Bambu Lab, the company behind my favorite 3D printers, has given itself one hell of a week. Now, I’ve got answers to some of my burning questions, answers which you might also hopefully appreciate. But first, some backstory.

Since last Thursday, some creators have pledged not to buy Bambu printers anymore, even removed some of their 3D models from its online repository, after the company revealed it would add a new proprietary authentication mechanism that could keep you from using third-party tools to remote control your printer.

While you’d still be able to stick a file on an SD card and physically put it into your printer or use Bambu’s proprietary cloud, the old way of printing remotely from a third-party slicer would be no more — unless you downloaded a new proprietary Windows and Mac “Bambu Connect” desktop app to be the middleman between your slicer and Bambu’s hardware.

While Bambu was clear early on that this would be an optional update, one you could simply choose not to install, the company also positioned it as a necessary one to secure printers against remote hacks. Some owners immediately saw that as a potential bridge to enshittification, however.

They noted how Bambu printers can already detect if you’re using an official roll of filament and imagined a future where Bambu can keep you from using third-party filament at all. They noted how Bambu already seems to be planning a subscription service for its print farm software, one that requires regular cloud activations and imagined a future where your Bambu printer stops working if you don’t pay up.

Bambu has denied these and many other such fears in a subsequent “setting the record straight” blog post, and explained that its new tool doesn’t require internet access or a user account — and has also backpedaled very slightly, pledging to offer an at-your-own-risk “Developer Mode” that maintains local access to your printer without any new proprietary authentication at all. Unfortunately, that mode may also disable your ability to access your printer via the cloud.

Meanwhile, Bambu didn’t do itself any favors by keeping people from using the Wayback Machine to scrutinize its changing statements, by allegedly censoring criticism of the company on its subreddit, and by claiming that the developer of Orca Slicer was working with Bambu on a seamless way to continue to print directly from his popular third-party slicer when they had not actually pledged their support.

It has also not helped confidence that Bambu’s own security around its new Bambu Connect app is such that hackers have already extracted its private key and authentication certificate, or that users have discovered that Bambu gives itself the right to block new print jobs until a printer has finished automatically downloading firmware updates in its Terms of Use.

Anyhow, I think the real question here is: are these changes a stepping stone to more enshittification, or at least more of a walled garden, or not?

Here are the questions I sent Bambu and the answers I got, via spokesperson Nadia Yaakoubi:

1) Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network? 

For our current product line, yes. We will never require a subscription to control or print from our printers over a home network. However, there might be specific business scenarios in the future that require exceptions, i.e a 3DP vending machine, but these would apply to entirely different applications and customer needs. If such a product line is introduced, we will clearly communicate this before its launch. 

1c) Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

2) Will Bambu publicly commit to never restricting the use of third-party filament in any way, shape, or form?

For our current product line, yes. We have no plans to restrict the use of third-party filament in any way. 

3) Will Bambu publicly commit to never monitor files and prints transmitted between users and their printers over a home network? 

Let’s be clear about how this works:

• LAN mode: Nothing is transmitted through our servers.
• Cloud mode: Users control their privacy through “incognito printing.” When enabled, no print history is recorded, and files are not stored in the cloud. 
• Cloud features: For features like re-printing, files are temporarily stored in the cloud to allow users to access their print history. Under no circumstances do we look into the print file/model without the explicit consent of our customers.

Bambu has additionally agreed to add a new Developer mode. Some users are concerned that this move is just temporary and that Bambu can simply remove the developer mode and claim that it was too much of a security risk or say that not enough users opted to use it to justify keeping it around.

4) Will Bambu publicly commit to permanently keep the Developer mode with local MQTT, livestream and FTP and never remove it in any future update or shipping batch of the X1, P1, A1, and A1 Mini? 

Yes. However, if a severe security issue arises in the future, we may need to make adjustments to address it. Users can always choose whether to update their printer firmware or not. 

5) Will Bambu publicly commit to offering and keeping the local Developer mode available in any future printers it releases?

We cannot commit to features for non-existent future printers. However, we will clearly communicate all relevant details before customers make their purchase decisions.

6) Will Bambu publicly commit to its current and future printers permanently being remotely controllable over LAN without user account or Internet access?

For current models: Yes. For future products, while we aim to retain this functionality, we believe committing to a specific technical approach indefinitely is not responsible. However, we will clearly communicate all relevant details before customers make their purchase decisions.

Bambu has announced that Bambu Connect will integrate with third-party slicers like Orca, but some users are confused why an app like Bambu Connect is required at all when you could instead add more secure authentication to the printer itself, with industry standard practices like having the printer generate a secure token/API key instead of creating a proprietary middleman authentication app. 

7) Did Bambu consider and reject interoperable ways of securing its printers, like tokens?

7b) Will Bambu commit to changing its authentication system to an interoperable one? If Bambu did reject interoperable secure authentication systems, why?

If software communicates and interacts with our cloud system, it is reasonable for us to have a say in how it operates. As highlighted in our blog post, unauthorized third-party software has created ongoing challenges to the stability of our cloud services and machines for a long time.

While we trust that most developers act with good intentions, users are often unaware of the hidden complexities within such software and the security requirements. This lack of transparency of all software makes interoperable secure authentication systems insufficient to fully resolve these issues. Our goal is to safeguard the entire Bambu Lab product ecosystem, providing every user with confidence that our products are secure and easy to use—free from concerns about complex network configurations. And with the changes done, we are one step closer to integrate third-party access in a secure way.

8) Is it true that the developer of Orca Slicer was not actually working with Bambu on the integration and that Bambu announced their involvement without approval?

We have been in ongoing discussions with SoftFever, the developer of Orca Slicer, since January 14 regarding the firmware update and potential integration into the new release. “Work with” might be ambiguous. To be more specific, messages were exchanged, files were sent, and their receipt was confirmed along with an indication that they would be reviewed. 

9) Will Panda Touch and similar accessories continue to work under Developer Mode?

We guarantee keeping the port/channel open, but implementations are up to third-party developers.

9b) Is Bambu answering that company’s questions?

Since the release, we have received many inquiries from third-party software developers, including BigTreeTech, via devpartners@bambulab.com. We are currently in the process of finalizing our response. It’s worth noting that we warned third party developers in a blog post from March 2024: ”If you’re developing a device that controls the entire printer, including heating elements and motion systems, please do not expect long-term support unless it has been approved by us in advance. This is especially applicable to for-profit organizations.”

10) Will you allow users to roll back to the old firmware, for reasons like if they accidentally upgrade without understanding the limitations?

Yes. Firmware rollback was and always will be available.

11) Does the private key leaking change any of your plans?

No, this doesn’t change our plans, and we’ve taken immediate action.