their LinkedIn profile and where they work. Then all an operative needs to do is put together a dossier of that individual and get dirt on them like the fact that they had dinner for two at a nice restaurant with a person that was not his wife and who’s phone number and presumably private but steamy text messages become blackmail fodder. Think it can’t happen? It already has. Think this won’t happen to any of us because none of us work for a defense contractor? What if you were the leverage needed to get dirt on let’s say your neighbor or brother-in-law who just happens to work at BAE, Dassault Aviation or Airbus Industries … page 2 our of the East German STASI playbook.

If anyone thinks that their 3D model can’t be recognized by AI, just use Google Lens or Amazon’s mobile app and scan an off-the-shelf object to see what you get. I’ve been using Google Lens for years now a full decade before all this AI hype. Whenever I need to identify a particular part and see if I can find out where I can but it. And that’s just commercial stuff. Imagine if you had an entire database of everyone’s home printer, along with the camera feed that peeks out the side of the open door.

1 Like

In today’s digital age, data privacy and security have become paramount concerns. The collection and storage of personal data by companies and organizations raise questions about how that data is used, who has access to it, and what measures are in place to protect it from unauthorized access or misuse. As you mentioned, it’s often not just one piece of information but the cumulative effect of gathering multiple data points that can lead to the creation of comprehensive profiles of individuals. This can include habits, preferences, behaviors, and other personal information that, when combined, can paint a detailed picture of an individual’s life.

Interesting allegation. Evidence?

Have a look over China’s Data Security Law (DSL) and the Personal Information Protection Law (PIPL) and you’ll note that such “allegations” are in fact well founded based solely on the provisions and principles of the DSL. The DSL defines as “national core data” all data categories (not necessarily personal data/PII) that may impact “national security, the lifelines of the national economy, are important to people’s livelihood, and important to the public economic interest.” Several sections of the DSL, as well as several articles in the PIPL provision for the need for Chinese companies (whether established in China or abroad) to share or make available any data gathered that might affect or impact Chinese national or foreign policies , economic development and “people’s well-being”, with the Chinese authorities.
Briefly put, the DSL is generally viewed as a response to the U.S. Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which gives U.S. law enforcement agencies the authority to compel companies falling under U.S. jurisdiction to produce requested data regardless of where the data is stored. In other words, the DSL autorizes and allows the Chinese authorities to do the same to any Chinese company (no matter where it’s located) or any other foreign company established in China.
If you’ll find the necessary time, dig deeper into these two pieces of legislation and (hopefully having a good translation) you’ll be surprised of what you’ll learn from there on Chinese government’s policies for gathering data to further China’s political and economic agenda.


The US health systems can’t even protect our data from hackers and/or abuse. I’m already in two class-action suits with two separate providers and already have “protection” because a credit card company allowed access to personal data two years ago.

I wouldn’t worry about China. Your private info is already flowing out of your phone, credit cards, insurance and probably your car every time you step out of your door. Or even while you’re asleep. Have any voice activated devices? They listen all the time and the voices as text are cataloged. You can’t escape. :crazy_face:

The difference being, Ken-N-Texas, that in the US you can sue the “service provider” or the state or even the federal government (a very muddy, lengthy, and costly process, but nevertheless feasible if you have the time, the money, enough evidence and legal standing and - obviously- a good lawyer) and eventually you could win and get awarded monetary compensation. Now try suing a Chinese company (not based in the US) or the Chinese government, for similar reasons. Doubt that such a lawsuit (no matter how legitimate it might be, or how much evidence could be presented) will succeed. One may dream of successfully suing the Chinese government, but soon afterwards one will get a harsh reality check. Whether the lawsuit is filled in the US, elsewhere or even in China, the result will be the same: China: 1, you : nil. Should you win such a lawsuit brought before an US court, well then, good luck enforcing that court ruling against China. And don’t even think of being able to do the same thing in China. In most cases such lawsuits get dismissed right from beginning (can’t sue the State or the Party). In a few handful of cases, the lawsuit initiators have… well, let’s just say they sort of vanished in thin air and no one has ever seen or heard from them again.

1 Like

That’s why I said not to worry about China–You can’t do anything about it anyway. Well, there is. You could unplug your BL printer and stop using it. :smiling_face_with_tear: There’s also the chance it could be cutoff for you. Like what they’re trying to do with TikToc.

All I’m saying is there’s more than enough changes to look at in your own country than trying to add what some other country is doing. You’re not likely to have much choice there either.

a little correction, if I may; you can do something- like unplug you printer from BL’s cloud and rely only and solely on your SD card and your local LAN. As for warranties and repairs, well this forum (and not only here) is loaded with posts from BL users vividly expressing their “joy” and "satisfaction " over BL’s customer service/support best practices, quality and reliability. So you might very well want to skip over this part and start stocking spare parts… and eventually consider going "rogue " by installing X1PLUS instead of BL’s firmware.

1 Like

I used to be real annoyed at this stuff and yet find myself giving away a lot more these days than I used to be comfortable with. I’m no longer fighting the system and accept the horse has bolted. I keep my online life fairly basic and laugh at the odd targeted ad on my facebook (the topics are from spoken conversations). Anywhere you go there is some form of monitoring and it is tiring to keep up the guard, I’m now a generic user and choose to feed the odd furphy to make it interesting :stuck_out_tongue_closed_eyes:

So true… Even in the middle of Amazonian jungle or in the middle of the Sahara desert there’s always some creature (not necessarily friendly) that monitors your smallest movement, tracking you every step of the way, hoping to eventually get something out of you, whether it’s whatever you carry or your life, there’s always such a predator/stalker in your neighborhood. Keeping your guard up at all times (especially when leaving your digital footprint online) should not just be an afterthought but rather a matter of basic survival and protection of what is your private life and that of your loved ones.

I find life relatively safe and relaxed where I am, I have worked and lived in dangerous and toxic environments though and know what it’s like on edge. I think the slippery slope was hopped on a long time ago and the promise that technology was going to make the world a happier place only worked out for those who run it. No way am I giving up my safety, I know what battles I can win and don’t leave doors open that aren’t easily shut.

I’m lucky in some respect that my early days were not digital :slight_smile:

There’s far more data/information gleaned by Google, Apple, Facebook, X, Instagram et al and other US entities every time a browser or mobile phone is used than by BBL or the Chinese govt knowing what someone’s 3D printer, laptop or phone IP address, or recently printed niknak is.

And the privacy horse bolted long ago for anyone who has ever posted any personal info or details online. Without doxxing anyone, 5 mins of searching one of the more vocal people on this forum on the topic of privacy, secrecy and security revealed multiple other accounts on other forums, their past employers, hobbies, interests, where they live, where they’ve been and a pattern of similar rants about their privacy elsewhere - all in the public domain (knowingly, deliberate or not). Recreational complaining about the Chinese government by anyone whose own identity hygiene is questionable is naïve. But that’s a choice, right?

And as for suing the US, UK or other non-Chinese government… share how that works out and if winning a class action case really makes an iota of difference.

It’s well published that BBL printers are cloud connected, so to the tinfoil hat, techie, tweaker brigade complaining about their privacy when using a BBL printer that they should know is cloud-connected, perhaps they should have built an offline Voron instead. BBL is for a different consumer audience, most of whom couldn’t care less about their cloud connection as they’re too busy enjoying what they can make with these things and they’ll post the photos online anyway :wink:

1 Like