Ridiculous lack of security and privacy

I do some work for a company which does a lot of 3D printing of prototype parts mostly in ABS and ASA. They would love the speed and reliability of the X1 Carbon.

They manufacture some equipment for the military and if I were to suggest they use a 3D printer where jobs are sent to it via a Chinese cloud the idea would be so ridiculous that they would probably cancel my security clearance and escort me out of the building.

The X1 is crippled without internet connection. It can’t update firmware without an internet connection and being logged into a Bambu account. Lan mode is crippled with no video - I can control the X1 from Bambu Studio but it needs web connection and to be logged in to view video - ridiculous.

9 Likes

Video on LAN mode is apparently coming. We didn’t even have LAN mode to start with as I don’t think Bambu really understood how much people wanted that functionality.

Something you need to think about though is you’re talking about using a consumer 3D printer for military use.
Same as that company no doubt wouldn’t use any other random cloud connected device - that’s a choice. It’s not what the printer was designed for.

The lack of local firmware updates is still a little annoying, but I suspect eventually once their walled garden has been hacked within an inch of its life they might give in and lets us have that too.
For the vast majority of users this is also however not a problem at all. They’ve no problem with always on IoT devices, or not having a local update feature.

I think your definition of crippled is also a bit different to mine. Yeah so you lose the camera feed, but as a printer, printing things, it still does a better job than anything else near its price bracket.

6 Likes

I think your definition of crippled is also a bit different to mine.

If your situation demands offline usage and the printer cannot function properly offline, then it’s fair to say that it’s “crippled” for you.

I’m sure BL would love to be able to sell a bunch of printers to military contractors. I’m sure they’d love to be able to sell printers to hospitals, governments, financial institutions, law enforcement, IT, and any number of business and institutions that have (in some cases, unreasonably) strict infosec rules. But as long as their printers require a connection to a remote server (in China, no less), those organizations are going to give BL a hard pass, and BL is going to miss out on those sales.

There is neither a technical requirement nor a logical justification for why the X1 should need to connect to outside services to perform any of its functions. Sending print jobs and video feeds halfway around the world only to then send them back again just to pass data between a computer and a printer which are on the same local network (and in many cases, are in the same damn room) is just absurdly convoluted and inefficient.

While it may not be a problem for you personally, it is clearly a problem for some users (and many more potential users). What’s worse, it is a problem which is entirely artificial and completely solvable with almost zero effort.

9 Likes

I think only the information to setup video feeds goes/comes halfway round the world.

The print jobs get stored to provide what is strangely called ‘history’ with no option I can see to avoid job storage or deletion.

On top of company security policies what about IP? Anyone here sell 3D models? Would you be happy for customers to place your models in the Bambu cloud, effectively forcing you to accept Bambu’s privacy policy?

Sending print jobs and video feeds halfway around the world only to then send them back again just to pass data between a computer and a printer which are on the same local network (and in many cases, are in the same damn room) is just absurdly convoluted and inefficient.

I’ll add that it also uses up bandwidth. For people who have a limited amount of data per month this uses up part of that. Granted, we’re not talking 4K streaming quality, but it does use up some of the data, especially considering it’s going both ways. Once out, once back in.

How much data are we talking about? Did you measure the amount of data?
Are we talking KB, MB, GB???
Sorry, but this discussion is fruitless without having concrete numbers.
Just my 2 cents.

Nope. I did no measurements… and bandwidth it’s the right term. I shouldn’t have said that. I mean data.

Again, you might say that its fruitless without having concrete numbers but if you use a service that has a limit on the data you can use each month and you’re often pushing close to that limit, it makes a difference. And its silly to route the camera through my wifi, through my router, out to the internet, over to China, back over the internet, back to my router, and back through my wifi to my device that is sitting in the same room.

The Data usage isn’t probably significantly high as I don’t generally just stream it for hours on end. But it’s just one additional reason why it’s silly to route the communication literally halfway across the world and back when I want to look at a print happening in my basement.

1 Like

No problem, I understood data anyway… :slight_smile:

I’m in the luxurious situation to have 100Mbit flat internet connection, so I don’t care anyway.

However I just watched my DSL data counter while printing, there was no difference in data throughput wether the video is on or off. I saw a “constant” throughput of 1,5MB / minute. For everything in my house like two macbooks, several Google Home devices, Philips Hue lights, a smartphone…
Just watching Youtube (only 1080p!) pushed this to 19MB / minute.
I’m with you that sending a local video stream to China and back is absolutely unnecessary, but considering the tiny amount of data I don’t consider this as bad as many other people see it.

1 Like

It’s not the amount of data that is the problem for most potential users, it’s that it’s any data at all. If you’re a business or institution that has strict infosec policies, the amount of data that can be sent to and received from unvetted foreign servers is zero.

Yeah, none of this is a problem for 99% of individual consumers. You send more personal data to China every time you open the tiktok app on your phone than the X1 does in a month, and regular people are just OK with that. But not every potential user is just some regular person churning out the Dwayne “the rock” Johnson meme of the week print in their basement.

I doubt BL wants their printer to be considered a consumer-grade toy that is inappropriate for any kind of serious professional use, but as long as it cannot be properly secured, that is exactly what it is.

5 Likes

It’s not the amount of data that is the problem for most potential users, it’s that it’s any data at all.

I agree that this is the primary concern involved here, but to be fair to 3dball, I did bring up the idea that streaming a print uses up some amount of my finite data per month allotted by the ISP gods.

2 Likes

Honestly, if I’m running a business which has strict security rules, I’ll go the good old way which served me well with my Prusa the last few years: I grab a SD Card and transfer data this way. No network needed.
And the camera? Come on. Do you need this?
Working without network still preserves all the goodies of this machine, speed, quality and versatility. I guess people running this kind of business are used to lots of inconveniences anyway… :slight_smile:

3 Likes

There are no firmware updates without internet connection and being logged into a Bambu account. Transferring print jobs by SDcard is a huge pain in the butt and I paid for a camera which I would like to be able to use.

Companies with serious security still have and use networks they just have no or very limited connection to the internet.

4 Likes

Just checked with LittleSnitch and see this happening there. Could it be that the servers are in US ?
image

When I request a check for firmware update, it shows a connection to US

there is no connection at all to Far East

1 Like

A company anywhere in the world has full access to data on servers it owns or rents anywhere in the world. Your personal information and IP not going directly to China is irrelevant. Not that Bambu being Chinese is the problem I would have the same issue where ever they are based. Being Chinese just makes it worse.

3 Likes

Squishworx does do printing for Aerospace accounts that require us to air gap the Bambu printers completely. They are not even allowed to be on the same electrical circuits as the other printers.

2 Likes

I will have to verify, but the last I saw was they switched to AWS for production and retired AlibabaCloud which they used with the pre-release versions of the slicer and mobile app. Of course, this may vary depending on your region of the world.

Even if data is only being sent to a local datacenter a few miles away, this is still a dealbreaker for any company with strict infosec policies. Not to mention completely unnecessary from a technical standpoint. Just because it may not be “as bad as it used to be” now, or “as it could be”, that doesn’t mean it’s “good”.

Personally, I have no issues with my prints and video feed going through 3rd party servers. This problem doesn’t affect me. But that doesn’t mean I cannot recognize it as a problem that needs resolving. Even if I didn’t care about others’ ability (or inability) to use all the features of the printer without internet connectivity, I would still be concerned for my ability to fully utilize the printer in the future.

If BL should ever go out of business or decide that features that utilize their servers will require a paid subscription, I would be just as out of luck as those other people without internet access are now. This is something that should concern every customer, regardless of their current needs or situation.

6 Likes

Is the “problem” maybe more that Bambu Lab as a manufacturer did not inform about the cloud connection enough? I guess it is not obvious for the customer that some of the printers features need internet connection, right?

This is now being discussed on Twitter and Bambu Lab need to respond, ignoring it will only make things worse.

2 Likes