Monday, September 16th 2019

HP Printers Try to Send Data Back to HP

Recently in a form of a blog post, software engineer called Robert Heaton, explored the installation and setup of a regular HP printer. However, during the installation process, he found out some alarming things hidden in the install software. When going through the setup process he found a headline called "Data Collection Notice & Settings" where HP states that it tries to collect and send the data you put through the printer back to HP, for purpose of improving advertisement, customer experience, etc.

The software installation began as any normal install, with a "subscribe to our printer ink replacement program" advertisement at the beginning, which is okay because its the way HP supports customers with required ink after the stock one is used up. What seemed off was, in fact, the aforementioned "Data Collection Notice & Settings" part. Here HP intentionally hides the parts which are very important when choosing what information you plan to send back. Instead of immediately being spotted, the list is hidden so a person who isn't very tech-savvy can easily skim through without noticing the little details, making the person consent with data collection. Additionally, the "feature" is turned on by default, but end users can opt in to disable it.
What printer collects is the data from all your apps that make documents. Basically the type of document you are printing (.pdf, .jpeg etc.), time stamps, document size and usage report. HP's privacy statement states that HP doesn't scan the content of documents you are printing, just its features and specifications. Even through your personal data is claimed to be intact, sending data reports isn't just a small thing to ignore. Source: Robert Heaton Blog
Add your own comment

65 Comments on HP Printers Try to Send Data Back to HP

#26
lynx29
R-T-B
To be fair, this type of data is largely harmless in the hands of large corps, but yeah, data sharing is a huge issue too.
watch The Great Hack on Netflix, I had no idea how powerful Cambrdige Analytica was before the U.K. government shut them down. they literally tricked entire countries around the globe... the human brain is weaker than we thought.

@Chomiq yeah i often wonder about the backdoors with printers, they are connected to the internet/modem for easier printing... def some shady stuff going on I have no doubt.
Posted on Reply
#27
looniam
R-T-B
*Goes back to watching frog mating videos*
Posted on Reply
#28
Dave65
Who buys HP anyway?

And my telemetry is better than your telemetry. :roll:
Posted on Reply
#29
bug
R-T-B
Anonymous data only stays anonymous until the next big hacking. His point is somewhat valid, but his hyperbole completely uneccesary.
In this context, anonymous data would be what % of the printed documents is PDF, what % is graphics only, which color is used most and such. What could a hacker do to trace that back to you and what would they gain even if they managed that feat?
You people need to chill. Not give companies a carte-blanche in all they do (we all know how that plays out), just avoid knee-jerk reactions.
Posted on Reply
#30
R-T-B
bug
What could a hacker do to trace that back to you and what would they gain even if they managed that feat?
I gave examples using document format (dimensions) above, linked with mamdatory ip collection (retention time of 2 years IIRC) as per the patriot act. Those two linked together can produce useful data for a thief. Unlikely, but possible.

bug
You people need to chill. Not give companies a carte-blanche in all they do (we all know how that plays out), just avoid knee-jerk reactions.
Your quoting the wrong person for that, as I agree entirely. On the same tolken, I refuse to treat this data as useless in the wrong hands becauase it almost never is. All that matters to me here is the cold hard facts of this.
Posted on Reply
#31
bug
R-T-B
I gave examples using document format (dimensions) above, linked with mamdatory ip collection (retention time of 2 years IIRC) as per the patriot act.
So you're printing in large format without anyone knowing about it. Gotcha.
R-T-B
Your quoting the wrong person for that, as I agree entirely.
This wasn't aimed at you, but rather to all posters having said reaction.
R-T-B
On the same tolken, I refuse to treat this data as useless in the wrong hands becauase it almost never is. All that matters to me here is the cold hard facts of this.
You've already made that perfectly clear.
Posted on Reply
#32
Easo
I see that it is time to panic... because reasons? Sorry, but this is just a clickbait.
Posted on Reply
#33
Vayra86
Khonjel
I disagree. Tabloid/gossip/clickbait is so popular because they work. It is high time we actually read the content instead of skim just the headline. If some people get misinformed because they just skim the obtrusive headline, fuck em. Should've read the whole thing there buddy.
Fuck em, and in the meantime people stop vaccination and endanger us all in doing so... just one example out of many you could give of recent events.

Nah, the fuck em approach doesn't work that well. They say 'fuck you' back and you're left picking up the pieces anyway.

I say, round them up and let them be our first test subjects on Mars. For the greater good. Two birds with one stone, etc.

trparky
Why would HP want to steal their own printers from me? Wouldn't they want to sell more printers to me?
No, they sell ink, not printers ;)
Posted on Reply
#34
Jozsef Dornyei
Well, if you install most games on your phone/tablet the game will only start if you allow access to your contact(phone) list and pictures.
Why does a game need access to your contact list and pictures? :)

The printer driver will scan all your document printed and scanned and _can_ forward them to HP.
Lets imagine that HP will not use the data for illegal purposes. HP can be hacked though and the hacker can.

HP should not send any data.
No need for it and I cannot imagine HP public image will benefit from identifying HP as a hacking company.

Facebook is different. You share your data on Facebook willingly.
Posted on Reply
#35
Khonjel
Jozsef Dornyei
Facebook is different. You share your data on Facebook willingly.
Have we forgotten Facebook's like/share button tracking people on sites/articles that featured the button even on people don't have any Facebook account?
Posted on Reply
#36
Jozsef Dornyei
Khonjel
Have we forgotten Facebook's like/share button tracking people on sites/articles that featured the button even on people don't have any Facebook account?
Facebook cannot track a person who is not a Facebook user. Facebook can track an IP address in this case.
Same is valid for google. If you use a browser with no cookies enabled google cannot track either.

However I use google account because I want google to know how I am. That way search results are more accurate for example. I participate willingly and I do know that google will use the information to target ads when I am watching youtube. That way I don't have to watch ads on female products and I do like that.

However I don't trust google with my income tax data or credit card number...
Posted on Reply
#37
Solaris17
Dainty Moderator
This is news? People didn’t already know this?
Posted on Reply
#38
trparky
Jozsef Dornyei
Well, if you install most games on your phone/tablet the game will only start if you allow access to your contact(phone) list and pictures.
I have never had a game ask for access to my contacts on my iPhone. Even if a game did, I'd deny it right away. Gotta love the privacy settings that Apple gives its users.
Jozsef Dornyei
Facebook cannot track a person who is not a Facebook user.
Obviously you've not heard about the "invisible" Facebook accounts for people who don't have a Facebook account. Facebook has been known to create accounts for people automatically even though you, yourself, didn't create it. They're called "Facebook shadow profiles".
Posted on Reply
#39
micropage7
it's hard to understand when something like this pop up and people screaming like HP stealing their data and privacy. in other hand many people would let some apps to acces their contacts, their phone, pushing ads so they can get free games
Posted on Reply
#40
Kinestron
So, everyone here that says HP only collects anonymous data knows it to be fact because they are a network engineer and have analyzed all the data. Show me the proof it's anonymous besides some line in an agreement that a college intern with a business degree could have written. Every company, especially large tech, has always been honest with their customers, right?
Posted on Reply
#41
bug
trparky
I have never had a game ask for access to my contacts on my iPhone. Even if a game did, I'd deny it right away. Gotta love the privacy settings that Apple gives its users.
Yeah, this one is the same as its Android counterpart.
The trouble is Android is hiding some of the rights a game requires (e.g. run on startup, access the network) and is granting those by default. I think you can revoke some of them (but not all) when you browse the game's permissions.
Posted on Reply
#42
trparky
bug
run on startup
What is this? Windows? I thought we learned from Windows in which damn near everything thinks that it's such a great thing that you'll definitely want it starting up at user login.

I guess not. :mad:
Posted on Reply
#43
R-T-B
trparky
What is this? Windows? I thought we learned from Windows in which damn near everything thinks that it's such a great thing that you'll definitely want it starting up at user login.

I guess not. :mad:
Some things actually need that permission.

Anything depending on timers or alarms does.

I'd say phones have more to learn from PC OSes than vice versa.
Posted on Reply
#44
bug
trparky
What is this? Windows? I thought we learned from Windows in which damn near everything thinks that it's such a great thing that you'll definitely want it starting up at user login.

I guess not. :mad:
It's not the full app that runs on startup, but some services, iirc (my Android-fu is rusty).
Posted on Reply
#45
trparky
R-T-B
I'd say phones have more to learn from PC OSes than vice versa.
I disagree. Smartphones need to start treating themselves more like mobile devices, you know... devices that have limited amounts of power. They're not full PCs with virtually unlimited computing power and power from the wall, they're mobile devices that have limited power when on the go.

So with that said, apps on a smartphone shouldn't be running in the background indefinitely; unless of course there's a need to. Obviously apps that would need to be running in the background are apps like music players, maps, alarms, etc. Anything else, when you go back to the home screen or you switch to another app, should be told that it's got X amount of time to finish whatever it's doing and it will be suspended until the user brings the app back onto the screen.

This is essentially what happens on Apple iOS, only apps that have a definite need to run in the background are allowed to run in the background. And background computing permissions isn't something that Apple just gives out to any app, the app developer must present a valid reason to be allowed to run in the background and agree that it's not going to be using overly high resources and that it's not going to be doing anything nefarious. If the said app doesn't have background computing permissions and the user goes to the home screen or to another app, the previous app is told that it's got only a certain amount of time to finish what it's doing and then iOS essentially tells the app to go to sleep; the state of the app is saved and terminated.
Posted on Reply
#46
R-T-B
trparky
Smartphones need to start treating themselves more like mobile devices, you know... devices that have limited amounts of power. They're not full PCs with virtually unlimited computing power and power from the wall, they're mobile devices that have limited power when on the go.
Be that as it may (though the limited power arguement starts to fall apart when you realize phones today have more power than most XP era PCs), running on boot existing as a permission should not be an issue. Granting it everywhere? That's an issue, but it's not with the phone. I'd look at the person holding it.

It would be an issue if you removed it completely. Some apps truly need it.

trparky
So with that said, apps on a smartphone shouldn't be running in the background indefinitely; unless of course there's a need to.
Fun fact: nearly every smartphone (including ios) runs apps in the background until a low memory condition exists neccesitating they be closed. They don't truly "close" when they leave your screen. They are put on a low priority, but they are there.

Doubletap your apple home button to see the running apps list. To manually close an app, "flick" it away.

Sorry for wrecking your day, but this is precisely why mobile oses have SO much to learn.
Posted on Reply
#47
looniam
can't wait for this "feature" to include monitors!
Posted on Reply
#48
Jism
PrEzi
Actually this is a GDPR / DSGVO etc. Topic.

According to the EU Law this should be an Opt-In and NOT and Opt-Out.
So yeah, this article is still somewhat valid as there is a problem with data collection being on per default. Maybe the wording/title needs a face-lift so it won't sound like it's coming from a tabloid/gossip site.
Add to it that the majority does'nt care about any EULA and simply clicks next, automaticly opting in for tracking purposes.

Really, in the Windows 95 / 98 / Windows 2000 era we never needed any telemetry or tracking. Yet today with all the telemetry in the OS as a substitute for monitoring performance and what more the amount of BSOD's after a failed update is even bigger then back in that era.

These company's need to stop collecting data, making IOT's out of their devices and simply sell products that furfill the needs of users, printing.
Posted on Reply
#49
bug
Jism
Add to it that the majority does'nt care about any EULA and simply clicks next, automaticly opting in for tracking purposes.

Really, in the Windows 95 / 98 / Windows 2000 era we never needed any telemetry or tracking. Yet today with all the telemetry in the OS as a substitute for monitoring performance and what more the amount of BSOD's after a failed update is even bigger then back in that era.

These company's need to stop collecting data, making IOT's out of their devices and simply sell products that furfill the needs of users, printing.
You're doing something very, very wrong over there. Back in Windows 95/98 days, common wisdom mandated a clean OS install every year or so.
And while apps still crash, the number of times drivers have been able to take down the whole OS has taken a nose dive.
Posted on Reply
#50
trparky
Jism
Really, in the Windows 95 / 98 / Windows 2000 era we never needed any telemetry or tracking. Yet today with all the telemetry in the OS as a substitute for monitoring performance and what more the amount of BSOD's after a failed update is even bigger then back in that era.
I see that you've bought into all of the clickbaity articles that talk about how bad Windows 10 is and now incompetent Microsoft is today. Yet, as @bug pointed out, Windows today is (despite the issues) is nowhere near as bad as Windows 9x was. I remember Windows 9x would crash if you looked at the screen funny. Windows 10, despite all of the so-called articles and news of it being a dumpster fire, is in fact not anywhere as bad as it truly is. Remember, these sites need clicks, they need advertising dollars, so they write their articles about Windows 10 to make it out to have massive issues.

However, I am in no way saying that Windows 10 doesn't have issues. I agree that it does have issues; however, they're not nearly as widespread as some of the clickbaity articles would have you believe. You try writing an OS to run on just about everything from a high-end gaming machine, a cheap Dell, to a Frankenstein-box cobbled together from pieces and parts you found in your attic. Even Apple, who has vertical integration in which they own everything from how the hardware is designed to how the software is written still has issues. If Apple can't do it right 100% of the time and they own the whole platform, how do you expect Microsoft to do it right with an ecosystem with hardware and software permutations that number the stars in the night sky? That's right... you can't.
Posted on Reply
Add your own comment