Bambu Lab, the company behind my favorite 3D printer, has had a hell of a week. Now that I have some answers to my burning questions, I hope you enjoy them too. But first, some backstory.

Since last Thursday, some creators have pledged to no longer buy Bambu printers and even removed some 3D models from its online repository, after the company revealed it would be adding a new proprietary authentication mechanism that can prevent you from using third-party tools Control your printer remotely.

While you can still paste files onto an SD card and physically put them into a printer or use Bambu's proprietary cloud, the old way of printing remotely from a third-party slicer will no longer exist - unless you download the new proprietary The Windows and Mac "Bambu Connect" desktop application will be the middleman between the slicer and Bambu hardware.

Although Bambu made it clear early on that this would be Elective update, you can simply choose not to install it, and the company is also positioning it as necessary A way to protect printers from remote hackers. However, some owners immediately saw this as a potential bridge to "enshittification."

They point out that Bambu printers can already detect if you're using official filament rolls, and envision a future where Bambu can prevent you from using third-party filaments entirely. They note that Bambu appears to already be planning a subscription service for its print farm software that requires regular cloud activation, and envisions a future where your Bambu printer will stop working if you don't pay.

Bambu denied these and many other such concerns in a subsequent "setting the record straight" blog post, explaining that its new tool does not require internet access or a user account, and also slightly backtracking on its promise to provide one - at your own risk Risky "developer mode" to maintain local access to the printer without any new proprietary authentication. Unfortunately, this mode may also prevent you from accessing the printer via the cloud.

Bambu, meanwhile, hasn't done itself any favors, including blocking people from using the Wayback Machine to censor its changing claims, allegedly censoring criticism of the company on its Reddit subreddit, and claiming that the developers of Orca Slicer are working with Bambu collaborates on a product. Seamlessly continue printing directly from his popular third-party slicers when they don't really commit to support.

Bambu's own security surrounding its new Bambu Connect app also doesn't help with the belief that hackers have extracted its private keys and authentication certificates, or that users have discovered that Bambu has given itself the power to block new print jobs until the printer has specified in its terms of use The automatic download of firmware updates is completed.

Anyway, I think the real question here is: yes Are these changes a stepping stone towards more enshittiification, or at least more of a walled garden, or not?

Here are the questions I sent Bambu and the answers I got through spokesperson Nadia Yaakoubi:

1) Will Bambu publicly commit to never needing a subscription to control its printers and print over a home network?

For our current product line, yes. We never need a subscription to control or print to our printer over our home network. However, there may be some specific business scenarios that require exceptions in the future, such as 3DP vending machines, but these will be for completely different applications and customer needs. If such a product line is launched, we will clearly communicate this prior to launch.

1c) Will Bambu publicly commit to never putting any existing printer functionality into subscription?

2) Will Bambu publicly commit to never restricting the use of third party consumables in any way, shape or form?

For our current product line, yes. We have no plans to limit the use of third-party consumables in any way.

3) Will Bambu publicly commit to never monitoring files and prints transferred between users and their printers over home networks?

Let's figure out how it works:

• LAN mode: nothing is transmitted through our servers.
• Cloud mode: Users control their privacy through "incognito printing". When enabled, no printing history is recorded and files are not stored in the cloud.
• Cloud functionality: For functionality such as reprinting, files are temporarily stored in the cloud to allow users to access their print history. Under no circumstances will we view print files/models without the express consent of the client.

Bambu also agreed to add a new developer mode. Some users worry that this move is only temporary and that Bambu could simply remove the developer mode, claiming that it poses too great a security risk, or that not enough users choose to use it to justify keeping it.

4) Will Bambu publicly commit to permanently retaining the developer mode for native MQTT, live streaming and FTP and not removing it from any future updates or shipping batches of X1, P1, A1 and A1 Mini?

Yes. However, if serious security issues arise in the future, we may need to make adjustments to address them. Users always have the option of updating printer firmware.

5) Will Bambu make a public commitment to provide and keep a native developer mode available in any of its future printer releases?

We cannot promise functionality that does not exist in future printers. However, all relevant details are clearly communicated before the customer makes a purchasing decision.

6) Will Bambu publicly commit that its current and future printers can be permanently controlled remotely via LAN, without the need for a user account or internet access?

For current models: Yes. For future products, while our goal is to retain this functionality, we feel it would be irresponsible to commit to a specific technical approach indefinitely. However, all relevant details are clearly communicated before the customer makes a purchase decision.

Bambu has announced that Bambu Connect will integrate with third-party slicers like Orca, but some users are confused why an app like Bambu Connect is needed when you can get more secure authentication through industry standard practices like adding more secure authentication to the printer itself. Generate security tokens/API keys instead of creating a proprietary man-in-the-middle authentication application.

7) Did Bambu consider and reject interoperable means of securing printers, such as tokens?

7b) Will Bambu commit to changing its authentication system to an interoperable one? If Bambu does reject interoperable security authentication systems, why?

If software communicates and interacts with our cloud systems, it makes sense that we have a say in how it runs. As highlighted in our blog post, unauthorized third-party software has long caused ongoing challenges to the stability of our cloud services and machines.

While we believe that most developers act with good intentions, users are often unaware of the complexities and security requirements hidden in this type of software. The lack of transparency across all software makes interoperable security certification systems insufficient to fully address these issues. Our goal is to protect the entire Bambu Lab product ecosystem so that every user can trust that our products are secure and easy to use without having to worry about complex network configurations. With these changes, we are one step closer to integrating third-party access in a secure manner.

8) Is it true that the developers of Orca Slicer did not actually work with Bambu on the integration, and that Bambu announced participation without approval?

Since January 14th, we have been in ongoing discussions with SoftFever, the developer of Orca Slicer, regarding firmware updates and potential integration of new versions. “Working together” can be vague. More specifically, messages were exchanged, documents were sent, and their receipt was confirmed along with instructions that they would be reviewed.

9) Will panda touch and similar accessories continue to work in developer mode?

We promise to keep ports/channels open, but implementation is up to third-party developers.

9b) Does Bambu answer the company’s questions?

Since launch, we have received many inquiries from third-party software developers including BigTreeTech, via devpartners@bambulab.com. We are currently finalizing our response. It’s worth noting that we warned third-party developers in a March 2024 blog post: "If you are developing a device that controls the entire printer, including heating elements and motion systems, please do not expect long-term support without prior approval from us. This applies especially to for-profit organizations."

10) Do you allow users to roll back to older firmware, for example if they accidentally upgraded without understanding the limitations?

Yes. Firmware rollback was and will be available in the future.

11) Will the leak of the private key change any of your plans?

No, this does not change our plans and we have taken immediate action.