Monday, September 16th 2019

HP Printers Try to Send Data Back to HP

Recently in a form of a blog post, software engineer called Robert Heaton, explored the installation and setup of a regular HP printer. However, during the installation process, he found out some alarming things hidden in the install software. When going through the setup process he found a headline called "Data Collection Notice & Settings" where HP states that it tries to collect and send the data you put through the printer back to HP, for purpose of improving advertisement, customer experience, etc.

The software installation began as any normal install, with a "subscribe to our printer ink replacement program" advertisement at the beginning, which is okay because its the way HP supports customers with required ink after the stock one is used up. What seemed off was, in fact, the aforementioned "Data Collection Notice & Settings" part. Here HP intentionally hides the parts which are very important when choosing what information you plan to send back. Instead of immediately being spotted, the list is hidden so a person who isn't very tech-savvy can easily skim through without noticing the little details, making the person consent with data collection. Additionally, the "feature" is turned on by default, but end users can opt in to disable it.
What printer collects is the data from all your apps that make documents. Basically the type of document you are printing (.pdf, .jpeg etc.), time stamps, document size and usage report. HP's privacy statement states that HP doesn't scan the content of documents you are printing, just its features and specifications. Even through your personal data is claimed to be intact, sending data reports isn't just a small thing to ignore. Source: Robert Heaton Blog
Add your own comment

65 Comments on HP Printers Try to Send Data Back to HP

#1
bug
Tbh, if they only collect what they say they collect, that's just data to tell them what's trending and probably what they should focus on.
Posted on Reply
#2
the54thvoid
TPU, c'mon!

This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.

News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:

Posted on Reply
#3
bug
the54thvoid
TPU, c'mon!

This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.

News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:


Hey, as long as it's not in tabloid format, people will bitch about it :D
Posted on Reply
#4
trparky
the54thvoid
TPU, c'mon!

This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.

News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:
Oh but remember, we're talking about that scary word known as "telemetry". Every time the word "telemetry" comes into the picture people start screaming, yelling, and overall acting like it's the end of the world. Oh God, they're sending "telemetry", run for the hills folks. We need to escape that scary "telemetry". Oh my God, hide the women and children.

Oy vey.
Posted on Reply
#5
PrEzi
the54thvoid
TPU, c'mon!

This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.

News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:


Actually this is a GDPR / DSGVO etc. Topic.

According to the EU Law this should be an Opt-In and NOT and Opt-Out.
So yeah, this article is still somewhat valid as there is a problem with data collection being on per default. Maybe the wording/title needs a face-lift so it won't sound like it's coming from a tabloid/gossip site.
Posted on Reply
#6
the54thvoid
PrEzi
Actually this is a GDPR / DSGVO etc. Topic.

According to the EU Law this should be an Opt-In and NOT and Opt-Out.
So yeah, this article is still somewhat valid as there is a problem with data collection being on per default. Maybe the wording/title needs a face-lift so it won't sound like it's coming from a tabloid/gossip site.
Not so sure about that. No personal details are collected - no identifying markers to make it personal. Those personal identifiers are collected at another point. GDPR is designed to prevent user details being used without consent - this specific statement is about device usage and the parameters surrounding that. Besides - the tone of the original post is melodramatic and misleading - as though HP is trying to trick you - clearly not the case - GDPR compliance or not.
Posted on Reply
#7
tfdsaf
the54thvoid
Not so sure about that. No personal details are collected - no identifying markers to make it personal. Those personal identifiers are collected at another point. GDPR is designed to prevent user details being used without consent - this specific statement is about device usage and the parameters surrounding that. Besides - the tone of the original post is melodramatic and misleading - as though HP is trying to trick you - clearly not the case - GDPR compliance or not.
So as long as it doesn't F your mom, it can collect all your data, its a-okay. People then wonder why is it everyone knows that secretly they are gay or watch bestiality porn or have a hard on for their cousin or all their credit card and bank account is stolen. Because of M***** like you!
Posted on Reply
#8
trparky
tfdsaf
So as long as it doesn't F your mom, it can collect all your data, its a-okay. People then wonder why is it everyone knows that secretly they are gay or watch bestiality porn or have a hard on for their cousin or all their credit card and bank account is stolen. Because of M***** like you!
Overreaction much? It's just anonymous data here folks, it's not nearly the same data that Facebook knows about you. Give it a rest.
Posted on Reply
#9
R-T-B
the54thvoid
TPU, c'mon!

This is disingenuous scaremongering. HP does not hide anything: it is in a drop-down that is titled "Review Data Collection Settings and Privacy Statement". It doesn't take a software engineer to see that and it certainly seems like some 'blogger' wanted to create some page hits. Almost every product now asks these questions, normally behind another layer of menus - certainly not hidden; definitely not dishonest.

News posts don't often annoy me but this one is absolute garbage - populist, headline-grabbing regurgitated nonsense at it's very worst. The information in the red box is quite plain and quite honest:


I disagree with the practice but this is indeed scaremongering. Education should be applied here, not fear.

trparky
Overreaction much? It's just anonymous data here folks, it's not nearly the same data that Facebook knows about you. Give it a rest.
Anonymous data only stays anonymous until the next big hacking. His point is somewhat valid, but his hyperbole completely uneccesary.
Posted on Reply
#10
Khonjel
PrEzi
Maybe the wording/title needs a face-lift so it won't sound like it's coming from a tabloid/gossip site.
I disagree. Tabloid/gossip/clickbait is so popular because they work. It is high time we actually read the content instead of skim just the headline. If some people get misinformed because they just skim the obtrusive headline, fuck em. Should've read the whole thing there buddy.
Posted on Reply
#11
TesterAnon
>Buying HP printers when Brother exists
>Buying HP products at all
Its like you are asking for it.
Posted on Reply
#12
Khonjel
TesterAnon
>Buying HP printers when Brother exists
>Buying HP products at all
Its like you are asking for it.
Hey brother! There's an endless road to rediscover
Posted on Reply
#13
trparky
R-T-B
Anonymous data only stay anonymous until the next big hacking. His point is somewhat valid, but his hyperbole completely unnecessary.
If it's truly anonymous data like... How many print jobs you do? How often do you print? Do you print more color prints than regular black and white prints? Do you print a lot of photos? Or just mostly text? Meanwhile, if there's no collection of actual personal data like name, address, phone number, etc. then there's no issue to be had. This kind of data is mere statistics.
Posted on Reply
#14
R-T-B
trparky
If it's truly anonymous data like... How many print jobs you do? How often do you print? Do you print more color prints than regular black and white prints? Do you print a lot of photos? Or just mostly text? Meanwhile, if there's no collection of actual personal data like name, address, phone number, etc. then there's no issue to be had. This kind of data is mere statistics.
Nothing is without IP logs these days. Probably due to the fact government regulations mandate that data be kept for all commercial traffic. Thank the Patriot Act.

Khonjel
I disagree. Tabloid/gossip/clickbait is so popular because they work. It is high time we actually read the content instead of skim just the headline. If some people get misinformed because they just skim the obtrusive headline, fuck em. Should've read the whole thing there buddy.
I want to disagree but you are actually right, they do work.

However, as my inner Journalist weeps, he also tells me trying to teach the public to do more than read the headline will go over about as well as trying to get a cat to eat it's veggies.
Posted on Reply
#15
trparky
OK, so what if they have an IP address associated with that anonymous printer usage data? What's it going to get them other than mere statistics?

There's a HUGE difference between mere statistics and actual user data.
Posted on Reply
#16
the54thvoid
tfdsaf
So as long as it doesn't F your mom, it can collect all your data, its a-okay. People then wonder why is it everyone knows that secretly they are gay or watch bestiality porn or have a hard on for their cousin or all their credit card and bank account is stolen. Because of M***** like you!
So pleasant. Still, my point stands - the data collected is not personally identifying and more importantly - HP actually states quite clearly what it's doing. It's people like you that over-react to clickbait and then get worried about your filthy porn habits being exposed.
Posted on Reply
#17
Joss
I don't know what worries me most, if the stealth data collection or the reaction of many considering "normal" that a printer sends user information, God knows what exactly.
But then, considering the millions that bought so-called smart speakers ..........

@[USER=187454]AleksandarK[/USER] thanks for the article.
Posted on Reply
#18
trparky
Joss
I don't know what worries me most, if the stealth data collection or the reaction of many considering "normal" that a printer sends user information, God knows what exactly.
You say "user information". What user information? Is there any personally identifiable information? Nope. Hence it is NOT user information, it is ONLY statistics. As I said before, here's a HUGE difference between mere statistics and actual user data. Get it through your head folks.

Meanwhile, I have much bigger fish to fry than to be worried about mere statistics. This kind of so-called "data collection" doesn't even come within a galactic parsec of the outright privacy violations that both Facebook and Google are guilty of. Want to know who I worry about more? Facebook and Google, now those two are companies you really should be afraid of.
Posted on Reply
#19
R-T-B
trparky
OK, so what if they have an IP address associated with that anonymous printer usage data? What's it going to get them other than mere statistics?
A lot more than you'd expect given multiple such data points. Which at this point, they have.

the54thvoid
So pleasant. Still, my point stands - the data collected is not personally identifying and more importantly - HP actually states quite clearly what it's doing. It's people like you that over-react to clickbait and then get worried about your filthy porn habits being exposed.
This though is the main thing that puts it on my "meh" list.

We have way bigger fish to fry. And quit referencing porn on this, no one prints porn people... and the printer wouldn't even know if they did.

Your/my/whoevers filthy bestiality porn habits can remain as secret as they should. No one cares in the printer market and the whole idea they want to know about your obscure wank is just obscene hyperbole.

*Goes back to watching frog mating videos*

trparky
OK, so what if they have an IP address associated with that anonymous printer usage data? What's it going to get them other than mere statistics?
It may tell them you own a large amount of printers worth stealing, if you're say... a big business. Or maybe you print a large format print regularly (those printers are f'ing pricey)

I'd hate if someone geoip'd one of those. Some of the really large print printers can run 10k a printer or more.

Still, this is a 1/10 on the "naughty boys" list, IMO. Still, if they don't secure the data well, it is worth something somewhere, I promise you.
Posted on Reply
#20
The Egg
the54thvoid
Still, my point stands - the data collected is not personally identifying and more importantly - HP actually states quite clearly what it's doing. It's people like you that over-react to clickbait and then get worried about your filthy porn habits being exposed.
Yes yes, it "very clearly states what it's doing", for those who happen to stop and notice the little drop-down arrow, then click to find all the completely hidden settings below which are enabled by default. Very clear and obvious. I wonder, if one of the pre-selected items was "we have the right to bend you over and spread your cheeks at any time", how many people would have noticed? Also worth mentioning, once you've agreed, there's nothing stopping them from taking further liberties with what exactly they collect when the next software update rolls around.

Even if it is all completely harmless, why do you have a problem with questioning the behavior of a large corp?? Why DOES a stupid printer driver need to collect telemetry anyway? I'd say it's good for them to be made aware that at least someone is paying attention to what they're doing.
Posted on Reply
#21
trparky
R-T-B
It may tell them you own a large amount of printers worth stealing
Why would HP want to steal their own printers from me? Wouldn't they want to sell more printers to me?
Posted on Reply
#22
R-T-B
The Egg
there's nothing stopping them from taking further liberties with what exactly they collect when the next software update rolls around.
Yes there is. They'd need to present a revised EULA to you in most jurisdictions (if not all).

This hyperbole makes us all look bad. Stop.

trparky
Why would HP want to steal their own printers from me? Wouldn't they want to sell more printers to me?
You should reread the theoretical we were operating on.

R-T-B
Anonymous data only stays anonymous until the next big hacking.
Posted on Reply
#23
lynx29
then HP sells your data to Cambridge Analytica shell company for profit. Kappa

oh the lovely lovely times we live in
Posted on Reply
#24
R-T-B
lynx29
then HP sells your data to Cambridge Analytica shell company for profit. Kappa

oh the lovely lovely times we live in
To be fair, this type of data is largely harmless in the hands of large corps, but yeah, data sharing is a huge issue too.
Posted on Reply
#25
Chomiq
trparky
Why would HP want to steal their own printers from me? Wouldn't they want to sell more printers to me?
It's just a printer... with local storage that shows up as bootable drive. It's just a printer... that sends usage data to the internet. It's just a printer... that recognizes if you're not using "certified" cartridges.

That's a bunch of anonymous data that in combination can make you not so anonymous. That's also plenty of potential backdoors that can be exploited.
Posted on Reply
Add your own comment