Bambu Lab, the company is behind My favorite 3D printerHave given myself a hell of a week. Now, I’ve got answers to some of my burning questions, answers you’ll probably appreciate. But first, some background.
Since last Thursday, some creators have pledged to no longer buy Bambu printers, even after the company removed some of their 3D models from its online repository. revealed that it will add a new proprietary authentication method which may prevent you from using third-party tools to remotely control your printer.
While you’ll still be able to stick a file on an SD card and physically insert it into your printer or use Bambu’s proprietary cloud, print remotely from a third-party slicer. The old way is no more – unless you download a new proprietary Windows and Mac “Bamboo Connect” desktop app to act as an intermediary between your slicer and Bamboo’s hardware.
“Unauthorized third-party software will be prohibited from running critical operations” – Bambu
While Bambu was clear early on that this would be the one Optional The update, which you can choose not to install, the company calls it a necessary One to protect printers against remote hack. Some owners immediately saw this as a potential bridge EnshittificationHowever.
They noted how Bambu printers can already detect if you’re using an official roll of filament and envisioned a future where Bambu could prevent you from using third-party filament. They noted how Bambu is already planning a subscription service for its print form software, which is a Regular cloud activations are required And envision a future where your Bambu printer stops working if you don’t pay.
Bambu has denied these and many other similar concerns Later in the “Setting the Record Straight” blog postAnd explained that its new tool doesn’t require Internet access or a user account — and it’s also laid back quite a bit, promising to offer a do-it-yourself “developer mode” without a new printer. Maintains local access to your printer. Absolutely proprietary authentication. unfortunately, That mode can also disable your ability to access your printer through the cloud.
Meanwhile, Bambu did himself no favours Preventing people from using the Wayback Machine To test its changing statements, it allegedly worked with Bambu to censor criticism of the company on its subreddit, and to claim that Orca Slicer’s developers continued to print directly from their popular third-party slicer. were doing, when they had Actually did not promise their support.
It also hasn’t helped that Bambu’s own security around its new Bambu Connect app is such that hackers Already extracted its private key and authentication certificateOr that users have discovered that Bambu authorizes itself to block new print jobs until a printer has finished downloading a firmware update automatically. In its terms of use.
Anyway, I think the real question here is: are Does this turn a stepping stone into something more secure, or at least in a walled garden, or not?
Here are the questions I sent to Bambu and the answers I received from spokesperson Nadia Yacoubi:
1) Will Bambu publicly commit to controlling its printers and never requiring a subscription to print from them on a home network?
For our current product line, yes. We will never need a subscription to control or print from our printers on a home network. However, there may be specific business scenarios in the future that require exceptions, such as a 3DP vending machine, but these will apply to entirely different applications and customer needs. If such a product line is introduced, we will clearly communicate it prior to its launch.
1c) Will Bambu never publicly commit to putting any existing printer functionality behind subscriptions?
2) Will Bambu publicly commit to never restrict the use of third-party filament in any way, shape or form?
For our current product line, yes. We have no plans to restrict the use of third-party filament in any way.
3) Will Bambu never publicly commit to monitoring files and prints transmitted between users and their printers on a home network?
Let’s be clear about how it works:
- LAN Mode: Nothing is transmitted through our servers.
- Cloud Mode: Users control their privacy through “anonymous printing”. When enabled, no print history is recorded, and files are not stored in the cloud.
- Cloud features: For features like re-printing, files are temporarily stored in the cloud to allow users to access their print history. Under no circumstances do we view the print file/model without the express consent of our clients.
Bambu has also agreed to add a new developer mode. Some users are concerned that this move is only temporary and that Bambu could simply remove developer mode and claim that it was too much of a security risk or say enough users to justify keeping it around. Did not choose to use.
4) Will Bambu publicly commit to permanently keeping developer mode with local MQTT, Livestream and FTP and never remove it in any future updates or shipping batches of the X1, P1, A1, and A1 mini?
yes However, if a serious security problem arises in the future, we may need to make adjustments to address it. Users can always choose whether to update their printer firmware or not.
5) Will Bambu commit to publicly introducing local developer mode and making it available in any future printers that are released?
We cannot commit to specifications for non-existent future printers. However, we will clearly communicate all relevant details before customers make purchase decisions.
6) Will Bambu publicly commit to permanently remote control its current and future printers over a LAN without a user account or internet access?
For current models: Yes. For future products, while we intend to maintain this functionality, we believe that a commitment to a particular technical approach is not binding indefinitely. However, we will clearly communicate all relevant details before customers make purchase decisions.
Bambu has announced that Bambu Connect will integrate with third-party slicers like Orca, but some users are confused as to why an app like Bambu Connect is needed when you can instead add more secure authentication to the printer itself. , as with industry standard practices. The printer generates a secure token/API key instead of creating a proprietary middleware authentication app.
7) Has Bambu considered and rejected interoperability methods of securing its printers, such as tokens?
7b) Will Bambu commit to converting its authentication system into an interoperable system? If BAMBOO rejected interoperable secure authentication systems, why?
If the software communicates and interacts with our cloud system, it is reasonable for us to understand how it works. As highlighted In our blog postUnauthorized third-party software has long posed persistent challenges to the stability of our cloud services and machines.
While we trust that most developers act with good intentions, users are often unaware of the complexities and security requirements hidden within such software. This lack of transparency across software makes interoperable secure authentication systems insufficient to fully address these issues. Our goal is to protect the entire Bambu Lab product ecosystem, giving every user the confidence that our products are secure and easy to use — free from worries about complex network configurations. And with the changes made, we’re one step closer to integrating third-party access in a secure way.
8) Is it true that the developer of Orca Slicer was not actually working on the integration with Bambu and Bambu announced their involvement without approval?
We are in ongoing discussions with SoftFever, the developer of Orca Slicer, regarding a firmware update and possible integration into the new release starting January 14th. “Work with” can be vague. To be more specific, messages were exchanged, files were sent, and their receipt was confirmed with an indication that they would be reviewed.
9) Desire Panda touch And similar accessories continue to work under developer mode?
We guarantee to keep the port/channel open, but implementation depends on third-party developers.
9b) Is Bambu answering the questions of that company?
Since the release, we have received many inquiries from third-party software developers, including BigTreeTech. devpartners@bambulab.com. We are currently in the process of finalizing our response. It is worth noting that we allow third party developers to a Blog post From March 2024: “If you are developing a device that controls the entire printer, including the heating elements and motion system, please do not expect long-term support unless it is pre-approved by us. . This applies especially to for-profit organizations.
10) Will you allow users to revert to older firmware, eg if they upgrade by mistake without understanding the limitations?
yes Firmware rollback was and will always be available.
11) Does private key leak change any of your plans?
No, this does not change our plans, and we have acted immediately.
