Bambu Lab Authorization Control System: Difference between revisions
added comment |
m Removed red links; misc. |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
{{IncidentCargo | {{IncidentCargo | ||
|Company=Bambu Lab | |Company=Bambu Lab | ||
|StartDate=2025 | |StartDate=16 January 2025 | ||
|EndDate= | |||
|Status=Active | |Status=Active | ||
|Type=Post-purchase terms change | |Type=Post-purchase terms change | ||
|Description=January 2025 firmware change restricted third-party slicers | |Description=January 2025 firmware change restricted third-party slicers and gated printer control behind Bambu-issued authentication. | ||
}} | }} | ||
On January 16, 2025, the 3D-printer manufacturer '''[[Bambu Lab]]''' announced that future firmwares for its 3D printers would introduce an authorization and authentication mechanism for printer connection and control, [[Deceptive language frequently used against consumers|in the name of security]].<ref name="firmware-update-introducing-new-authorization-control-system-2">{{Cite web |last=Bambu Kidd |date=2025-01-16 |title=Firmware Update Introducing New Authorization Control System |url=https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ |url-status=live |archive-url=https://ghostarchive.org/archive/qwL63 |archive-date=2026-03-07 |website=[[Bambu Lab]] Blog}}</ref> The change restricted the use of third-party accessories and slicers such as Panda Touch and OrcaSlicer, and it gated print initiation, motion control, fan and hotend control, AMS configuration, calibrations, remote video, and firmware upgrade behind a Bambu-issued authentication path.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> Bambu Lab also publishes its own slicer, [https://github.com/bambulab/BambuStudio Bambu Studio], under the [[GNU Affero General Public License|AGPL-3.0]],<ref name="bambustudio-license">{{Cite web |title=BambuStudio LICENSE (AGPL-3.0 verbatim) |url=https://github.com/bambulab/BambuStudio/blob/master/LICENSE |website=GitHub |publisher=Bambu Lab |access-date=2026-05-10 |url-status=live}}</ref> while its [[Terms of Service|Terms of Use]] § 3.4 forbid users to modify, copy, reverse engineer, or create derivatives of "the Product."<ref name=":2">{{Cite web |date=2024-04-24 |title=Terms of Use |url=https://bambulab.com/en-us/policies/terms |url-status=live |archive-url=https://ghostarchive.org/archive/vPu9I |archive-date=2026-03-09 |access-date=2025-05-01 |website=[[Bambu Lab]]}}</ref> In April 2026, Bambu Lab | On January 16, 2025, the 3D-printer manufacturer '''[[Bambu Lab]]''' announced that future firmwares for its 3D printers would introduce an authorization and authentication mechanism for printer connection and control, [[Deceptive language frequently used against consumers|in the name of security]].<ref name="firmware-update-introducing-new-authorization-control-system-2">{{Cite web |last=Bambu Kidd |date=2025-01-16 |title=Firmware Update Introducing New Authorization Control System |url=https://blog.bambulab.com/firmware-update-introducing-new-authorization-control-system-2/ |url-status=live |archive-url=https://ghostarchive.org/archive/qwL63 |archive-date=2026-03-07 |website=[[Bambu Lab]] Blog}}</ref> The change restricted the use of third-party accessories and slicers such as Panda Touch and OrcaSlicer, and it gated print initiation, motion control, fan and hotend control, AMS configuration, calibrations, remote video, and firmware upgrade behind a Bambu-issued authentication path.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> Bambu Lab also publishes its own slicer, [https://github.com/bambulab/BambuStudio Bambu Studio], under the [[GNU Affero General Public License|AGPL-3.0]],<ref name="bambustudio-license">{{Cite web |title=BambuStudio LICENSE (AGPL-3.0 verbatim) |url=https://github.com/bambulab/BambuStudio/blob/master/LICENSE |website=GitHub |publisher=Bambu Lab |access-date=2026-05-10 |url-status=live}}</ref> while its [[Terms of Service|Terms of Use]] § 3.4 forbid users to modify, copy, reverse engineer, or create derivatives of "the Product."<ref name=":2">{{Cite web |date=2024-04-24 |title=Terms of Use |url=https://bambulab.com/en-us/policies/terms |url-status=live |archive-url=https://ghostarchive.org/archive/vPu9I |archive-date=2026-03-09 |access-date=2025-05-01 |website=[[Bambu Lab]]}}</ref> In April 2026, this authorization system became the basis for a [[Bambu Lab cease and desist against OrcaSlicer fork developer|cease-and-desist demand against a Polish community fork maintainer]] who had restored direct printer control on top of the AGPL source. | ||
==Controversy regarding firmware updates== | ==Controversy regarding firmware updates== | ||
| Line 44: | Line 45: | ||
Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks". The cited security incidents have specific context: | Bambu Lab has stated that the authorization system is in place in order to protect against "remote hacks," "printer exposure," and "abnormal traffic or attacks". The cited security incidents have specific context: | ||
*The "remote hacks" cited as an example in the article followed a reported security vulnerability in a 3D printer product; according to Bitdefender's reporting, the researcher infected machines to display a harmless message in order to publicize the unpatched flaw.<ref>{{Cite web |last=Cluley |first=Graham |date=2024-03-01 |title=Someone is hacking 3D printers to warn owners of a security flaw |url=https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002646/https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |archive-date=2026-02-16 |access-date=2025-05-01 |website= | *The "remote hacks" cited as an example in the article followed a reported security vulnerability in a 3D printer product; according to Bitdefender's reporting, the researcher infected machines to display a harmless message in order to publicize the unpatched flaw.<ref>{{Cite web |last=Cluley |first=Graham |date=2024-03-01 |title=Someone is hacking 3D printers to warn owners of a security flaw |url=https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002646/https://www.bitdefender.com/en-au/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw?ref=blog.bambulab.com |archive-date=2026-02-16 |access-date=2025-05-01 |website=Bitdefender}}</ref> | ||
*In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=2018-09-05 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=2026-02-16 |access-date=2025-05-01 |website= | *In the article cited about printer exposure, the hack was carried out largely because of user misconfiguration.<ref>{{Cite web |last=Ms. Smith |date=2018-09-05 |title=Over 3,700 exposed 3D printers open to remote attackers |url=https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |url-status=live |archive-url=https://web.archive.org/web/20260216002556/https://www.csoonline.com/article/566223/over-3700-exposed-3d-printers-open-to-remote-attackers.html?ref=blog.bambulab.com |archive-date=2026-02-16 |access-date=2025-05-01 |website=CSO}}</ref> | ||
*The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |archive-url= |archive-date= |access-date=2025-05-01 |website=[[Bambu Lab]] Wiki}}</ref> | *The "abnormal traffic" can be mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |title=Summary of Security Incident Responses and Abnormal Cloud Traffic |url=https://wiki.bambulab.com/en/security-incidents-cloud-traffic?ref=blog.bambulab.com |url-status=live |archive-url= |archive-date= |access-date=2025-05-01 |website=[[Bambu Lab]] Wiki}}</ref> | ||
*"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=2022-11-25 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |archive-url=https://ghostarchive.org/archive/CE0Ii |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Blog}}</ref> | *"Other malicious devices in the LAN" can be partially mitigated by steps Bambu has already put in place, as detailed in their own article on the matter.<ref>{{Cite web |last=@SpaghettiMonster |date=2022-11-25 |title=Answering network security concerns for our printers |url=https://blog.bambulab.com/answering-network-security-concerns/ |url-status=live |archive-url=https://ghostarchive.org/archive/CE0Ii |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Blog}}</ref> | ||
==Issues with LAN mode requiring authorization== | ==Issues with LAN mode requiring authorization== | ||
{{outdated/section}} | |||
[[File:Bambu Connect App - Lan Device Discovery without Bambu Login.png|thumb|Bambu Connect App - Lan Device Discovery without Bambu Login]] | [[File:Bambu Connect App - Lan Device Discovery without Bambu Login.png|thumb|Bambu Connect App - Lan Device Discovery without Bambu Login]] | ||
Bambu Lab printers have the ability to be controlled over both cloud and LAN. This allowed users to integrate their printers into private networks and maintain full control without having to rely on the manufacturer's server while also allowing cloud access. The new authorization system mandates that even LAN-based operations must go through an authentication process using Bambu Connect to retain full control.<ref name="bambu-connect">{{Cite web |[email protected] |title=Bambu Connect (beta) |url=https://wiki.bambulab.com/en/software/bambu-connect |url-status=live |archive-url=https://ghostarchive.org/archive/CVCtK |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Wiki}}</ref> Full local access is still possible and unchanged for those not using the cloud. | Bambu Lab printers have the ability to be controlled over both cloud and LAN. This allowed users to integrate their printers into private networks and maintain full control without having to rely on the manufacturer's server while also allowing cloud access. The new authorization system mandates that even LAN-based operations must go through an authentication process using Bambu Connect to retain full control.<ref name="bambu-connect">{{Cite web |[email protected] |title=Bambu Connect (beta) |url=https://wiki.bambulab.com/en/software/bambu-connect |url-status=live |archive-url=https://ghostarchive.org/archive/CVCtK |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Wiki}}</ref> Full local access is still possible and unchanged for those not using the cloud. | ||
| Line 57: | Line 59: | ||
**Confidentiality required by US Law: this is in conflict with users that have to comply with internal U.S. government classified information handling regulations.{{CitationNeeded}} | **Confidentiality required by US Law: this is in conflict with users that have to comply with internal U.S. government classified information handling regulations.{{CitationNeeded}} | ||
*'''Loss of offline independence while also using cloud''': Before, users could have hybrid offline setups. The requirement for authentication removes this option unless users revert to older firmware versions; Bambu Lab initially indicated rollback would not be permitted, though The Verge later reported that users could still downgrade and use LAN access keys while signed into the cloud. | *'''Loss of offline independence while also using cloud''': Before, users could have hybrid offline setups. The requirement for authentication removes this option unless users revert to older firmware versions; Bambu Lab initially indicated rollback would not be permitted, though The Verge later reported that users could still downgrade and use LAN access keys while signed into the cloud. | ||
*'''Increased complexity''': The added authentication layer complicates workflows for users who built custom setups or relied on third-party integrations for LAN control while retaining cloud functionality.<ref name=":4">{{Cite web | | *'''Increased complexity''': The added authentication layer complicates workflows for users who built custom setups or relied on third-party integrations for LAN control while retaining cloud functionality.<ref name=":4">{{Cite web |author=edlboston |date=Jan 2023 |title=Full Non-Cloud Based Network Option Needed |url=https://forum.bambulab.com/t/full-non-cloud-based-network-option-needed/3643 |url-status=live |archive-url=https://ghostarchive.org/archive/1ee4F |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Community Forum |quote=Yes, I know about the LAN mode. But as has been stated by many people, things like the camera will not work, nor will the Handy app. There is no technical reason that these are bound to the cloud. This is the problem and why I titled this FULL Non-Cloud Network.}}</ref> | ||
*LAN-Only mode in Orca Slicer is implemented by passing API Calls to the installed proprietary Bambu Network Plug-In (unlike BTT and other solutions that did indeed communicate with printer directly via MQTT protocol). | *LAN-Only mode in Orca Slicer is implemented by passing API Calls to the installed proprietary Bambu Network Plug-In (unlike BTT and other solutions that did indeed communicate with printer directly via MQTT protocol). | ||
| Line 68: | Line 70: | ||
===X1E firmware 01.01.02.00 LAN-mode connection failure=== | ===X1E firmware 01.01.02.00 LAN-mode connection failure=== | ||
Newly received X1E printers with firmware 01.01.02.00 will not connect to the Bambu Studio using the Lan only method password. Bambu Studio identifies the un-logged printer but will not allow a connection to the printer. Only after connection / account pairing is done over the Bambu Handy app by giving internet access to the PC and Printer then using the cloud service connection will Lan only communication and login work.<ref>{{Cite web |last= |date=2024 | Newly received X1E printers with firmware 01.01.02.00 will not connect to the Bambu Studio using the Lan only method password. Bambu Studio identifies the un-logged printer but will not allow a connection to the printer. Only after connection / account pairing is done over the Bambu Handy app by giving internet access to the PC and Printer then using the cloud service connection will Lan only communication and login work.<ref>{{Cite web |last= |date=Sep 2024 |title=Connect X1E to stand-alone computer |url=https://forum.bambulab.com/t/connect-x1e-to-stand-alone-computer/101474 |url-status=live |archive-url=https://web.archive.org/web/20260223033045/https://forum.bambulab.com/t/connect-x1e-to-stand-alone-computer/101474 |archive-date=2026-02-23 |access-date=2025-05-01 |website=[[Bambu Lab]] Community Forum}}</ref> | ||
==Implementation timeline and requirements== | ==Implementation timeline and requirements== | ||
{{outdated/section}} | |||
The authorization system will be rolled out in phases, starting with the X1 series printers. A beta firmware (version 01.08.03.00) was released on January 17, 2025, with the full release scheduled for late January 2025.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> The P and A series printers will get similar updates at an unspecified future date. | The authorization system will be rolled out in phases, starting with the X1 series printers. A beta firmware (version 01.08.03.00) was released on January 17, 2025, with the full release scheduled for late January 2025.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> The P and A series printers will get similar updates at an unspecified future date. | ||
| Line 114: | Line 116: | ||
--> | --> | ||
==Impact on functionality== | ==Impact on functionality== | ||
{{outdated/section}} | |||
While some functionality remains unauthenticated like in previous firmware versions (sending status information from the printer over the network, starting a print job using SD cards), the most important features now require authentication through a closed-source client called Bambu Connect<ref name="bambu-connect" />. These restricted features include: | While some functionality remains unauthenticated like in previous firmware versions (sending status information from the printer over the network, starting a print job using SD cards), the most important features now require authentication through a closed-source client called Bambu Connect<ref name="bambu-connect" />. These restricted features include: | ||
| Line 146: | Line 149: | ||
*'''Lack of transparency''': SoftFever reported that the limited warning given to OrcaSlicer developers preceded community engagement with existing customers.<ref name="orca-slicer-issue8063" /> Point to the contrary: the new firmware is in beta and Bambu Connect middleware contains temporary compromises to allow third-party slicers to work as before. | *'''Lack of transparency''': SoftFever reported that the limited warning given to OrcaSlicer developers preceded community engagement with existing customers.<ref name="orca-slicer-issue8063" /> Point to the contrary: the new firmware is in beta and Bambu Connect middleware contains temporary compromises to allow third-party slicers to work as before. | ||
*'''Lack of follow-through:''' As of January 2025, SoftFever, OrcaSlicer's lead developer, did not have API keys for Bambu Connect, a necessary layer of Bambu software that would need to be integrated into OrcaSlicer. Some community members questioned whether Bambu Lab's outreach to OrcaSlicer was a substantive collaboration effort.<ref name=":1">{{Cite web |last=@fever_soft |date=2025-01-18 |title=This is definitely a bummer. I was negotiating for an authorization key to allow OrcaSlicer to communicate with their device like BambuStudio does, but today I was told they won't support this. Only their slicer can send prints directly; others must use their Bambu Connect application |url=https://x.com/fever_soft/status/1880630570809795034?t=qJyh4SGFZFllcYrqexGW-Q |url-status=live |access-date=2025-05-01 |website=[[X]] |archive-url=http://web.archive.org/web/20251004104021/https://x.com/fever_soft/status/1880630570809795034?t=qJyh4SGFZFllcYrqexGW-Q |archive-date=2025-10-04}}</ref> | *'''Lack of follow-through:''' As of January 2025, SoftFever, OrcaSlicer's lead developer, did not have API keys for Bambu Connect, a necessary layer of Bambu software that would need to be integrated into OrcaSlicer. Some community members questioned whether Bambu Lab's outreach to OrcaSlicer was a substantive collaboration effort.<ref name=":1">{{Cite web |last=@fever_soft |date=2025-01-18 |title=This is definitely a bummer. I was negotiating for an authorization key to allow OrcaSlicer to communicate with their device like BambuStudio does, but today I was told they won't support this. Only their slicer can send prints directly; others must use their Bambu Connect application |url=https://x.com/fever_soft/status/1880630570809795034?t=qJyh4SGFZFllcYrqexGW-Q |url-status=live |access-date=2025-05-01 |website=[[X]] |archive-url=http://web.archive.org/web/20251004104021/https://x.com/fever_soft/status/1880630570809795034?t=qJyh4SGFZFllcYrqexGW-Q |archive-date=2025-10-04}}</ref> | ||
*'''Disregard for open-source collaboration''': OrcaSlicer is open-source software developed under the AGPL-3.0 license.<ref name="softfever-orcaslicer-license" /> The decision to restrict network APIs in favor of proprietary systems such as Bambu Connect removes customer choice in how the printer is operated. | *'''Disregard for open-source collaboration''': OrcaSlicer is open-source software developed under the AGPL-3.0 license.<ref name="softfever-orcaslicer-license">{{Cite web |title=OrcaSlicer LICENSE.txt (AGPL-3.0) |url=https://github.com/SoftFever/OrcaSlicer/blob/main/LICENSE.txt |website=GitHub |publisher=SoftFever |access-date=2026-05-10 |url-status=live}}</ref> The decision to restrict network APIs in favor of proprietary systems such as Bambu Connect removes customer choice in how the printer is operated. | ||
*'''Token support for third-party tools''': While Bambu Connect provides a workaround for third-party slicer use, it restricts functionality and complicates workflows, leading many to question the sincerity of Bambu's stated support for open-source tools<ref name="bambu-connect" />. | *'''Token support for third-party tools''': While Bambu Connect provides a workaround for third-party slicer use, it restricts functionality and complicates workflows, leading many to question the sincerity of Bambu's stated support for open-source tools<ref name="bambu-connect" />. | ||
*'''Power imbalance''': As the hardware manufacturer, Bambu Lab has the ability to dictate how its products can be used; often to the detriment of third-party developers and users. | *'''Power imbalance''': As the hardware manufacturer, Bambu Lab has the ability to dictate how its products can be used; often to the detriment of third-party developers and users. | ||
==Community-driven workarounds and technical alternatives== | ==Community-driven workarounds and technical alternatives== | ||
{{outdated/section}} | |||
Community members have published workarounds for the firmware restrictions. | Community members have published workarounds for the firmware restrictions. | ||
| Line 195: | Line 198: | ||
*The Bambu Labs website offers consumers the ability to request a rootable firmware to be sent to their printers. As of January 26, 2025, the feature (in the EU at least) is broken such that you cannot finalize the process of requesting such a firmware.<ref name="bambu-third-party-firmware-plan">{{Cite web |title=Third Party Firmware Plan |url=https://bambulab.com/en-eu/third-party-firmware/plan |website=Bambu Lab |access-date=2025-01-26 |url-status=live}}</ref> | *The Bambu Labs website offers consumers the ability to request a rootable firmware to be sent to their printers. As of January 26, 2025, the feature (in the EU at least) is broken such that you cannot finalize the process of requesting such a firmware.<ref name="bambu-third-party-firmware-plan">{{Cite web |title=Third Party Firmware Plan |url=https://bambulab.com/en-eu/third-party-firmware/plan |website=Bambu Lab |access-date=2025-01-26 |url-status=live}}</ref> | ||
**The result of accepting the terms of the page titled "Third Party Firmware Plan Guideline" and clicking "Next" takes you to a page titled "Important Notice and Risk Warning" which, when accepting the terms leaves you with an "I got it" button that takes you back to the previous page. | **The result of accepting the terms of the page titled "Third Party Firmware Plan Guideline" and clicking "Next" takes you to a page titled "Important Notice and Risk Warning" which, when accepting the terms leaves you with an "I got it" button that takes you back to the previous page. | ||
==Impact on professional users and privacy concerns== | ==Impact on professional users and privacy concerns== | ||
| Line 323: | Line 227: | ||
==Customer reactions== | ==Customer reactions== | ||
Customer reactions on community forums and Reddit were negative.<ref>{{Cite web |last=@hho |date=2025-01-15 |title=Bambu Studio 1.10.2 Public Beta |url=https://forum.bambulab.com/t/bambu-studio-1-10-2-public-beta/134549/4 |url-status=live |archive-url=https://ghostarchive.org/archive/ahrz6 |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Community Forum |quote=Improvements Introduce authorization and authentication protection mechanism: Bambu Studio now supports signing and encrypting control commands sent to printers when the printer supports authorization and authentication protection. The printer will determine whether the commands can be executed. Hmmm. This reads suspiciously vague. It could mean that Bambu printers get an onboard permission handling, so that you can "lock down" your printer and set what commands can be run. But it could also mean that Bambu printers in (or of?) the future will only run Gcode encrypted and signed by Bambu Studio…}}</ref><ref>{{Cite web |last=@iranintoavan |title=Firmware Update Introducing New Authorization Control System |url=https://old.reddit.com/r/BambuLab/comments/1i2psvz/firmware_update_introducing_new_authorization/ |url-status=live |archive-url=http://web.archive.org/web/20250403012526/https://old.reddit.com/r/BambuLab/comments/1i2psvz/firmware_update_introducing_new_authorization/ |archive-date=2025-04-03 |access-date=2025-05-01 |website=Old [[Reddit]]}}</ref> Bambu Lab has historically pushed cloud-based printer interaction while offering limited LAN mode functionality<ref name=":4" />. Many customers argue that the security issues this locked-down firmware claims to address are actually consequences of the company's cloud-based design choices rather than inherent risks of local network control.<ref name="bambulab-forum-134549/12" /> After the announcement, Bambu Lab's Trustpilot page recorded a wave of one-star reviews citing the firmware restrictions as the reason for the rating.<ref>{{Cite web |title=Bambu Lab |url=https://www.trustpilot.com/review/bambulab.com?sort=recency |archive-url=https://web.archive.org/web/20250119162028/https://www.trustpilot.com/review/bambulab.com?sort=recency |archive-date=2025-01-19 |website= | Customer reactions on community forums and Reddit were negative.<ref>{{Cite web |last=@hho |date=2025-01-15 |title=Bambu Studio 1.10.2 Public Beta |url=https://forum.bambulab.com/t/bambu-studio-1-10-2-public-beta/134549/4 |url-status=live |archive-url=https://ghostarchive.org/archive/ahrz6 |archive-date=2026-03-30 |access-date=2025-05-01 |website=[[Bambu Lab]] Community Forum |quote=Improvements Introduce authorization and authentication protection mechanism: Bambu Studio now supports signing and encrypting control commands sent to printers when the printer supports authorization and authentication protection. The printer will determine whether the commands can be executed. Hmmm. This reads suspiciously vague. It could mean that Bambu printers get an onboard permission handling, so that you can "lock down" your printer and set what commands can be run. But it could also mean that Bambu printers in (or of?) the future will only run Gcode encrypted and signed by Bambu Studio…}}</ref><ref>{{Cite web |last=@iranintoavan |title=Firmware Update Introducing New Authorization Control System |url=https://old.reddit.com/r/BambuLab/comments/1i2psvz/firmware_update_introducing_new_authorization/ |url-status=live |archive-url=http://web.archive.org/web/20250403012526/https://old.reddit.com/r/BambuLab/comments/1i2psvz/firmware_update_introducing_new_authorization/ |archive-date=2025-04-03 |access-date=2025-05-01 |website=Old [[Reddit]]}}</ref> Bambu Lab has historically pushed cloud-based printer interaction while offering limited LAN mode functionality<ref name=":4" />. Many customers argue that the security issues this locked-down firmware claims to address are actually consequences of the company's cloud-based design choices rather than inherent risks of local network control.<ref name="bambulab-forum-134549/12" /> After the announcement, Bambu Lab's Trustpilot page recorded a wave of one-star reviews citing the firmware restrictions as the reason for the rating.<ref>{{Cite web |title=Bambu Lab |url=https://www.trustpilot.com/review/bambulab.com?sort=recency |archive-url=https://web.archive.org/web/20250119162028/https://www.trustpilot.com/review/bambulab.com?sort=recency |archive-date=2025-01-19 |website=TrustPilot}}</ref> | ||
As of publication, '''no changes have been announced for owners who never sign their printers into the Bambu cloud service'''. Past firmware updates allowed pairing the slicer via IP address and access key and performing offline firmware updates without ever signing the printer into the cloud, keeping local functionality unchanged.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> | As of publication, '''no changes have been announced for owners who never sign their printers into the Bambu cloud service'''. Past firmware updates allowed pairing the slicer via IP address and access key and performing offline firmware updates without ever signing the printer into the cloud, keeping local functionality unchanged.<ref name="firmware-update-introducing-new-authorization-control-system-2" /> | ||
==Comparisons to similar practices by other companies== | ==Comparisons to similar practices by other companies== | ||
Bambu Lab's new authorization and authentication requirements have been compared to a number of practices by traditional printer manufacturers, such as [[HP]] and [[Epson]], who have faced backlash and litigation over [[digital rights management]] (DRM) practices in 2D printers.{{CitationNeeded}} | Bambu Lab's new authorization and authentication requirements have been compared to a number of practices by traditional printer manufacturers, such as [[HP]] and [[Epson]], who have faced backlash and litigation over [[digital rights management]] (DRM) practices in 2D printers.{{CitationNeeded}} | ||
A parallel from the 3D-printing industry is the 3D-printer manufacturer [[MakerBot]], whose 2012 shift from open-source, DIY-focused machines to closed-source, proprietary machines drove customers to less-expensive open-source competitors, as documented by Hackaday's 2016 obituary of the company.<ref>{{Cite web |last=Benchoff |first=Brian |date=2016-04-28 |title=The MakerBot Obituary |url=https://hackaday.com/2016/04/28/the-makerbot-obituary/ |url-status=live |archive-url=http://web.archive.org/web/20251208222057/https://hackaday.com/2016/04/28/the-makerbot-obituary/ |archive-date=2025-12-08 |access-date=2025-05-01 |website= | A parallel from the 3D-printing industry is the 3D-printer manufacturer [[MakerBot]], whose 2012 shift from open-source, DIY-focused machines to closed-source, proprietary machines drove customers to less-expensive open-source competitors, as documented by Hackaday's 2016 obituary of the company.<ref>{{Cite web |last=Benchoff |first=Brian |date=2016-04-28 |title=The MakerBot Obituary |url=https://hackaday.com/2016/04/28/the-makerbot-obituary/ |url-status=live |archive-url=http://web.archive.org/web/20251208222057/https://hackaday.com/2016/04/28/the-makerbot-obituary/ |archive-date=2025-12-08 |access-date=2025-05-01 |website=Hackaday}}</ref> MakerBot was also accused of asserting ownership over publicly available, open-source designs uploaded to its 3D print repository, Thingiverse.<ref>{{Cite web |last=Biggs |first=John |date=2014-05-28 |title=MakerBot Responds To Critics Who Claim It Is Stealing Community IP |url=https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |url-status=live |archive-url=http://web.archive.org/web/20251111041317/https://techcrunch.com/2014/05/28/makerbot-responds-to-critics-who-claim-it-is-stealing-community-ip/ |archive-date=2025-11-11 |access-date=2025-05-01 |website=TechCrunch}}</ref> | ||
==TOS restricting development of third party devices and accessories== | ==TOS restricting development of third party devices and accessories== | ||
Archived discussion threads from January 2024 confirm that a clause restricting the development of third party devices and accessories - § 3.1 - has been part of the Bambu Lab Terms of Use at least since then.<ref>{{Cite web |last=@X1Plus |title=X1plus community Bambu Lab firmware - A win for everyone? |url=https://www.reddit.com/r/3Dprinting/comments/18zaay0/x1plus_community_bambu_lab_firmware_a_win_for/kggqg4n/ |url-status=live |archive-url=https://web.archive.org/web/20260222212657/https://old.reddit.com/r/3Dprinting/comments/18zaay0/x1plus_community_bambu_lab_firmware_a_win_for/kggqg4n/ |archive-date=2026-02-22 |access-date=2025-05-01 |website=[[Reddit]]}}</ref> Community reaction was split: some readers argued the clause is intended to restrict third-party development, while others characterized it as standard boilerplate in vendor terms.<ref>{{Cite web |last=@mflexx |title=Not updated. And this part is shared by pretty much every company that has ever existed on this planet. That's just blatant karma farming at this point. |url=https://www.reddit.com/r/BambuLab/comments/1ibhhg7/updated_tos_shots_fired/m9i78kj/ |url-status=live |archive-url=https://web.archive.org/web/20260222212738/https://old.reddit.com/r/BambuLab/comments/1ibhhg7/updated_tos_shots_fired/m9i78kj/ |archive-date=2026-02-22 |access-date=2025-05-01 |website=[[Reddit]]}}</ref> | Archived discussion threads from January 2024 confirm that a clause restricting the development of third party devices and accessories - § 3.1 - has been part of the Bambu Lab Terms of Use at least since then.<ref>{{Cite web |last=@X1Plus |title=X1plus community Bambu Lab firmware - A win for everyone? |url=https://www.reddit.com/r/3Dprinting/comments/18zaay0/x1plus_community_bambu_lab_firmware_a_win_for/kggqg4n/ |url-status=live |archive-url=https://web.archive.org/web/20260222212657/https://old.reddit.com/r/3Dprinting/comments/18zaay0/x1plus_community_bambu_lab_firmware_a_win_for/kggqg4n/ |archive-date=2026-02-22 |access-date=2025-05-01 |website=[[Reddit]]}}</ref> Community reaction was split: some readers argued the clause is intended to restrict third-party development, while others characterized it as standard boilerplate in vendor terms.<ref>{{Cite web |last=@mflexx |title=Not updated. And this part is shared by pretty much every company that has ever existed on this planet. That's just blatant karma farming at this point. |url=https://www.reddit.com/r/BambuLab/comments/1ibhhg7/updated_tos_shots_fired/m9i78kj/ |url-status=live |archive-url=https://web.archive.org/web/20260222212738/https://old.reddit.com/r/BambuLab/comments/1ibhhg7/updated_tos_shots_fired/m9i78kj/ |archive-date=2026-02-22 |access-date=2025-05-01 |website=[[Reddit]]}}</ref> | ||
| Line 342: | Line 244: | ||
==See also== | ==See also== | ||
*[[Bambu Lab cease and desist against OrcaSlicer fork developer]] | |||
*[[Forced account]] | *[[Forced account]] | ||
*[[Right to repair]] | *[[Right to repair]] | ||