Monday, September 16th 2019
HP Printers Try to Send Data Back to HP
Recently in a form of a blog post, software engineer called Robert Heaton, explored the installation and setup of a regular HP printer. However, during the installation process, he found out some alarming things hidden in the install software. When going through the setup process he found a headline called "Data Collection Notice & Settings" where HP states that it tries to collect and send the data you put through the printer back to HP, for purpose of improving advertisement, customer experience, etc.
The software installation began as any normal install, with a "subscribe to our printer ink replacement program" advertisement at the beginning, which is okay because its the way HP supports customers with required ink after the stock one is used up. What seemed off was, in fact, the aforementioned "Data Collection Notice & Settings" part. Here HP intentionally hides the parts which are very important when choosing what information you plan to send back. Instead of immediately being spotted, the list is hidden so a person who isn't very tech-savvy can easily skim through without noticing the little details, making the person consent with data collection. Additionally, the "feature" is turned on by default, but end users can opt in to disable it.What printer collects is the data from all your apps that make documents. Basically the type of document you are printing (.pdf, .jpeg etc.), time stamps, document size and usage report. HP's privacy statement states that HP doesn't scan the content of documents you are printing, just its features and specifications. Even through your personal data is claimed to be intact, sending data reports isn't just a small thing to ignore.
Source:
Robert Heaton Blog
The software installation began as any normal install, with a "subscribe to our printer ink replacement program" advertisement at the beginning, which is okay because its the way HP supports customers with required ink after the stock one is used up. What seemed off was, in fact, the aforementioned "Data Collection Notice & Settings" part. Here HP intentionally hides the parts which are very important when choosing what information you plan to send back. Instead of immediately being spotted, the list is hidden so a person who isn't very tech-savvy can easily skim through without noticing the little details, making the person consent with data collection. Additionally, the "feature" is turned on by default, but end users can opt in to disable it.What printer collects is the data from all your apps that make documents. Basically the type of document you are printing (.pdf, .jpeg etc.), time stamps, document size and usage report. HP's privacy statement states that HP doesn't scan the content of documents you are printing, just its features and specifications. Even through your personal data is claimed to be intact, sending data reports isn't just a small thing to ignore.
65 Comments on HP Printers Try to Send Data Back to HP
This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.
News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:
Oy vey.
According to the EU Law this should be an Opt-In and NOT and Opt-Out.
So yeah, this article is still somewhat valid as there is a problem with data collection being on per default. Maybe the wording/title needs a face-lift so it won't sound like it's coming from a tabloid/gossip site.
>Buying HP products at all
Its like you are asking for it.
However, as my inner Journalist weeps, he also tells me trying to teach the public to do more than read the headline will go over about as well as trying to get a cat to eat it's veggies.
There's a HUGE difference between mere statistics and actual user data.
But then, considering the millions that bought so-called smart speakers ..........
@AleksandarK thanks for the article.
Meanwhile, I have much bigger fish to fry than to be worried about mere statistics. This kind of so-called "data collection" doesn't even come within a galactic parsec of the outright privacy violations that both Facebook and Google are guilty of. Want to know who I worry about more? Facebook and Google, now those two are companies you really should be afraid of.
We have way bigger fish to fry. And quit referencing porn on this, no one prints porn people... and the printer wouldn't even know if they did.
Your/my/whoevers filthy bestiality porn habits can remain as secret as they should. No one cares in the printer market and the whole idea they want to know about your obscure wank is just obscene hyperbole.
*Goes back to watching frog mating videos* It may tell them you own a large amount of printers worth stealing, if you're say... a big business. Or maybe you print a large format print regularly (those printers are f'ing pricey)
I'd hate if someone geoip'd one of those. Some of the really large print printers can run 10k a printer or more.
Still, this is a 1/10 on the "naughty boys" list, IMO. Still, if they don't secure the data well, it is worth something somewhere, I promise you.
Even if it is all completely harmless, why do you have a problem with questioning the behavior of a large corp?? Why DOES a stupid printer driver need to collect telemetry anyway? I'd say it's good for them to be made aware that at least someone is paying attention to what they're doing.
This hyperbole makes us all look bad. Stop. You should reread the theoretical we were operating on.
oh the lovely lovely times we live in
That's a bunch of anonymous data that in combination can make you not so anonymous. That's also plenty of potential backdoors that can be exploited.