Wouldn't it be good if companies could be given a rating related to their data slurpage in the same way that iFixit rates devices on repairability?
Hewlett-Packard Inc's printers don't just slurp the contents of your wallet at a frightening rate. They also guzzle a surprising amount of data on you and whatever you're printing. Security engineer Rob Heaton discovered exactly how much slurpage HP is engaging in after his in-laws asked him to set up their new home printer. …
Whilst it's probably effective to just piHole the URLs involved, another approach would be to simply setup a job to dump petabytes of junk data to those URLs instead. Especially if that junk can be disguised o look like real data. If enough people did it, it would make all the data pretty worthless.
With the added advantage that if enough punters do it, it will force HP (and any other sneaky data slurpy companies) to have to add an extra T&C that you must provide "clean" data, with a detailed list of what they want to be able to dig out of the data supplied. Whereupon you can ask "why ?"
This vaguely reminds me of that period in history (before I stopped shopping in shops) when it seemed every poor cashier had been told to ask customers for their postcodes and names. The problems started when you gave SW1 1AA and M. Mouse ...
On a somewhat related note, when I went to have my CO2-canister refilled at a sporting goods store they asked for my date of birth, even though I'm about half a century old. Seems that it's illegal to sell the stuff to kids.
Without missing a beat I told the (hapless) cashier May 1st, 1905. Apparently not very good at math, she had to type it into the computer so it could tell her how old I was. She looked rather startled from the screen to me and back, to which I asked her, "Don't I look great for my age?"
She showed some wisdom when she just told me how much to pay without challenging the veracity of the information.
A clothes shop I had frequented for YEARS suddenly decided I couldnt buy anything unless I got a "membership" card.
So I duly filled out my form and got my card; as the card actually had no identity on it, no electronic chip, or mag stripe, it was an obvious ploy to get names and addresses for junk mail.
All my junk mail was duly being sent to:
Starship Astral Princess
Low Earth Orbit
At least I assume it was sent, the postie never actually every gets up this far.
I saw Elvis last week, finishing up his tour of the outer galactic rim; he should be back with his new album any century.
Some years ago (and for several years) I had a local supermarket "loyalty card" with the name "B. Munchausen" and the address of the store I usually shopped at. Since I always paid in cash at that store, there would never have been any sort of cross-check. Once--in perhaps ten years--a clerk asked if I was related to Baron Munchausen. I just smiled. Never seemed to occur to anyone that the name was a complete giveaway that it was all a fabrication...
Not only did I nearly splurt my drink over my keyboard, it actually prompted me to laugh out loud... Normally when I'm sat on my own I merely chuckle inwardly.
If I could insert a gif, it would be a black and white one of a middle aged man with glasses and a moustache applauding.... those who know their memes will know which one.
Don't understand that, however I would not be surprised if it was some form of tax avoidance.
To be honest that would be fake details for me.
But supermarkets, got a Tesco card, but they should be concerned about us buying a lot less as they get rid of lines.
It is not the collection of data as such which bothers me but the hidden collection of data.
I KNOW that Tesco know what I buy, but I think like this, they can see I am not buying crap, that I am after high welfare stuff. That send me offers for good stuff.
Because of the Tesco card I know that if I wanted something not logged, no card, and cash. But my big shop, what does it matter that we buy a lot of tinned tomatoes for pasta sauces?
I can control what Tesco knows, but can I with say Microsoft, or various peripheral manufacturers?
But whereas with say Tesco I can control, can I control what say Google know?
Despite all their vaunted number-crunching skills Tesco almost certainly don't know why I stopped shopping there years ago. It's what comes of handing over a part of their operation to a 3rd party. In that case their car park to a parking vulture who I very much doubt shares data with them.
Are you trying to be funny ?
Do you have any idea how many home-brewed postcode "validation" routines that would break ? It's almost as bad as those email address validation routines that reject email addresses with an apostrophe (go away, look it up, read what it says, and come back and say you've learned something).
Although the best one was a phone number validation routine that insisted on 11 digits, and thus rejected quite a few places that were still on 10-digit exchanges (Redditch being one ...)
Postcode validation... back in the very early days of this, one of them asked me to complete my address. We live near the town of Caerphilly in the County Borough of Caerphilly but of course, being Wales there's a Welsh spelling too - Caerffili. I used one spelling for the town and the other for the county and I am constantly surprised how many online sites seem to use that same database to this day - I enter a Caerphilly postcode and have "Caerphilly" filled in automatically for the town and "Caerffili" for the county on a fairly regular basis.
As for the email thing. I also use ".cymru" and ".wales" TLDs for one of my email addresses. On more than one occasion email has bounced because "not a real address" or some such similar.
Actually this is a software issue on some emailing software, 3 characters are the limit on one we currently buy in.
.wales no chance
Bit annoying for a Welsh customer, but luckily their customers still have their .co.uks
And yes we found it with .wales
They still do that in Screwfix. Fucking annoys me but I know it's not their fault, its the shitty system they are lumped with. Was before GDPR but because of GDPR they now have a code to skip that section so I just say "I don't want to give my details thanks" and we continue as normal.
I just tell them to put their email address etc. in.... the current excuse is along the lines of 'but if we don't have your details and purchase history, you'll need to keep your receipt for the warranty' - like i've done for the last 40+ years you mean? (I do occasionally throw the receipts in the shredder, once the warranty period has expired!)
For website purchases that insist on a phone number, I always put the selling companies one in, there is a lot of email validation checks that don't allow a '+' in the address, even though it's a perfectly valid character.
every poor cashier had been told to ask customers for their postcodes and names
To which my answer usually is "I'll provide that data if you can give me a written reason for requiring it that clearly sets down how you will use, process and store that information as well as listing every organisation that will have access. I'm happy to wait."
(The alternative answer is "no, I won't provide it" - usually given when my wife is with me as she gets embarrased by me being (her words" "bolshy").)
 Thus tying up a till..
Frankly, if you buy anything that isn't £30 you should be ok in Linux I'd have thought. Don't forget that CUPS is basically written by Apple (though wasn't there some movement on that?) so the innards should keep up to date, and many printers these days speak perfectly good PDF, Postscript or PCL so can be run quite happily with generic drivers if necessary, though you may lose some niceties such as supply reporting. When you can get a colour laser printer with duplex unit and network connectivity for under £150, why would you even look at a cheap inkjet?
I guess you haven't heard. Michael Sweet, the developer of CUPS (at the behest of Apple) is planning on removing RAW queue support and PPD supported printers. Reason being is that if the printer doesn't support IPP2, it's considered 'old'. He went on to say that it breaks proper print reporting and driverless printing. Maybe Apple is wanting to get in on the print metadata slurping business now?
Hmmm, PPD support has been the mainstay of my 'it just works' printing experience and I'm sure this is still the case for many users. If it gets removed upstream I can only imagine than a new fork of CUPS will emerge to keep PPD support going.
It has to be said that HPLIP is also very impressive, especially as even low end printers are covered... My heart sank a bit when my mother in law, who is blissfully unaware that the PC I have her is running Linux, announced that she's bought a new bargain printer for about £30 in PC World and, could I come and install it.
I needn't have worried because it was an HP and HPLIP just recognised it and we got on with our lives... Which is more than I can say about some of my recent experiences with printing from Windows 10
Thankfully, removal isn't that bad. It just means you will need to install a cups-ppd package in addition to cups much line you do today for cups-filters, cups-pdf, cups-pk-helper, etc..The beautiful thing about open-source, is there a long a darn good programmers and packagers that generally keep one step ahead of this type of shenanigans.
PPD support has been the mainstay of my 'it just works' printing experience and I'm sure this is still the case for many users
I always buy PS printers, knowing that all I need to use it fully with any system is the PPD file for it. And without a PPD file, it'll still work as a generic PS printer. It was only a couple of years ago I had to get rid of my old Canon CLC with Fiery RIP - because mum was downsizing and I didn't have room for it. Long, long after manufacturer support and updates had ended, all I needed was the PPD to use it for newer and "unsupported" OSs.
If PPD "gets removed" then I will PERSONALLY drive a FORK into it...
ALL of my printers have required PPD files. And I *REFUSE* to use *ANYTHING* resembling UPnP including that apple 'IPP' thing on FreeBSD or Linux.
Fortunately, open source can be FORKED, even if I have to do it MYSELF.
If the WINDOWS and PHONE software+drivers is where the slurpage is happening, then I think those of us using CUPS and the HPLIP drivers are in the clear... for now.
I suppose I'll eventually need to put the printer on a firewalled subnet then. I would set its primary gateway to something that can't route to anything outside of the LAN.
And if THAT doesn't work, I'll be looking for something that's equally well support for Linux and FreeBSD as HP has been, because IF I HAVE TO WRITE THE PRINTER DRIVERS MYSELF AND PUBLISH THEM, then I'll do JUST THAT, and they can TAKE THEIR SLURP and CRAM IT UP THEIR INKWELLS.
The HP printer I have is an older 'all in one' which never really worked properly out of the box, but I can "get it to work" by talking nice to it and offering it flowers on occasion. Their quality had obviously gone downhill and not just a little downhill. The top paper feeder for the scanner/fax stopped working shortly after I bought it, but as I didn't do multi-page FAXs I ignored it. However it fails to feed paper a LOT, unless I "bend it a certain way" and things of that nature. If the paper stack is too tall, or too small, feed errors are common...
Couple that with DATA SLURPAGE and "brand loyalty" just circled the drain and wend *slurp* - back at ya!
Well, I can do it all without full caps: the thing I bought (477dw) works as it appears to speak all printing protocols known to men and then some. Yes, a set of ink cartridges *appears* to cost a lot of money, but when you actually check how long they last it turns out the cost per page is almost equivalent to Epson's new EcoTank printers, but less messy. Add to that that it's a Pagewide model which at full tilt is capable to scream through a 500 sheet ream of paper in about 10 minutes and comes with drivers that just work and I think it'll be another HP "Office Pro" purchase that I'll eventually sell because it's old, not because it stopped working.
About the only thing I nuked was the printing via some HP email address - the firewall restricts this printer to external comms with my SMTP server only, and I'll check every so often for an update.
Also, inkjets tend to have page memory, but no permanent storage..
If you know the printer's IP address, and you can control your subnets, you can set up a firewalled gateway for the printer that prevents it from routing to ANY destination address outside of the subnet.
Example: your network is 192.168.0.0/24 with a gateway of 192.168.0.1
The gateway also knows how to route to 192.168.129.0/24 where the printers are
The printers all get a gateway of 192.168.129.1 which is an alias for 192.168.1
You THEN add a firewall rule for 192.168.129.1 that rejects ANY packet that's not being sent to 192.168.0.0/24. You ALSO block all multi-cast traffic attempting to leave the LAN.
(All of the other multicast traffic should remain within the LAN anyway, but just in case, put a rule in there)
This should LOCK DOWN any printer hardware attempting to phone home. As for the printer drivers themselves, you COULD host them as shares on a Linux machine and print via HTTP to the Linux box...
(that way windows and phone users could still print, would NOT need a "special app", and would NOT be phoning things home on behalf of the printer)
You THEN add a firewall rule for 192.168.129.1 that rejects ANY packet that's not being sent to 192.168.0.0/24
I have a devices-only wifi network (I like Unifi - especially when paired with a proper firewall!) specifically for the few IoT devices that I have. With some very strict rules on the firewall about what gets out (by default it block everything and I have to pre-pend any rules for stuff that actually needs to get out..)
I did (for a whole) also have a guest wifi network but, since I've known all the people that come to the house for quite a while, I just add them to the main wifi network.
And in the meantime, do we know if the slurp goes back via the main company URL or via another that could be added to a Pi-Hole?
Or you could just block the internal IP of the printer from accessing the internet at your router. If you don't plan on using cloud print or any such stuff, then why does it need internet access at all? LAN yes, WAN no.
Or set network details statically rather than on DHCP and just leave the default gateway blank or set to 127.0.0.1...
"Or you could just block the internal IP of the printer from accessing the internet at your router."
Because it's most likely not the actual printer doing the phone home. It's more likely the app itself collating the info from the print job and sending it back.
I'd love there to be a site that collates all of this stuff with IP addresses and URLs so we can block them without having to Wireshark the connection.
So delete the app?
The app is typically a final step of setup that you install on a computer or phone, sold as a management tool to sucker you into ink subscriptions along with a few basic management functions/ink levels instead of logging into the printer's admin panel via a browser.
Epson tried to pull a similar one when setting up my printer. I did - briefly - have the app on my phone. Then I deleted it. It never touched my desktop, laptop nor the wife's devices. But they can all print. If HP want to reliably collect data, then it needs to be the printer phoning home. It's no good if just one device for the household has the app installed!
" just leave the default gateway blank or set to 127.0.0.1..."
this might work if you only route on the same subnet as the printer, but in some cases [read: large network with multiple subnets and/or VPNs] you still need a gateway to route 'other than the subnet' packets to.
But then my suggestion was to use a gateway and subnet that are "special" to the printer, in effect isolating it from the rest of the network, and firewalling everything through the gateway you gave it
THIS is what RMS meant about modern software being malware! They've normalized evil.
LOL, other replies to this comment. Yeah, THIS should be Stallman's next big crusade. Oh who am I kidding, he'd get stuck on the bootloader being OS-err 'free' software with that Pi, I bet.
wouldn't it be good if there were laws against this, enforced with prison time for CxO's if breached,
Said prison cells having a 'viewing platform' above the cells where the victims can go, with a special 'communication grate', much like this one?
--> You'll want a dozen or two of these before visiting. But be careful not to "break the golden seal" till the visit starts.
As part of trying to get a government department using HP kit to use SNMPV3, we gave management a list of the print file names extracted from those printers. They blanched. Why do printers need to store that data, especially when it means anybody can learn that files with titles like "IT headcount reduction 2009.docx" are being printed?
Given the material El Reg publishes it must have enough to prepare an annual list of Corporate Own Goals.
I would hope that HP wouldn't try to bork printers with third party cartridges again, but I wouldn't put any money on their not trying it once again.
A Grand List of Shame would make for good reading over the festive season.
My HP printer is one of the old-school all-in-one mono single-sided jobs that depends on an external Jetdirect box for an Ethernet connection. It's unlikely to be able to send anything back. OTOH it looks solid enough to last until the heat death of the Universe. When I decided to get a colour duplex printer as well I remembered the quality of the more modern HP all-in-ones my daughter's employers had provided for her home office - and bought a Brother.
"...and bought a Brother"
I keep wondering if to get myself a new all-in-one, but have been putting it off for at least 5 years because my current Brother all-in-one is still going strong, as it has been for probably close to 15 years now. I'm strongly leaning Brother's way for any possible replacement, too
My HP printer is a LaserJet 4M which I upgraded to Postscript using the card from a dead LaserJet 4P. Purchased in 1992. Still works well.
My wife's gone through four or five HP inkjets over the past 15 years. Even without the spyware they're rubbish.
I debugged an apparently-hung HP printer-software installer on my daughter's Mac some years back, and it was mind-bogglingly stupid - it had a script doing a series of "find /" commands, one per each of a list of filenames. So it was searching the entire filesystem tree multiple times.
As far as I can tell, their software hasn't improved since then.
My (rather expensive) Canon printer doesn't actually bork itself with third part cartridges, but the sheer volume of "OMG!! This isn't a Canon cartridge! Have you any idea what damage this thing could do to the planet?" messages, usually followed by a clickthrough dialog worded along the lines of "I agree I'm a fecking eejit and accept that all my printouts could be shit because of my appalling buying habits" that I have to go through makes the whole prospect of buying cartridges just because they are 80% cheaper than Canon (and the little fucker takes six of the damn things!) just too much of a hassle for a sheet of A4.
I wonder if it does it anyway even when you install the minimal driver, maybe from the zip file without the installer. I learned long ago to not run the 500MB installer, especially when the access to the screen to NOT install all the default crapware is hidden cunningly.
Anyway my printers are in a separate VLAN/subnet without internet access, although I didn't configure ePrint, it's better to play safe....
Only 500MB?? You must have an old one.
Last HP I was asked to install came with 1.2GB of crapware that was installed in a single lump, with no option to only install the driver.
Luckily, after a reboot, all the crapware showed as individual crap in the Programs list, and could then be uninstalled one at a time.
Took freaking HOURS though.
HP used to hide "advanced" features, like double sided printing, collating etc, in their own bespoke software, so installing either their own basic .inf driver, or the built in generic Win driver only got you the most basic print options.
The printer I mention above wasnt one I bought for my use; the last HP printer I bought for myself was a near top of the line SOHO printer I bought about 6 months before Vista came out.
Despite it only being on the market for a year before vista came out, HP NEVER produced any drivers for Vista, you had to use the built in Win printer driver.
So, no double sided, no collation, no photo printing, no booklet, no ethernet, and it also didnt like USB, if you turned it on AFTER booting the PC, the PC would bluescreen.
This meant staying on XP for a long time, right through into the first few years of Win7 JUST to get some value out of the printer.
So HP lost another loyal customer, who had been buying HP SOHO and photo printers since the 90's.
Based on the list in the Ts & Cs, I'm guessing the app or driver. But it's easier to firewall the printer from the 'Net than filter specific apps on your source devices (particularly if the slurp is via HTTP/S). Then you have to blackhole the destination instead.
Repeat after me: Deny by default!
>The printer or the app? I'm hoping only the latter.
Many printers will be sending stuff directly back to HP (ink/toner installed and used, pages printed & copied), then there is the PC resident support assistant which will also be sending the richer Windows stuff back. So in theory HP could be receiving data from a printer and every device that uses that printer.
The question is how much is sent back if you don't opt in to the customer experience improvement program or ink service.
Same thing applies. Dumbos are willing to pay. They get data. What actual use is it? At the end of the line it has to either get written off or has a false valuation attached. I suspect the entire data trading economy is an example of making a precarious living by taking in each other's washing.
My aged HP LaserJet is somewhere in Deceased Printer Territory, and its functions taken over by two Brother laserprinters (one colour, one B/W) driven via CUPS.
Unfortunately I have to deal with HP (now HPE) professionally. That last word is not how I would describe HP's dealing with us.
Yup. You'll get my beloved 4300 and 5500 series LaserJets out of my cold, lifeless fingers, and even then only with a pickaxe. I will continue to use them for as long as supplies are available. Given that HP appear to have made about a trillion of them I doubt that this will be a problem any time soon, and they're already 15+ years old.
Laserjet III, IV, 4150, 4200 - Come and Take It! [yellow flag with coiled snake adorning]. The LJ III purchased at Sam's in 1990 provided continual service without repair until 2016 - few things were ever so dependable. The entire data slurping and bloatware debacle at HP is a sad but glaring footnote to a company started by a couple of talented engineers out of their garage. The old Laserjets were a high point for what was a printer company to begin with. Seems direction was lost somewhere along with the introduction of the inkjet line. I recall my first experience with one and the shock at the size and amount of software that came on the enclosed CD that held the driver. How far corporate integrity has fallen.
I have an Epson SX525WD which is blocked from the internet by the router firewall, but the firewall never logs an attempt to talk.
The EPSON iPrint app seems to keep data collection to only what is necessary (according to the Privacy Statement) and in any event there is an opt-out setting. I haven't snooped on the thing to make sure, though.
So, I have just decided on the new printer I am going to buy.
Yes, it was going to be a Pagewide.
Not now it isn't. But I am now wondering if all manufacturers do the same.
Perhaps I will go back to the old way and dump what I want to print onto a thumb drive and then plug it into a computer and printer that is not connected to the internet. Though I have no doubt that the "slurps" will have thought about that, and said printer will stop working after X period of time, because it has not been able to "phone home"
Is there anything in the computer and peripherals that can be trusted?
Most of the time the driver on the disk is out of date anyway. It's always better (in my experience) to pop along to the manufacturers site and get the latest driver directly from there. And yes - for the common ones it's still possible to just download the driver without the "Value Added" stuff.
Have been doing the same thing for the last six years or so, after several bad experiences with HP printers, their crappy & bloated drivers, their big-brand-name inflated prices and all the "genuine HP Ink supplies" BS.
As I'm a freelancer giving advice to many small to mid sized customers, this translates to HP losing a few dozens of printer unit sales every year, and there are lots of other techies doing the same.
HP has been living on its past fame for more than a decade, and the well is almost dry now.
HP, "You'll reap what you've sown".
Justifiable fame I would add. The decline must in part be connected to short term managers who get their bonuses in the next financial years based on the current years performance - so screw the future provided that particular future lives beyond you current bonus and roles lifetime.
Sad, but true. Methinks current laws need some serious tweaking to prevent this short termism from turning management into the worst enemy of big companies. Some more tweaking would be needed to prevent said companies from acting like fecking sociopaths!
I'd like to add that my first computing device was an HP 33e programmable calculator. It was a high quality, extremely well designed and well documented device able to stand many years of use, like most HP products in the following decades. Until circa 2005, I always recommended HP products to my clients, but, around that time, everything HP related began circling round the drain in a really depressing way.
I stopped using HP printers ( or anything else by them) years ago due to a ridiculous failed driver update.
The driver software would only install after a complete uninstall of the previous software. OK fine.Except one DLL would not uninstall. Nothing would remove it and while it was there the install routine would not run. It aborted when it cam to that bit. To make it more annoying the version number of that dll hadn't even changed.
There was no option to skip, which would have done the job, just to abort.
Printer was then useless.
I spent days trying to get that fucker off my PC. There was a whole set of uninstall layers and depths that could be applied ( buggered if I could see why it should be so complicated anyway). I did them all,repeatedly. If my memory serve me correctly i even tried to remove the traces from the registry. Just got nowhere.
And then went and bought an Epson
Never bought anything HP since.
I went with Epson.
They have bulk ink models, that drink ink from what look like intra-venous canisters instead of cartridges. No way to identify the ink. You can buy the stuff by the gallon if you want. A single pint of each color should last 4 years or more for the home user, hence the IV sized (75ml) that lasts two.
Except... the "sponge" that sits inside, below the spray headers, "gets full", after 2 years, without explanation and LOCKS the printer. There is an actual sponge, that gets actually full of spewed ink, but no level sensor at all.
You just buy a fresh sponge from the parallel market, do some actual cleaning in there, and download a software that "resets" the sponge counter, all from the same market.
And keep printing.
If you want to do any serious printing, why are you looking at a printer that uses ink in the first place? Get a laser printer. If you want colour, get a colour laser. Toner doesn't dry out; fuser rolls don't get clogged up if unused for months at a time, toner doesn't fade like ink does, and laser printouts don't spot and run if you take them anywhere with the slightest bit of moisture (for instance if you have to take your printouts *gasp* outdoors). Oh, and toner is generally cheaper (catridges can be expensive, but last for 1000s of pages, not 100s).
> Get a laser printer.
Have to agree - when the kid's homework inkjet clammed up *again* after a short period of not being used, I bought a fairly cheap Samsung colour laser. That was four years ago, and it's only onto its first set of replacement toner. Not the most heavily used, nor stunning quality, but it's happy to be ignored for entire summer holidays and Just Print when asked to.
If you take your tin-foil hats off for a bit, this is all standard fare for any sort of tech support call. Its pretty routine for any software vendor to gather such data in order to figure out if you need to fix something if such-and-such an OS/bios patch appears that breaks your software without having to resort to polling incoming tech support calls from you lot (read your EULAs). Obviously they do want to sell you ink, but on the other hand, they might also want to make sure the printers are actually working in a large scale sense.
"this is all standard fare for any sort of tech support call"
Then they can ask for that information if I make a tech support call. Collecting it automatically by default is just plain unacceptable.
"they might also want to make sure the printers are actually working in a large scale sense"
I'm sure they do. That doesn't excuse this behavior at all.
No company (software or hardware) that does this sort of thing deserves my business.
well, perhaps in the world of "should / should not". Meanwhile, in the real world, it is pain acceptable, because it is done and people don't storm HP HQ with pitchforks about it. And they still wouldn't, even if they knew :(
Meanwhile, in the real world, it is pain [sic] acceptable, because it is done and people don't storm HP HQ with pitchforks about it.
Meanwhile, in the civilised world, collecting personally identifiable information without consent (and not allowing "no consent" as the default option) is illegal under GDPR. Precisely because of the scumbags that abuse the collection of such information. I'm sure a lawyer could make a strong argument that a proxy identifier such as an "advertising identifier", machine serial number, date of first install, etc. when combined can quite easily be used to uniquely identify an individual, and that some of the data being collected could even be considered "sensitive" information (which has additional protections), if your lawyer is skilled enough.
Is it the printer that "phones home" or is it the software installed to on the PC/device to "drive" the printer. If it is the printer then it is easy as the printer has no need to access the internet. If it is the PC/device it is a little harder. I agree that basic drivers are one solution. The only way to get these companies to change behaviour is to vote with your feet but I suspect they are all as bad as each other.
Fortunately I have been able to keep my 10+ year old printer functioning and its drivers don't phone home (if I read my firewall logs correctly)..
While i do like the poison well concept mentioned in the first post I think I"d rather have a complete list (compilation) of all the companies/devices/software that are known to phone home along with urls & port numbers so they can be blocked. A script with IP table rules would be great!. Much simpler I think than trying to generate reams of fake data and then having to use my own bandwidth to send it all.
I probably dreaming that such a thing exists.
...is a mono printer that just prints A4 when I send a job to it. Possibly duplex.
I don't need colour, scanner, FAX, scan-to-email, NFC, Wi-Fi, bundled apps, opportunities to "register", cloud-based printing, ongoing subscriptions, immediately-obsolete consumables or any of the other cruff.
Increasingly hard to find a printer that just prints.
The device you're printing from connects (or tries) to mq.dataservices.hp.com every time you print from it
The printer occasionally connects to h19005.www1.hp.com, according to my Pi-Hole anyway.
The printer is a Colour LaserJet M280.
Needless to say, these were already blocked as they provide no benefit to me.
Is this why many all-in-one printers just break one day with no warning, not showing any cartridge in one slot typically or just stop printing entirely with an error.
I am still investigating but unfortunately someone binned the printers while "tidying" so very hard to evaluate what broke.
I did find that some older units jam up due to spitoon tower-o-ink and this is a relatively simple fix involving some simple-but-messy maintenance.
Incidentally ink spillage from people being careless can mess up the contacts, as can getting a paper jam as it puts stress on the cable(s) leading to a failure at a later date. Typically ink residue only becomes conductive when damp thus explaining the intermittent nature of the problem.
"We do not scan or collect the content of any file or information that might be displayed by an application."
Well that makes me feel sooo much better, thanks HP.
There's a simple way to test that...
Create an application that displays your "advertising ID",... pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies...
... information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product..."
If they collect any of that information....
(Actually I believe there already are LOTS of applications that do this, for example Word, PS etc display their name in various places, many will display what file you're printing, when you go to the printer settings/job settings you'll see a lot more of this stuff shown... IOW HP speaks bullpucky...)
(El Reg - where's our "defecating bull" icon?)
This post has been deleted by its author
"product usage data such as"
"Heaton told The Register he hadn't sniffed what his in-laws' printer was beaming back to base"
So actually he has no idea what data is being sent back to HP and is just fear mongering. 'Data such as' does not mean 'exactly all this data' so without actually verifying what is sent you know nothing. Thanks for printing the guy's name so I can be sure never to use him as a consultant.
'Data such as' does not mean 'exactly all this data' so without actually verifying what is sent you know nothing.
Consent to "data such as X", however, does given them the right to arbitrarily change what that X is in the future. If they don't intend to collect it, why did their corporate lawyers* put it in there.
*people who are undoubtedly more highly educated and paid than you, and have made a career out of acting like weasels to such an extent that some of them may have now grown fluffy tails and whiskers, and are making plans to move into Toad Hall.
I seem to be one of the few that doesn't have issue with this - all the information they're collecting seems useful for QA and R&D. In the same way though I took out their Instant Ink subscription too, because I don't think I've ever had an inkjet that's played nice with third party cartridges - either the colours are off or they clog the heads. My last epson I used to have about 1 cartridge out of every 5 that just wouldn't work at all.
I seem to be one of the few that doesn't have issue with this - all the information they're collecting seems useful for QA and R&D.
I do. Knowing how many pages I print is not at all up to them. Knowing the file names being printed by my Dr's office is absolutely not acceptable.
And the other "technical information" that is covered is, well, that's a blanket option for them to grab whatever wherever. They may not grab the content of the files you print, but what about other files on your system? How about "/temp/copy_of_printed_document.rtf" which is never displayed nor printed, yet ripe for them to harvest?
And do, pray tell, explain how what web pages I view are relevant? (In the linked doc (El Reg - note it hadn't been archived but I clicked the "save this page" thingy for you:) ) under Website Browsing Data" : "and other clickstream behavior (such as the pages you view, the links you click or which items you've added to your shopping basket)." Some would read this as limited to HP's own pages. To me the use of "..and other... puts it outside of the pages HP owns.
I'm glad I no longer have a need for printed material.
They do a similar thing on their new large format machines if you decide to follow the installation manual and update the firmware after the initial set up.
Thankfully you can decline the T&C and therefore prevent the firmware update that will block third party ink from working.
but I would love the script that they use...
"information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product."
This info would be immensely useful to most shops, except for the last few bits...
They don't, of course, have 'a script' that collects all that. For your printer, depending on how expensive the printer is, it's just going to be firmware, or manufacture date, page count and ink details. Your HP PC will report other values, and various installed software will have other 'scripts'.
Has anyone looked at the ink subscriptions? None subscription i can easilly use £30 a day and in fact threw out a canon printer after taking 4 attempts to get an A4 photo print I was happy with and finding that the attempt had consumed a £35 colour in cartridge. HP offering, free ink for 7 months and then £2 a month from then on. Suckers would be buying the cartridges without a subscription.
does anyone still use this crap any more?
Why does every company who makes stuff think that it is just perfectly fine to snoop on us 24/7?
I'm sorry to say that I once worked for that bunch of scumbags that call themselves HP. Even though it was a long time ago, I still think that this is really shitty behaviour. Oh how the mighty has fallen eh?
"Why does every company who makes stuff think that it is just perfectly fine to snoop on us 24/7?"
ARROGANCE, mostly. And CLUELESSNESS.
years ago "they" used to do whatever they *FELT* to autoexec.bat, config.sys, windows.ini, etc. and a LOT of people complained. HARD. Did not stop "them". Eventually when windows '9x released it became possible to do that stuff with the registry and it sorta stopped.
NOW everyone is on the "big data" bandwagon, because everyone ELSE appears to be on it. Predictable results, anger, and frustration.
Biting the hand that feeds IT © 1998–2019