You're worried about a small printer company and not the huge giants like apple and google whose products you use everyday and who have been proven to steal ur data
What worries me the most is that Bambulab have claimed that the Gcodes are not uploaded, yet in this log it is. If they are willing to lie about that, what else are they not telling us.
@@3DMusketeers fidelity would also depend on the resolution/layer height you sliced at, finer resolution == better fidelity. It's Concerning regardless, GCODE still gives access to be able to print the part(s).
@Bletotum absolutely! It has a 3mf outside of that specific log folder. What we believe happens when you create the log is that it unzips the 3mf file into its components, which would explain the rendered photos that end up being your thumbnails for the parts. @timbrookman366 yes, the better the slice, the better the convert.
What worries me is your lack of reading comprehension. Show me a 3MF or STL file in the logs. Yes, the "machine code" that was sent to the printer, and controls the printer, is in the log file. Shocking!!!! While you can reconstruct the final print from the gcode, you can't reconstruct the original pre-sliced model.
I'm looking to finally purchase my first 3D printer, doing tons of research, because of what I am looking for. The X1C with AMS has been at the top of my list for a while. Do I have the ability to tinker? Sure, I'm old school, learned assembly language programming back in the early 80's programming on a hex keypad and never stopped learning. I'm the kind of guy who never hires anyone unless the job is way WAY too big. I'm not pouring a concrete slab, but taking an 1850's farmhouse into the future, remodeling down to the studs in Every room. The only person I hired is a drywall guy cause I hate drywall. Plumbing? Heating? Electrical? Kitchen cabinets? Tile work? Cake walk. And I love working hard and enjoying the results of my labors. BUT. I no longer want to tinker with Everything, I've been tinkering and doing everything myself for decades. I made the decision back at the turn of the century that I was done building my PC's, it was time to invest in a higher end workstations from HP or Dell. As I look into getting into 3D printing, that's what I'm looking for, the Pro-Consumer / light business type box that just works, that I don't have to mess around. Oh, and BTW, day job is Cyber Security for Enterprise, Banking, Government, Higher Ed. The rest of this post is tempered by my professional experiences. Let's put Bamboo into context. Google was created by the CIA. Do I REALLY need to tell you what that means for Everything you do online? Facebook was created for the sole purpose of monetizing /exploiting personal / private data. All these big tech companies have linked and aggregated your data and offer it to the government, and anyone else willing to pay for it. End result is that the big players know and link ALL your online identities together, no matter how clever you think you were creating that new private account. It's trivial. Amazon Echo devices store your non-command conversations on Amazon's servers for "Product Improvement Analysis." Every consumer product that can connect to the internet is phoning home with god knows what encrypted payloads of Stuff. If you participate in this online world, not living in a cave, that means Big Tech knows more about you than your wife (especially with AI analysis added in.) So let's not play Ostrich here, you need to assume that Every Single Company is going to lie to you about the data they collect and will word their Terms of Service in their favor, preferring to let you fight it in court (they know you won't. You know you won't too.) In my own personal network, perhaps I've gone overboard but I isolate all my SmartHome and other less-trustworthy devices from the Internet and each other. Every device is in its own VLAN with its own set of rules on what it's allowed to communicate with. Issues like Anker's Eufy camera security are COMMON. All these devices are constantly probing servers in China, AWS, Google, Azure, etc. etc. Looking at Bamboo as a company, there APPEARS to be something almost pathological, the set of morals that allow them to just abscond with the Intellectual Property of others while defending their own. Not cool. Including superfluous historical data like images of past prints in the debug logs - not cool. Lying about what is in the log files - VERY Not cool, as in needing a Come to Jesus Moment. Bamboo needs to do some work here to par down their log collection to the minimum needed to actually provide support. That may or may not include g-code, but that info should be disclosed, not hidden, or have it as a non-default option to include (I can see it being helpful debugging a print.) Consumers need to make the choice - Do I work with companies that have questionable moral values and business practices? Just how far do you go to stick to your guns on this, are you willing to give up everything Google touches for example? Netflix? Amazon? Microsoft? Apple? None of those companies is "morally superior" to Bamboo as they all do the EXACT SAME THINGS. Most of what Bamboo is including in the logs does appear to be innocent and reasonable - with some clear exceptions. Now that I know a lot more about Bamboo as a company (thanks to your videos) I need to decide if they are too far to one side on the Moral / Evil scale to support or not. But are they really evil or just Super Arrogant, thinking they won't get caught? Clearly arrogance is involved though, and Bamboo needs to open up a bit more to cooperate with the community. Be honest. I'll probably end up getting the X1C after all this, because it DOES look like they just want to create good printers, and along the path they stepped in a few piles of dog doo.
@@the_realist_John_Doe Yes, but it primarily acts as a diffuser for the light. It is therefore only milky but not opaque. Cameras on laptops, for example, are usually covered with a black piece of plastic or are disconnected from the power supply. On my Think Pad, the camera is moved behind a cover with a slider.
Putting on my day job hat... you have the Linux kernel boot logs, syslogs (which probably run through a log rotate setup which triggers either at a fixed time interval or once a file exceeds a certain size), and the 3mf that Bambu Studio and derivatives export. I was doing a test recently and created a 3mf (which is a compressed file, not too different from a tar gz) from Bambu Studio and it renames the gcode inside it to plate_1. 3mf generally doesn't carry the file name into the contents itself. Now... if you were simply going through the dump file, or SSHed into the machine, I would say this all looks pretty standard. But as I'm understanding from the beginning, the one you're going through is the log file that the machine generates as opposed to just a system dump. Vast majority of that is unnecessary for uploading to support. For a linux syslog to have any useful info, basically your machine would have to be unusable or be doing very weird things, which should only happen if you're manipulating the OS itself (installs, configs, etc. that all have an effect). But a locked down system... there shouldn't be anything. If they're logging application details to the system log, they're lazy at best. Those should be their own files. That's what Ubiquiti, Synology, Mosaic (Palette), and many other similar "locked down but runs on Linux" systems do. Uploading all of that isn't necessary. Given their background from DJI, and that DJI also does an encryption system, my gut feeling is someone just took the encryption system and changed the key used for it. Lots pointing to them doing what DJI does. Now, none of that really says these get uploaded outside of when Bambu requests it. But it still contains more info then necessary. Dates can be weird, because without a network clock, it really depends on the hardware. Like, the RPi 4 and older would have weird timestamps when you booted linux for the first time without a network connection. But the RPi 5 now has support for a clock that you can power by an external battery. Not unlike basically every PC you can buy. So if you find a button battery on the main board, chances are that even if the system stayed in a box for an extended period of time, it still maintained the clock and when you finally did boot it, it knew what time it was. Bigger concern is that factory reset didn't remove most of not all the data. One company's factory reset is the removal of user data, another's is to do a full OS/firmware flash that basically resets the file system. Sounds like Bambu goes for "remove just the couple user config files" rather then the whole file system. Still, the fun part will be seeing what others get from X1Plus.
Yes the one I went through is not the dumped memory, it is a decrypted log. The full 3MF exists on the file dump and we believe that whole gcode folder is just the uncompressed 3mf file split up. Dude thanks for that whole dive into it more, as my day job is definitely not linux stuff. I think Hanlon's Razor is best appropriate here. And the X1Plus guys seem to agree. That likely this was outsourced to someone/team and they never bothered to turn off the extra logging for the testing purposes.
Pondered it quite a bit. Still can't think of a reason to have logs for my own prints encrypted on my own machines. The only viable reason I can think of, is so BL can collect whatever they want, without us knowing what specific things they are collecting. Please, correct me if I'm wrong.
Not to defend them, but it might be easier for them to create the file directly encrypted... Imagine if they just sent a zip and someone got in the way. It would be a major security issue.
oh I have no doubt it is easier, in fact the MCU they chose specifically is marketed to do the encryption, but dont lie to me about what it is in it lol
My day job is Cyber Security, so my opinions are tempered a bit here, but in our line of work we encrypt everything like that as these logs contain details that would allow an attacker additional information that could allow them to completely compromise your system. As the files are queued for potential sharing with support, it makes sense to just archive and encrypt as part of the regular process rather than ONLY doing the encryption Just Before you submit. That said, Bamboo went overboard on what's included in those logs. I can see the g-code being useful if you were debugging a print quality issue, but that should be optional and not by default. Also, no need for historical print images. I'm more inclined to say that this is due to Lazy Programmer Syndrome, "I'm just going to include everything just in case and it takes too much time do determine what's REALLY needed" than actual nefarious evil intent.
These are local log files? What is being sent to Bambu that isn't manually uploaded by the customer, say if there is an issue? What is more freaky to me is, when I am having a discussion with my brother about his ice maker. Then the next time I look at my phone, I see ads for ice makers on my Facebook feed! Also have you ever reviewed the privacy agreement on a Creality K1 printer? It is an opening experience.
These are the logs that are exported from the machine when you tell it to do it. I have given up reading the Privacy agreements for Creality. It is a waste of time just to get mad lol.
The problem is that until the video you didn't know what you were sending to Bambu Lab because the log files are normally stored in encrypted form. If the log files were stored in plain text, then you could take a look at them in advance and see if there is anything in there that contains private information.
Maybe I missed something, but this is just a dump of the data on the machine right? Why are you inferring that the data on the device contains the exact same thing as the data being sent back to manufacturer? Don't get me wrong this is some reasonably valuable info but it doesn't really expose anything. As a software dev I don't think it's abnormal to log all these things and things like the date/time remaining after a factory reset is normal behavior if the device has a real time clock inside. The only thing in this video that is a bit sus is that they encrypted everything, but considering like you found it contains some personal data, if the machine was stolen or sold it would make sense to store the logs in an encrypted format: your phone does the same thing. But the major question is if they are phoning home with this data or not. Is there any unencrypted dump of the network traffic available? Maybe I missed it in the video but I don't think it is known what is being sent? Because a device can log a ton of things, but it's pretty normal to then sanitize logs and clean out any personal data before sending it as traffic to somewhere. And even sending gcode back to Bambulabs could have a legitimate use if the printer crashed hard while processing a file so they can analyze which instructions caused the crash, but again it depends on what is being sent automatically, want is sent "manually" after a failure and what isn't sent at all. I've decided not to go for a Bambu printer simply because of the horrible handling of the recall of the borked power cable, but the things I've seen in this video would only concern me if they are actually sent out, not just stored on the device. Even just measuring the amount of encrypted traffic should give you a good idea on what is actually being sent, but sadly you didn't go there in this video.
As someone who writes software for a living, this video is uninformed at best. There is a fundamental misunderstanding of how commercial software is written and works in this video. There is nothing here that gives me pause.
really? A machine attempting to connect to a cloud server that it has not been authorized to do, AND a machine collecting data the company themselves says it does not does not give you any pause? I guess I will bee looking at the authors of the software I use more diligently then...
You all need to understand that a vast majority of the data he is referencing are DATA files not logs. Every modern computer in the world is going to write local data. It's not stateless. If it was, every time you restart you would have to completely reconfigure the machine. Also, the only reliable way to see what exactly is being send to an external server is to trace it at the firewall. The fact that this guy insinuates all of this is being sent to the cloud without actually tracing it properly is ridiculous.
@UnCoolDad After he consented to it. It's standard practice to basically dump the state of the machine when those "send for help" type of things occur.
Thanks, finally someone thoroughly analyzed what a simple print can reveal to a third party without anyone knowing. It's the biggest piece of crap I've seen in 3D printing in a while. Thanks for your huge amount of work you put into this.
Thanks for pulling the curtain back on the log file, personally I'm not too worried about it, I'm only printing dust collectors anyway. But if I were doing this as a business, I would most definitely think about keeping my unit offline.
Alas, this is what I expect from the consumer mindset. But, my dear friend, I would pose this to you: If data has no value why would a company collect it? Dont give it away for free :) Be safe buddy! I know your use case is different than most!
@@3DMusketeers I see your point. But personally, I like using the cloud, being able to pull up the Bambu Handy app to view the status of my print while out and about is useful to me. So that's a tradeoff I'm willing to accept. But I can see how this could be a concern for others. But I also feel that it is important to know what they are logging, and you've been able to show us that. And now people can make a more informed decision as to how they wish to run their machines. P.S. Sorry I missed the live stream. I was a little busy this morning. 😁
I get your use case, because I know it. Some will be willing to, others wont. I believe the education side of it is what is important. Bambu said to just trust us. We have proven that is not what one should do.
intellectual property has never been something the CCCP respects...just saying... ever read the EUA for ticktok? NEVER install that on ANY of your devices! EVER! Any company from china is not to be trusted due to their "unavoidable" full disclosure of every aspect of their business with the cccp. No. It's not a conspiracy theory...it's the truth. I thank 3D Musketeers for exposing this. Good on ya!
@@3DMusketeers I imagine that there are a lot of us with the consumer mindset as you put it. I dislike a company that lies to me as a consumer, so they only get one chance generally. I will use my A1 Mini and AMS until they either break or are deemed ancient technology with the development of new 3D printers, but due to their lies and obfuscation, I will not buy another one of their machines. As far as data goes, not all consumers care if someone monetizes it, especially if the data is randomized (not sure how to do that if they are sending the machine serial number) because there is a lot of public data we are comfortable sharing these days. Just because someone makes money with my data doesn’t necessarily mean that I have lost anything monetarily. But it is imperative to know what data is being collected truthfully and in an easy to read manner so we can make informed decisions on how are data is used. Nice job BTW, on disclosing this info. Bambu Labs should be ashamed.
I am not concerned by the information displayed here, but I can certainly understand how some users would be. I just don't fundamentally understand why Bambu can't do two things here: (1) Toggle the creation of log files via user config option and (2) Store the log files in "plain" format so users can see the content.
They are stored encrypted because it's easier to encrypt one log at a time as it's being written than it is to encrypt everything at the same time to send it off, as 3D Musketeers would also complain if the logs were not encrypted when being sent off.
I dont have an issue with the encryption, I have an issue with the hiding behind the encryption and giving users false information. I just want the truth. That seems to upset people. Which gives me cause for concern for what they care more about..
@@flat_stickproductions209 Encrypting something during transportation is not a big problem. Your comment was encrypted when you sent it and decrypted again when it landed on the RU-vid server. In the same way, the content of this page and the video are transmitted in encrypted form and your browser decrypts the whole thing in real time. So it would be no problem to encrypt the logs in real time when you send them to Bambu Lab.
First of all, let me offer a correction. This is not the “log file”, you just dumped the log folder. And 90% of what I see through this video is mundane android/linux logging. The other stuff would go to the log folder, because applications also use the log folder. So I would expect to see things like the plate shots of finished prints, because that’s likely an automatic daemon to provide a thumbnail for Studio to display in the timelapse pane. I knew about that over a year ago when they added it to studio. Many of the images you showed are the thumbnails generated by the slicer for use on the printer display, or in the handy app. BTW the two bin files are binary data of the lidar scans. Since you can ssh into the machine with XPlus you can run top (if it’s in the build) and see all running processes, and their names. Might be able to deduce the application name. I plan to do this when I run X1Plus. But, you displayed an important thing here and you don’t even realize it - the syslog with the boot sequence. Looking at that we can see the file system is android based, which makes sense since it’s an ARM architecture and using eMMC storage. Based on the kernel version it’s likely Android 10, which encrypts automatically. So there’s the reason for system files being encrypted. Also, the mainboard being named “Bamboo” is cute. Finally, just run a damn benchy and show us the json file.
No, it is the log file. That is what they have. I also showed the dumped log folder in the video, in the beginning where we showed they were similar but different. The thumbnail images in the gcode are likely just pulled from the 3MF, but just those couple. The photos from the camera are not slicer ones it uses a spintrol MCU which encrypts on chip. The machine is Busybox Linux actually. And yes, that is the boot sequence for the machine, you can see some of the little easter eggs from X1P as well.
Thanks Grant great video. Would be interesting to see if other companies are doing similar things. That said, Bambu has been especially bad faith about this so I think it's fair to single them out.
@elchavode6479 Name one other company that has ever done a massive recall like they did with the A1. Creality has been known to cut corners and have melted wires, yet they would deem it user error or just fix it on a different version. 🤣. At least Bambu made the right decision to recall and also give and extra credit to users. 🤷♂️
Yep. It's all logged. It's plain text though. Being based off of Prusa slicer it's nothing too bad, but since we found orca slicer and use stealth mode for it, we never looked back to Bambu Studio.
Yeah, I think I’m gonna go ahead and reach out to cancel my AMS order… probably better to put that money towards a Voron as well. Even that Prusa XL is starting to look pretty good again.
This really sucks. Entirely expected, but still horrible. I will never buy anything from Bambulab ever - or from any other company that thinks it is okay to take their clients information like this.
First of all thanks a lot for the effort, one thing i want to say for my fellow hobbyists that say we aren't a company and we only print downloaded stls don't look at it that way, look at the long run if they are collecting everything and have that much control [ data is power] over the machine what will happen 2,3 or 10 years from now? who would stop them if one day they looked at your data and saw you printing something they don't like they prick your machine and tell you ' you've violated the user agreement [which nobody reads] for that you can't use your machine anymore also not allowed to buy new BL products given the fact they " now" have your MAC address and all that cant they do it? I know it's an extreme example but I'm sure we'll get to this point one day if we do nothing. thanks again man for this video, and I love your content
never connect it online. is it enough? I dont know. Never connecting it and never sending a log is how you avoid data being taken. Oh, and use Orca Slicer on stealth mode
Lan mode just allow you send files to printer directly with out going through the cloud but the printer is still connected to a network that has access to the Internet.
I assume if you are uploading a log for an error that occurred, majority of the info that was listed would be needed for diagnostics. Build plate, slicer settings, gcode, and preview image info would be minimum for remote diagnostics.
Yeah..imagine if you're in Texas or somthing and someone sees what you have going on and reaches out to you to do some sweet r and d parts. You print them and then 8 months later they show up on ali. Oof. Good way to get yourself in trouble.
GDPR relates to any kind of information that can be used to identify an individual. Too much to cover in detail here, but basically no such data is allowed to be stored without the explicit consent of the person at hand. It also states the right to request access to the material that has been stored about you, the right to request that stored information is deleted and a lot more. So if the collected information can be used to identify someone, then BL is in deep water.
100% it can. Mind you though, the machine knows where it is in the world, so they may have different settings in the EU, it will take users to install X1P to find out.
Sorry, but nothing you point out is either against Bambu's claims or really unexpected. Many of the files are simply subroutine dumps located in non-default directories. They're not new ir much different from most distros' logs. Contents are also nothing of exceptional: IP and MAC adress are a must if you're trying to debug a remote access device. They're not optional. Given that those logs never leave your system unless you want to (no, conspiracy theories about remote access and ill intents are not valid when discussing proof), i don't see the reason for tone. Disappointed
But you see, I am not allowing remote access to my device, never have and never will. My IP and MAC is not needed to look at why my machine may be causing issues. Neither is gcode unless I specifically authorize it. This is collecting it, against what Bambu themselves state, without my user permission. The issue is not the ancillary stuff, like is the door open and such, its the level to which it is logging and how it is clearly not removing user data when you do a factory reset. And what tone, its a monotone video my dude.. We show you exactly what we found without giving away proprietary information for my company.
@@3DMusketeers Your IP and MAc are the only way Bambu can effectively identify your machine in a sea of others. Giving that they do rely on OTA for a lot of stuff, they need it to troubleshoot a lot of potential issues (blacklisting, ISP refusal, and so on). Gcode isn't even included, you showed that. What is included is a JSON object list, which is nowhere near what you're accusing it to be. It's a relational linker, not an instruction set. And none of it is collected against your will, unless you willingly give them the information they need to solve your issue. It's not logging deep, a telemetry report from your phone after a significant crash would give out the same depth of data. It can't remove user data on factory reset, it's a Linux distro, it's literally built without a reset function. It's not Windows. You need to do a full reinstall with a bootable medium to actually remove all this stuff. All I see is a bunch of files with expected data in them and a guy that improvs an analysis with little to no knowledge of the system underneath. It's not cool to talk in an accusatory term of stuff you don't understand.
No, the Serial number is how they would do that, which we did redact from the video, but is the most present, identifiable information in the logs. These are not OTA stuff, and bambu does not provide OTA support (last I checked at least). Gcode is included.. we showed that.. The log we went through together is everything that is uploaded when you send a log to bambu. bambu does put users in a pickle though, refusing service if users do not cough over the log file. It is why my second machine went back. They refused to help without a log. Further, it appears the factory reset does nothing, since we did perform 3 and we can still see data from the previous owner. Factory resets by nature should be back to how it came from the factory, otherwise what is the point. We gave little to 0 analysis on any of this, just took people for a tour. The 1 hour version though has tons of analysis which is backed by the team that gave me access to this stuff in the first place.
@@3DMusketeers Serial isn't sufficient in the (not unlikely case) that you're having issues with any of their OTA services, like firmware update. If your IP got accidentally blacklisted by Cloudflare, Serial won't reach the gateway if no connection is established. And of course they need logs to help you, what kind of velated accusation of malintent is even that? Any effort to help would be hardly based on evidence otherwise. That is how works in every software based company that wants to effectively help customers. Heck, even Klipper requires that you post a log when opening a GitHub issue. You didn't go though the gcode, you showed a blurred screen of something that surely isn't a native gcode file. Factory reset resets the machine to its original settings state, and it does that. The only data that can be considered sensitive are the image files. The rest is hardware-tied and not user dependent. Behind he divergence of visions here is the fact that you're using a graver tone and treating all of this like a nasty secret that goes against the official staments, while it doesn't.
I didn't tell you we went through it.. but if we had opened it that file would have needed to be blurred.. like come on. Take off the tinfoil dude. I showed you the truth. Stop trying to make excuses. They are logging things they say they aren't. A machine that's not authorized for cloud connection is attempting to make it and shows it is authorized. That's not okay. As for the IP and Mac. If, that unlikely case occurs, then sure, maybe, but otherwise, they don't need it. There is no reason. Same way you close your blinds at home and don't give tours to the police without a warrant. This is a privacy issue. My tone could not have been more monotone. Like seriously. I didn't treat this with any malicious intent. We literally gave just the facts with minimal opinion. And yes it goes against their official statement. Their official statement says no print file data. It's there. Their official statement says machines don't try and send data when offline, they do. Like, how much more clear can I be here?? As for the factory reset. It should reset it to how it left the factory, not leave all personally identifying info, including print logs, on the machine. Huge issue there would be if you buy a printer from a 2a person and you happen to live where that kind of thing isn't legal. Or even ITAR if you send that printer back to Bambu. The implications here are more than you're considering but it seems you've made your mind up that you care more to defend this company than get the truth.
There are two audiences for this. As a business I would be very concerned as a hobbyist, not so much. If they want to see my flexi dragons - I don't care, but if I was printing a part under a NDA it would be a real problem. Thanks for bringing to everyone's attention. How will the X1Plus handle this?
@@user-jy8ud6bt5k Agree. I would not even consider this for a business, but as a hobbyist, it is not important. really want to use the new X1Plus which should fix the problem for everyone.
Yikes. Do you think LAN only mode could still be a little worrisome for the Gcode files specifically, or do you think removing the entire printer from LAN would be the best solution for that? I'm not really concerned about IP/networking vulnerability stuff, just my files being potentially uploaded.
So this is only when the user uploads a log file ? also has anyone captured the wifi with any attempts to dial home without permission and is this on the X1 - X1C with the more advance screen or on the P series too ?
What you see is the machine log file generated to be uploaded to Bambu when a user clicks the log export button. My machine was attempting to make connections to servers according to the log file and was cleared, somehow, to upload data as well. This is covered in the video.
Thanks for the PSA Video Grant. Hopefully this gets out to a wider audience, but it seems to be getting buried by the Bambu Bros on other social sharing platforms. As a hobbyist making fun stuff for my kids no big deal. If I put on my work hat though, as someone in charge of an IT department for an Engineering Company that does tons of NDA work for large companies, this clarification on the logs makes them a 100% no go for us, they already were just because of the log files being large and encrypted and not knowing what was in them. Plus the closed ecosystem doesn't help when the competition can be flashed with an open and verifiable firmware, makes them all a no go for our business case. I just wish more people in the community thought that way. I respect what Bambu did for the hobby and to grow it. At their price point their hardware is well done, but I absolutely hate how they do business and their locked down ecosystem. It's just sad that people don't seem to care about trading their privacy for convenience.
Yup the hate is rolling in unfortunately, Much by those who clearly are not watching. Your comment on pro vs hobby is exactly what I expect from the community (and thats fine) I actually talked about it for a bit in this take but we took it out because its more opinion than fact lol. I too respect what Bambu has done in awakening the race to other things than the bottom for pricing, and that is great, but they have hid behind these logs, claiming, now proven inaccurate, that the machines dont do things we can clearly see them doing. I agree, it is sad people dont care about privacy, or claim they dont, but those same people would tell the police to come back with a warrant, they close their blinds, and they wear clothes lol.. While I get it is not an all or nothing thing, they definitely talk like it is :/
Very good writeup! Thank’s for that sir. So basically - either keep the machine completely off grid or buy something else… The big question is what to buy instead, that can produce the same print quality for about the same money. The I3 Mk4 of course, but it’s not quite comparable due to the lack of enclosure.
So far we have really liked the Qidi lineup, but I can now be public about the Magneto X... and just sayin, it is that.. Yes it is more pricey but holy hell its nice.
I have been enjoying my qidi x max 3 but I've only owned it for about a week so take that fwiw. Qidi gives you a heated chamber too which the bambu does not
I have been looking into Qidi too. I like X-Max-3. Cheap too, if one can live without multi color. Haven’t heard of the Magneto X. Will look into it. Thank’s!
The Magneto X looks awesome. Too bad it can’t be ordered currently. The price is a bit steep too… Not too bad though. If I could have ordered one I probably would have 😀
So model g-code is/was sent to bambu. Ehh. I asked them about that when they posted blog about logs and when they published security contacts emails... and they didn't even reply.
One more reason I’m glad I have a second printer that’s 100% offline for prototypes and other things, and an online printer for just random stupidity and things I forget to print when I’m out and about.
@@3DMusketeers Well, they did cause their printers around the world to start printing a model in a big goof So they can push prints I'd guess they can push firmware updates but can they pull logs and other files on the printers
I'm curious if your printer was connected to your network, would it have sent back a list of all visible WiFi SSIDs by the printer.. Wouldn't be surprised!
Excellent video. I wonder if the log files form the A1 are in a similar format. As of now the relationship between printers and different firmwares is unknown, but i would be surprised if they werent based on eachother/ branches. Also would be interesting to see if any references to Marlin or kippler exist.
No, actually.. I'm not sure if it would. Those links are to an AWS server in US West. So unlikely. It's more likely they expired as links but are still present.
You just answered his question, it's the log file that YOU send to tech support, and not something that is sent on it's own, lol. I see you're in full damage-control mode and hiding any comments that pushback on your theories, lol.
@@heffe2001 I answered it in the video too... But yes, we are removing comments that are just rude to be rude, per the description. If someone is just being rude for no reason, their comment will go away. If they are being critical, that is fine, but be nice, and be factual where you can. Attacking people because you disagree with what is shown will not be tolerated.
@@3DMusketeersYou realize that the lion-share of the things you found are just normal linux logs, or things that would be necessary for support to actually help you with an issue, right? I mean, even klipper & an obico local install keeps a ton of info similar to what was shown in the video. People have been collecting wireshark logs on these printers for months, with zero evidence of the printers sending anything on their own..
@@heffe2001 Yes I am. We left all that in there for full transparency spec. Only a few things we found give me any cause for concern, but it is enough for me to have problems and I think that anyone who reads the Bambu blog about what they do and dont do in the logs would also have some cause for concern. But, than again, people may not, I dont know.. We expected many to say they dont care, in fact I had a whole section on this in the video, however we cut it because it was WAYYY too much opinion lol. Clearly we should have left some of that in it seems. We are learning..
Unless you are dealing with intellectual property or proprietary files, as a general hobbiest, my phone collects and sends far more data too far more companies at once. I’m not concerned.
While, yes, your phone collects and sends data, we should be concerned that a 3d printer is doing it too. It is one more step into our privacy that is not needed
@@3DMusketeers I agree. And certainly don’t want to argue the point with anyone. I will say that Google, Facebook, Apple even Bambu, they don’t charge for the services they provide. While yes, I agree that doesn’t give them the right to steal our data, without monetizing our metadata, likes and search histories, what is the alternative? Paying for the said service and the terms are no intrusion at all? I really don’t know what the answer is. I can’t think of a better one available that is “free” because nothing is really free. They could just not do it. That is best case scenario, but that isn’t living in reality either. Thanks for replying though and nice video. Cheers
I mean, Prusa does it without any logging (if you choose to keep it off). So why can't bambu? But yeah, if it is free, you are the product, I get that 100% in most cases, but it does not NEED to be that way.
Did you run the "file" command on the .bin files to see if they're in any common encoding format that might be able to be decrypted further? I'd say that it's unlikely, but still it'd be worth a shot.
Running file most likely will result in data or binary file. You can just disassemble or use strings or the hex editor for further analyze. If it's encoded or encrypted, then you most likely need to reverse engineer the Bambu firmware to decode/decrypt the file.
I am not trying to downplay the fact that they say they aren't when they actually are but with the dramatic video i really thought you were going to open one of those files and see a picture of your kids plaing in the back yard holding your social cecurity number. For my use case, i have nothing i wouldn't openly share with others. Mainly because i only print things I've gotten from thingiverse. Unless someone can point me to a sub $600 low hassle multicolor high speed printer other than Bambu i may go with them anyway.
Does the video seem dramatic? The lighting is so nothing in my background was visible, so no one could sit and say WELL THIS COMPANY OF SO AND SO MUST HAVE PUT YOU UP TO THIS or something. It was done to block out the printers in my background lol. If you would share you external IP, your MAC address, and exactly what you are printing with everyone, I welcome you to comment with it below. Do note, links wont work in the comments because of how YT works, so do not bother linking the files. Instead, toss all your print settings, where you got the models and their names. That should be sufficient. You perceive low hassle but miss as to why the price is so low. Remember, data has a value. You should make sure the data you give you are getting paid for. Mind you, the X1CC is what, around $1600 all in shipped? I think mine was like 1583 and change You may not have issues with what is being sent, and that is clearly a different talk all about privacy, but you can at least understand the overall points: The bulk is normal, but overzealous, logging. A machine that was 100% offline is somehow authorized to cloud upload without granting such access. A machine that is 100% offline attempted to make connection to a cloud server a few times with some 3MF files. User print data is present within the logs. These are all things Bambu says that their machine do not do. Those are all causes for concern.
@3DMusketeers to me, yes, it did seem dramatic. I truly was glued to the monitor, thinking they were recording your voice or had pictures of you in your house...no sarcasm, I thought that's what you were building up to. This seems very similar to the privacy issues that Eufy ran into a few yrs ago and patched in a short period of time. I hope Bambu finds a solution to this issue. Unfortunately, it appears others are following suit with cloud solutions. You never pointed me in a direction of a color high speed printer in a reasonable price range. I've been running my Anet A6 for 9yrs now and was so excited to upgrade. Now I'm going to wait and see how Bambu responds. And no I wouldn't post my IP, I'll concedethat.
Okay, this is an honest question I ask with pure intentions: what could I have done to remove all branding behind me (even though it's unintentional) without doing what I did? Removing the machines is more work than you may think.. As for a cheap multi color printer, there's not much. I don't mind them being expensive, because multicolor this way is incredibly wasteful and most don't seem to care about that. The new phrozen printer seems to be a dead Bambu clone so we will see how that comes out I guess!
@@3DMusketeersI never felt like you had an agenda. It was the great lengths you went to prove you didn't have an agenda that made it feel so serius....and I get it is. This is your life, those prints they are trying to upload are you hard labor and an NDA violation. But I'm just an electrician trying to milk out a 9yr old Anet A6 until I can get into high speed and color printing machine. I really hoped the A1 was it. I print trinkets for my daughter and parts for my drones or workshop. Spending $1400 for Prusa that does color makes no sense for me. I'm not dismissing you in fact because of your video I'm going to wait and see before I make a decision. Hopefully BBL will allow people to opt out of this stuff for people like you. I would be willing to let them look at my prints to improve the printer. I'm still hopeful that I can get into this machine or something similar this year some time. Maybe you could do a show on "Bambo A1 competitors to consider"...just a thought.
Dude, the previous videos we have had people just rail me on every stupid thing they could.. So I took it all out lol. I guess if you dont have that context, this is an odd video.. hmm How to ride the line I guess by removing as much ammo for the fanboys but still keep the general look and feel. That is one I will have to think about. The A1 is a fire hazard, so I would frankly recommend an Ender 3 before this. Literally any modern printer would be a better option at this point. I think the desire for color is what will shoehorn you into only a few brands. Previous to this, if you wanted multi color you were doing it by layer, painting the models, or spending 70k+ on a true full color machine (like we did).
Dig into what connections the bambu handy app connects to. Then check out and see what it wants to access with prepossessions. I already dug into this and i think people would be surprised. But most people wont as they expect this type of stuff.
Unfortunately we wont be digging into the handy app. We wont be risking the privacy of our clients for that. Someone else will have to do it. Maybe you? I dont know :)
@@3DMusketeersthere keyword "privacy of clients" everyone defending Bambu keep comparing their personal data from Facebook, Google etc. they don't seem to understand that is more at stake than their person data. I don't think they realize legal ramifications that can happen due to clients data/designs getting leak to a 3rd party
Holy moly. Boa. I can‘t understand that the average user of a bambu printer just won‘t care about this huge industry Spionage. It‘s an absolute nightmare. No printfarm company with bambu should print nda enabled files.
@@3DMusketeersi don‘t know. On my last Podcast where we talked over an our about such things we of course got some hate. Right now i try to get a used P1S or X1 to completely tare it aparte screw by screw and take a look at it. That what shocks me the most is that a factory reset won‘t help at all. I know companies who use their bambu for prototyping. Ahhhhh
This really doesn't concern me personally. If they are sending off my gcode It's not right. But I don't print anything that is proprietary. I am a bambu fanboy. They have revolutionized 3d printing and have made other companies improve thier products. It is what was needed. But any type of threat over a 3d printer is silly. Really threatening anyone over the internet is silly. I would like to think it's some little kid that means nothing. But some people are fucken crazy. I am sorry that you are receiving death threats over a 3d printer. But whoever sent a death threat over a 3d printer is lame.
I dont disagree they shook the industry up, in fact I have talked about it a bunch. This is a privacy concern. The same way you put blinds down and lock your doors. The same way you dont invite the police into your home to search without a warrant. Why would you send your model data without a reason? But yes.. threatening people because of things they said is just plain stupid, immature, and unethical. That goes for anyone, including companies.....
So there is proprietary information of yours which you even had to censor and this is send to Bambu Lab a trusty Chinese company wooow awesome thumbs up hhshahahah So unsurprisingly they can see anything you have installed as a mod through the camera, anything you print, they can probably load the g code name thus the geometry and all toher stuff
the other thing a lot of people are glossing over is the company is basically DJI (all the top staff are DJI) which has a known history of this kind of stuff. Quite frankly with how heavily this thing is being marketed and pushed I would speculate its a CCP front subsidized to corner the market and steal IP. But I am the tin foil hat typw
So key question… what is actually uploaded? This is what is stored on the machine… and yes bambu need to clean their stuff up on a full reset… they got lazy on that part… erase or format those log files before reset… but is it what is uploaded the entirety of the log files? I hope not…
Possible, yes, but since I'm running stock firmware with a rooted machine using X1P and it's before they are working with Bambu, it's not likely. Being a small team, they have no agenda.
So how do we unencrypt our log files? X1Plus stated they will cooperate with Bambu and Bambu reduced the content of logfiles. I'd like to see for myself what is in my logfiles on my machine. Unadulterated.
Obviously you won't do it because of what you are printing, but surely someone has captured the log files as they were attempting to be sent to bambu no? Just because there are local log files doesn't mean we should jump to the conclusion that everything is being sent all the time. I personally lack the expertise to do so, or I would have already. I would be more interested in seeing those captured files.
Why is everyone saying it's being sent all the time? I did not say that. I said, with evidence in the logs, that my machine is attempting to make contact with servers. That is fact. I did not say anything else lol.
@@3DMusketeers Fair enough. The point I more wanted to get across was do you know anyone with the skills to try capturing this data? You clearly have access to people with the ability to decrypt what is there, surely one of them tried this already? If so, could you convince them to share with the class (preferably something *not* under NDA so we can see unredacted files).
Do you know the difference between checking for a server and sending files? Which servers? an outbound packet will look for a location. The most I've seen lan only printer tried was look for the time with ntp(network time protocol) on initial startup but stops checking when it recognizes the LAN only mode flag. You have established a logging system....logs the system. These are printers running and scorching temps. If there is a glitch, malfunction or catastrophic error they could help in diagnosing bad firmware, user error or etc. Bambu blog specifically states the log stays on the machine unless you ,optionally send them like with a trouble ticket. You have yet to prove your logs were sent anywhere. Show me a wireshark, router traffic, pihole ...anything showing an upload to BL servers the size of the log. You dance around the issue but the upload is the most important. Show me in this video where you show it. Please read up on "Technical Analysis of BambuLab's X1C Network Traffic" which has an actual network traffic overview of things (not) being sent. It's laughable how many non techs eat this up. Maybe if the one plus team, who actually had eyes on the printer, released a statement too but you are alone in your histrionics and I wonder why... I have another question why did you take down the live stream where you made a bunch of allegations that were debunked on reddit?
Grant, thanks for continuing to explore and share the facts. Knowledge is power. This would be a perfect tool, for the wrong player, to spy on industrial or military competitors.
Even tho i fully understand the problems with this, but isn't tesla, bmw and others doing the same thing with cars? Collect data and apply ML and AI later. They want to collect data and use later ML on it. I would not mind this if they would be transparent about it and show what they send.
Grant, thank you so much for explaining this video. I recently decided to return my X1C after finding this video, but had downloaded Bambu Studio beforehand to try it out. Will having this software for roughly ~20 minutes, then uninstalling it, still have the ability to log my files if I inserted various .stl files? Does uninstalling Bambu Studio completely rid the risk of it being able to log my files? I am decently worried and concerned that I am not out of the ecosystem, being that I am thinking of moving to a Prusa MK4. I am also worried about possible malware, and the ability for Bambu to have access to my computer. Thanks.
Unfortunately I don't have those answers for you. The printer is logging what you saw on the video. That software logs in plain text which you can view. It's persistent and you cannot opt out. Make sure it is completely erased from the system.
Please do an update on a p1S or PP and see if the log files are just as bad! WIthout the lidar it could be different and I'm curious if me turning off the camera helps also.
I was thinking of getting a p1 but after seeing this I dont think I want to given it requires internet connection unless you want to use a micro sd forever
These files are only sent when you send them to bambu....they are not just given whenever the machine wants to send them. You have to physically at the machine request it to produce this dump and then its only put on the SD card that you manually have to place into your computer and upload after reading all consenting documents on the support page. Multiple air gaps that ensure if you are going to send them they are under your own free will.
Granted, all that information may be in a log file, but that doesn't mean the log file is being sent to Bambu without you doing so. In fact, every time I've needed help, they've had to ask me to create a log file and send it to them, which also means you don't have to send it to them if you don't want to. So why make this sound all nefarious in the first place?
I didnt. I showed you the facts. I showed you that my machine is trying to communicate to a cloud service, that it is apparently authorized to communicate even though I never granted such permissions. On top of it, that Bambu IS logging print file information, directly against what they claim publicly. If the facts are nefarious to you, then we may need to reassess our standards for the use of that word :/
@@3DMusketeers Did you read their privacy policy? In there, they state that they may collect gcode. Here's an excerpt: "...this may include the G-code data and configuration information, printing settings, model picture...". You should probably stop saying that they publicly claim to not log print file information, because in fact they publicly state that they may do that.
That privacy policy is for the website and maker world and has nothing to do with the printers. Did you read their blog post titled Setting The Record Straight? Because that's specifically what I'm mentioning here.
@@3DMusketeers No, it specifically mentions printers as well, read the very first section again. It states that the policy applies to both website and devices, including filament and printers. Scroll down to the section titled "Personal Data that that we collect when you use Bambu Lab Products and Services", where it mentions gcode specifically (under "Print Information"). However, I do agree that this is in contrast to the blog post mentioned, which isn't OK. However, the official policy trumps a blog post, even if the latter was also official. If what is said in the blog post is meant to be true, then they should change the policy as it stands to reflect what was claimed in the blog post.
Oh, interesting, I wonder if it was updated. The privacy policy on the site may be including when you use makerworld or the cloud, where it is all but necessary for them to collect and distribute, because that is how the cloud works. I will have to have a buddy that knows the legal side look into it and see what he says! I agree though, we clearly need some clarification here... Because the CEO, who has come out saying they are the author of the blog, should be the person to trust
Jesus, people. If they wanted to steal your files they would just do reverse engineering of an successful existing product. The idea they check thousands and thousands files of dickosaurus and similar shits is just ridiculous... And no, I'm not an owner of any bambu printer.
There's plenty of applications such as defense sector where they can be prototyping secret squirrel type shit and not putting out a convenient product for them to reverse engineer. Even just knowledge of what the "enemy" is working on can be a game changer. Finally, it's child's play to write a script or even use an AI that filters out "dickosaurus" since I doubt most end users would change the filename and just download a ready made stl from online.
Somebody posted a link to your video on the bambu lab subreddit and here is the top comment, my man has a lifetime supply of copium “ Oh cool, good to know the log file contains logs that log what theprinter does. I was worried for a moment. Thank goodness known liar 3D Musketeers was able to provide us with this information. I wonder if he apologized to Bambu Lab behind the scenes, they lightly hinted at suing him for all the intentional libel he was spreading about them.”
This is worse than your average IoT device, but yes, much of it is the same as your cameras in your home. We took that part out because it was opinion, and not much fact.
This 100% confirms my pervious claims though.. so theres that.... The video released on our posting schedule, which was not modified for it. I did, however, receive 2 death threats, which is not cool.
I was listening to this while working. I can understand why some of the data being sent could be a bad thing for certain entities. But, unless i missed something, i didn't hear anything that is particularly concerning or unexpected. I wasn't aware they had stated that gcode was not uploaded but i was pretty much under the impression that my gcode was running through there servers every time i wirelessly sent it a print. If you were under an NDA i can understand not wanting them to have your gcode even though i personally think it wouldn't help them. Lets assume that for whatever reason normal means of reverse engineering were not an option. lets also assume that somehow they have the ability to sort through thousands of models and find the ones worth stealing. Even then all they would have is a model and a name. And really what could you do with something like "42mm upper housing track". Having some images is also not a problem for me but i don't have my machines anywhere where the camera could pickup something sensitive. Quite frankly i was expecting entire time lapses to be included in the log so pictures are just whatever. Slicer settings also seam reasonable to me so they can try and find what is going wrong. I also have a feeling that most of the information in these log files cannot be accessed except by a small elite group of the company otherwise we would almost certainly have had an anonymous "whistle blower" by now. I know that you do allot of NDA work and having gcode being sent to another company would be a violation. But assuming you were just a regular person with a 3d printer, which piece of included data do you feel is most alarming?
Whistle blower? that is laughable. I spent almost a decade working in China and Taiwan consulting for technology companies. There is a reason why Apple does not flash the firmware on any of their devices manufactured in China and shipped them out of country to be flashed. there is no respect for data privacy. In addition all data collected by companies has to be stored indefinitely and provided to the CCP, that is the law and there are no protections for the consumer. There have been tons of documented cases of IP theft in China, so if you are printing anything on a Bambu, you have to make the assumption that there is the possibility of your design being stolen. China has invested heavily in data sorting and it is trivial to find a needle in a hey stack. I have always said if you are just printing objects you find on the internet or toothbrush holders, a Bambu is a great printer. If you are prototyping or making parts for your assembly line, Bambu would be the last printer I would choose.
If you are on their cloud, assume they have 100% control over your machine. My machine is 100% offline, never has been online, never will be. The fact it says it is authorized to upload data to the cloud and was actively trying to access cloud servers is a huge issue. I have my timelapses turned off, but photos are definitely in there, so it is possible I would think. The logs are accessible by anyone with X1Plus which should be released shortly. As a hobbyist as well, maybe my profession makes me more susceptible to seeing data privacy issues, but me personally, my data has value, as yours does. I aint giving it for free. Will the average consumer care? prolly not. but why is a whole different conversation
@@MrKornnugget Sure they can sort through data but to find a needle in a haystack you need to know what a needle is. Even if you had an AI using a combination of keywords and analysis of model geometry you would still have to take the results and figure out what in the world it was supposed to be along with any non 3d printed components that were required to finish the design. And that's assuming that they actually have all the models for the design. It would be like trying to build a jigsaw puzzle without the box for reference and not knowing if you had all the pieces.
@@UbberMapper Let me give you an example of something that recently happened to a company I was consulting with. A Korean firm was bidding on a multi-million dollar project to build a high-rise compound for a goverment project. They sent the models to a 3rd party to build a diorama or mock-up. The models were just the external miniature shells of the buildings. During the bidding process, a competing firm from China under-bid on the project with carbon copies of the Korean firms buildings. Internally the buildings were different, but the unique external design was almost identical. After a year of investigation, they found that the professional 3d printers had a backdoor and moved the models to an unknown IP address outside the firm making the diorama. I am not going to name anyone, because this is all currently wrapped in litigation, but I would never use any printer hooked to a network that has access to the internet and I would not make the job off the CCP easier by giving them access directly to my printer if I was printing anything, anything that was part of confidential IP. Also, any company operating in China has to, by law retain all collected data and provide it to the CCP. There are no protections for any corporate data in China, period.
I'm Stil waiting on the privacy team to respond to my request for all the personal data on their servers as required by law. They've been stalling for several weeks now.
In the credit of Bambu, it is Chinese New Year celebration right now and everyone is on vacation, so I would give it a couple more weeks minimum. Bad time of the year.
@@3DMusketeersThen test that.. Rename a plate to something else in your slicer (they're blank by default), add a 2nd plate, call it something else, and drop a benchy on it. Really not too difficult to figure that one out.
@@3DMusketeers I'll check if I can... We are leaning too much in giving our privacy away, and unfortunately it's not only Bambulab doing this stuff... If I can I'll grab a Prusa. But man, it does break my heart, I had so much fun this last week printing stuff I'm designing I never had a FDM before.
AFAIK - correct me if I am wrong - the X1Plus firmware delegates to the underlying functions of the original firmware. It acts as a kind of facade to add functionality and provide an alternative UI. Thus, the log file will also be created and sent to Bambu Lab whenever the user asks for.
What alternatives would you suggest that give the same quality results? I’ve been struggling to find a company that is US based (not a guarantee on data security but potentially better security). I ordered a X1C (my first printer), so I am new to printing but I want something that just works, is fast, and high quality.
Interesting, they are sending whole files over to Bambu. I can see why they want to do that, but it's sus. I want to say that's a lot but what kind of info are other printers sending over the network? Just to have a frame of reference, I have my Mk4's and Mini on Prusaconnect and I know friends who have K1 Max's on creality's service.
At least prusa lets you see exactly what you are sending, so you can decide. They are bound by EU laws which are much more strict. Creality has shown before to not be trusted, so I would not ever risk putting a creality machine online.
@@3DMusketeers I assumed as much, I just don't know what a normal amount of info being sent over is. If you could make a video about that that would be awesome! That's all I'm saying with my message lol
I do not see how this has not been brought up for copyright protection. If im selling a model that is the last thing i want to see is someone printing my model on a bambu knowing that my model and info about the model is being uploaded. Amazing how people will say downloading a song is theft but steeling a model is not?
Because clearly people don't care. They say that the intellectual property issues are outweighed by the fact that they don't have to worry about the machine. I think they have their priorities mixed up
Do you have any evidence of your wifi password being stored in a file (likely) but being referenced elsewhere by file name or that password in any other text file (possibly being uploaded to Bambu cloud or AWS)? Grep could be used to search the string in across all files in a directory if you could prove that
I cannot confirm that at this time since I won't be putting my machine online. X1Plus will be available soon and you're welcome to check then. Don't forget, there has been a great deal of time between those 2 videos and Bambu has been changing things
So, basically if you are in NYS or well likely the USA don't use a Bambu printer Especially if you print anything questionable As NYS SP are now legislated to monitor Social Media and Internet transferred files and well the US Government has the Cloud Act
Yep. But it seems fanboys don't care.. Funny how this video has the lowest average watch time of a video but the highest number of comments ever. It's like.. people came to leave a hate comment then left without watching lol
I don’t see why bambu would need to log the gcode files for troubleshooting, files that can have Itar etc, that is definitely illegal. If they said that they store the gcode that would be different but they definitely say they don’t. Also according to the GDPR a company can only store you’re data for the time it needs, like you give them your log for troubleshooting and when the issue is solved the data should be erased. But we all know how Chinese companies have to keep all the data they track for the CCP. EU entities should definitely have a look at this
Because that would have required me knowing what was in it 100% before getting a decrypted log. This, to me, shows how much proprietary data they are actually collecting
I would guess the majority of apologist would be very upset if their ink-jet printer or photo management app was sending the same level of information to the mothership.
@@3DMusketeers It logs, but unless the user exports the logs and sends them to Bambu, the logging itself is of no concern. If you are claiming that the machine, despite being in LAN mode, will send logs to Bambu (provided it isn't blocked in your network), then that is of course an entirely different matter.
I have detailed exactly what is happening in that video. My machine, which is 100% offline has and is actively attempting to upload data. That we can confirm. We can confirm that within 5 days of me using it on a stream (the one where we fixed it) it attempted to connect to those amazon AWS servers. That is confirmed.
@@3DMusketeers And that machine was in LAN mode while it still attempted to connect to the outside? I am sure I saw in some interview with the X1Plus guys that they had confirmed that LAN mode was indeed stopping the machine from communicating to the outside (except for some generic Linux stuff like NTP, IIRC). Are you also claiming to know what data your machine would have uploaded if it had been allowed internet access? The logs (as shown in this video) are never sent (as far as I understand it) automatically by the machine, are you claiming that they would have been?
Wow... Like all of my other IoT devices, my X1 is now on a wifi network with no route to the internet. This is the ONLY way to resolve the issues demonstrated here.
Unless you are required to send a log for support. Then no, there is no way. You can't stop the logging, not to my knowledge. Mind you, some of it is fine and good and likely quite helpful, but it all being together isn't my cup of tea.
Your printer is not connected to the Internet, but what would you do if you had to contact Bambu Lab for support? They normally ask you to send them a copy of the log file, and while you could certainly refuse such a request they could say they're unable to provide support unless you first send them a copy of the log file, never mind that many troubleshooting requests can be handled without looking at any log files.
Yes I would have to send that log in. I have had multiple occasions where the log was required for them to help me and in fact is what led to me returning my second machine
@@3DMusketeers I am guessing you factory reset the machine before sending it back. Does it actually delete the log(s) on factory or do they magically stay after the reset? Not sure if I missed that part or if you tested after a factory reset sorry
@@Unkemp7 We didnt have the ability to see into the logs at that time. So we did not know. It does not appear to be a TRUE factory reset as we would like to see.
Lololol. I only saw a preview of this and expected you to be calling ME orwellian here but this is so much better.. Not only for free, you're paying for the opportunity to have it occur!
If I am understanding this correctly, information from a previous owner is not removed during a factory reset including gcode, photos of the print bed that also show area around the printer, MAC, WiFi information, etc? So because this information is still stored and a new owner connects the machine to their “full online services”, this information from the previous owner could be sent out by the new/current owner?
We still see evidence of the previous owner's records on this machine including some in the print log. We do not see their photos though, those are all of prints I did. And yes, it could be sent out by the new owner, especially if they send a log without knowing what is in it. That is why we wanted to do this video.
We do unfortunately see it more often overseas, but to be clear, many companies in the US are not innocent either and often have quite egregious security issues
Not here to stir the pot, but more out of curiosity… Is this actually a large deal for most people? Unless you’re printing proprietary things, or printing illegal items, I’m unclear what the difference is for most? For context: 90% of my files are downloaded off the internet then adjusted or modified as needed. I’d assume that means the websites are also collecting similar information given I’m downloading from their sites, no? New to printing, not super alarmed by this as you can always run LAN only mode, block the outgoing packets, or go offline with SD Card only, but understand it’s a little odd compared to some others. Looking forward to y’all’s answers!
Not a big deal for me. I print and sell files from Patreon subscriptions. I don't work on NDA stuff for people. If you require a printer in an isolated environment I get it, but there are printers out there that cost more money and give you those capabilities. Or you could go cheaper and tinker more with your prints to get them to an acceptable level. These printers are at a great price point for both consumer and business and produce quality parts. I have over 10,000 print hours on my Bambu machines and they work flawlessly. I'm curious what percentage of Bambu users actually find this to be a problem as well. What percentage of Bambu users use these for business purposes strictly with projects under an NDA. Often ITAR is mentioned in Grants videos, but I would be surprised anyone uses Bambu for ITAR situations with all of the legal ramifications.
The average user likely wont care. That is a whole different conversation as to how people have been trained to not care about something companies clearly do. Websites can collect data, but not on this level. This is reading lots of sensor data from the machine. LAN Mode, nor SD only (Which is what I use) does NOT stop the logging, this occurs regardless. I dont disagree that the price is right, but lets look at the value of the data. Now, we have nothing to suggest, at this time, that Bambu is doing anything nefarious with it, however it is certainly more than what is minimally required. Hanlon's Razor comes to mind here.. I would bet, given how popular these machines are, that many businesses use them, and those who arent read up on ITAR may make the mistake. But lets think about the 2a people, printing pewpews which upload a log to Bambu. That's a paddlin that Cody Wilson learned about first hand.
@@3DMusketeers2a guys are uploading directly to MakerWorld. Anyone involved with ITAR will have a security manager who is well read, I held that job for a couple years.
@@3DMusketeersI don't disagree that if all of this data is sent to them automatically, it could be a bit much. You had said this was when you exported the logs. Is this 100% what gets sent to their servers? I thought I saw somewhere recently that some logs get sent, but if you contact support, they do ask for you to upload the logs. If they already had them, it doesn't seem like they would want to waste that extra bandwidth. I'm not hardcore on either side, but I just like to be an observer of these topics and chime in where I can lol. I believe with like ITAR situations a lot of companies could potentially drop the ball. For example, Microsoft has no certification for ITAR compliance unless you upgrade to a special Azure license I believe. SO much stuff goes into that compliance.
