Slashdot Mirror
Are Your Peripherals Monitoring You?
An anonymous reader writes " Engadget is reporting that
'Lexmark, makers of printers and scanners, has been caught monitoring users' printer, scanning, and ink cartridge usage.'" Newsgroup comp.periphs.printers readers noticed the software; the Engadget report says that "Lexmark say they're just tracking printer and cartridge usage, but the registration information and packets being sent say otherwise."
My webcam does it too
Not clear what they are monitoring?
What am I missing? Couldn't somebody just install the program and sniff the information out of the packets?
Gesh, this is slashdot...
I don't think anyone or anything could stand the sight of me before clothes or caffeine.
Mix the failings of Usenet with the shortcomings of the World Wide Web and the result is slashdot.
First you tell us this:
Lexmark, makers of printers and scanners, has been caught monitoring users' printer, scanning, and ink cartridge usage."
Then you try to tell us this:
"Lexmark say they're just tracking printer and cartridge usage, but the registration information and packets being sent say otherwise."
So the evil Lexmark tells you that they are tracking printer and cartridge usage, which is what you tell us is what you found. Then you claim that the packets being sent tell you something different. Well, spill it! What did you find that Lexmark didn't say they are tracking? It seems that they told you what you'd expect to find if you monitored their packets.
I don't like the idea that some company is building drivers that call home. But it's not because I think my privacy is somehow invaded. I just don't like someone using up my bandwidth without my knowledge.
If I was really concerned with privacy, I doubt I'd be using a computer, much less connecting it to the Internet.
I bought a Lexmark printer for about $20 after a rebate and it was a good printer. The trouble began when I had to buy new cartridges, I bought 3 in a row, and they were all empty, what the hell is up with that.
Linux can do it just as well as Microsoft and Lexmark! Admittedly, you do have to install it yourself, but the feature is there and just as good as these so called professional vendors can offer!
Beep beep.
Interesting, I just installed ZoneAlarm on a PC last week and it gave me an alarm that some Lexmark process wanted to make a network connection. I havnt had a Lexmark connected to that thing in probably 3 years (and can find no obviously labled Lexmark files) but have been too lazy to reformat the drive. Perhaps it's time to break out the install CDs.
However, this does not justify them sending the data without your knowing/asking. If they wanted to keep a flag in the printer and when you return the printer for a repair under warranty, they cold check for this flag and refuse to honor the warranty.
And, why would they want to hide their intent and send the data to a wierd sounding URL (lkcc1.com)? I would have first suspected some other scumware trying to phone home, never suspecting lexmark. Well, guess you cannot trust any compan to have honor ro ethics these days.
I have a Lexmark Optra E+ laser printer. It's several years old. I'm very happy with it as a printer.
I don't see any c:\program_files\lexmark500 directory even though I have the print driver, downloaded from lexmark.com, installed.
I've added the following to my hosts file just in case.
0.0.0.0 www.lxkcc1.com
okay, enough of these printing scumbags. printers are getting worse, print quality is crap, ink cartridge prices are obscene while lasting for shorter durations (my gf's printer will not print in black when the color cartridge is empty), DMCA restrictions on refilling ink, spying on users...
bullshit. i will never buy one of these printers again (this means you lexmark, canon, hp, and your friends). when will a manufacturer stand up and sell good quality printers, refillable by the user using just an ink bottle? there is a market of people who are willing not to buy the cheapest piece of shit printer because they know how that turns out. who will fill it?
Original usenet post from comp.periphs.printers on Google Groups here, or here for a news: link.
I'll probably be marked off-topic for this, but something strange is going on with Slashcode.
I am logged in currently, but am unable to post with my account. I am (as you can see) able to post anonymously by checking the little Post Anonymously box, though.
The error message says that excessive posting from my domain is the reason why I can't post, but usually that just results in all posts being rejected, not just the logged-in ones.
Well, this is an interesting Slash upgrade to say the least. Wouldn't it encourage trolls by forcing them to post anonymously? Then again, I'm not a Slashdot edtior, my level of competence is pretty far removed from that position.
peripherals monitor you!
I'm so sorry; it had to be said.
Just as long as my Dvd burner isn't monitoring what I am burning...
Somehow I don't believe that Lexmark would install this spyware without having the EULA cover it. This may be another example of people just hitting "AGREE" (effectively signing) without actually reading the EULA (a legally binding agrement). Stupid laws? Stupid people? Both? You decide.
The $50 lexmark z605 works PERFECT with linux! Graphics, word processers, spreadsheets, everything! As for this article: This just in - the electric company has just been caught "red handed" monitoring everyone's power usage! OH MY GOOOOOOOOOOD!!!!
Lexmark could also very well instruct the device driver to STOP WORKING if it detects a third party ink cartridge...
ELOI, ELOI, LAMA SABACHTHANI!?
lxkcc1.lexmark.comw w.lxkcc2.com
www.lxkcc1.com
lxkcc1.com
w
lxkcc2.com
ips
192.146.101.0 - 192.146.101.255
... the information was being stored in a file? Perhaps someone who has access to a copy of the file can post it somewhere. I'm sure there isn't going to be high security on it, so perhaps someone can crack it open and we'll see what kind of information they're getting.
-- Gargonia
Never play leapfrog with a unicorn.
mfgs of device drivers should opensource their device driver software so it will be open to auditing & public scrutiny..
maybe a public data base where any anonymous user can search and review devices & their drivers and things like what Lexmark is doing can be exposed...
i know a chic that has a Lexmark printer and its device driver has gobs of kludge and cruft that is totally unnecesarry including audio files that say "Printing Started"
no windoze installed on my computer, CUPS is what runs my printer, is CUPs spying on my printing habits? or any other Linux software?
is the internet evil? or a benevolent big brother?
Lexmark obviously wants to track ink jet cartridge usage because that is where they get their most profit. They probably want to know when consumers start switching to a more viable printing technology so they can jump on the bandwagon.
Powered by caffeine and sugar; BSD
1. Put spyware on printer driver ...
2. Tell that you warranty is voided because you have used a non-certified cartridge in date xx/yy to print counterfeits and porn together
3.
4. Profit!
Lexmark is so obsessed with it man. Why can't they just be more content with regular money like other printer companies?
Jeez
Online backup with Mozy, sounds like Ozzie, but more!
google groups link
I don't find this at all shocking. Lexmark makes those lovely OEM Dell printers that you sometimes can get free with a PC. Not only is the software a commercial to buy ink from Dell but the cartages are keyed so you have to mail order the ink. Now Lexmark can track you by serial number and possibly detect if you've been a naughty user and used 3rd party cartages or refilled you cartages. Can anyone say warranty void? Even better still, they can collect enough information on your printing habits and offer you bigger and better printers.
There are good reasons to object to this. What we need are some solid facts as to what exactly is reported to Lexmark, and how to prevent this. Would adding "www.lxkcc1.com 127.0.0.1" to the hosts file be effective?
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Lexmark has a reputation for making cheap junk. I've seen it firsthand: I made the mistake of buying a Z51 (Z52?) at Fry's on April 14th, 2000 so I could print my taxes. I went through 3 of those stupid things in one evening. None of them worked right.. If memory serves, paper handling was the issue.
The HP 932c I exchanged it for is still running strong.. I gave it to my neighbor last year.
Lexmark's history with Static Control and the DMCA doesn't sit well with me. They won't be getting any of my hard-earned money. That's a promise.
On a brighter note, the website "www.lxkcc1.com" (192.146.101.142) is dead.. maybe someone did them a favor.. or they wised-up.
Because I'm monitoring the poor quality of your equipment and the equipment you let Dell rebadge with their name. And whenever my clients need a new printer, I make sure not to recommend you, and recommend Brother or HP instead.
...your monitor monitors you!
"Ask not what your country can do for you." --John F. Kennedy
o/~ Join us now and share the software
A quick search on google groups reveals that this has been going on since as far back as 2001 (google groups). Why am I seeing an article so late?
....buried 500 paragraphs into a EULA that the user "consented" to be monitored?
We caught a xerox network laser printer trying to send mail, by itself back to xerox; it tried three different outgoing smtp servers that fortunately our gateway blocked.
I don't know what was in those mails - but a google search revealed an article about a large data mining system based on Oracle; I think the main intent was to detect reasons for early failure - but who knows what happened to the data.
Personally I dislike inkjet printers since they usually are causing a mess by spreading the ink everywhere, and the printouts are normally not water-resistant either! Another thing is that the ink cartridges tends to dry up and cause messy pritouts if any if you leave the printer unused for some months. Only way out is to buy a new cartridge.
Laser Printers are a little better, as long as you have a decent vacuum cleaner arond to catch any excess toner. At least they don't mind being offline for a year in decent conditions. (maybe you will have to shake down the toner in extreme cases)
In all, tracking printer use should only be acceptable if the user is notified beforehand, and that the data communicated is easy for anybody to check regarding it's content. The user must be able to disallow any usage tracking.
A legitime use of printer usage tracking that I see is actually to let the printer manufacturer find out the most common errors occured with a printer, and which colors that are most frequently used in order to optimize coming models on the market. But as noted beforehand, the user must have his/hers last say in this. Relate this to the error reporting that Microsoft offers for Windows XP. (Not that it actually catches ALL problems)
My 1/2 cent opinion...
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Duly firewalled.
Can they track why their craptastic printers keep breaking all the time? Never buying one of them again.
my router logs all in/out connections and keeps bandwith utilization statistics. Last morning it informed me there is a new firmware update (so it called home). It is also capable to establish VPN tunnels via IPsec so it can send anything it likes without any possibility to examine content. Does it spy on me? Who knows..., but I started to think about installing a normal Linux box instead.
...but the toaster has been laughing at me from time to time.
I dont understand lexmark. They crossed the boundaries of the sensible with the DMCA suit, now they are up with this spyware print driver thing.
Are they in league with the MPAA or something? Or do they just want to get extra money from users.
The fact is, refill cartridges perform a valuable role: they keep the retail cartridges within bounds. If it wasnt for the refill biz, the vendors would be tempted to charge even more.
As for the spyware stuff -if this is in UK print drivers (as the zdnet UK article implies), then it could be illegal under our data protection laws. It certainly ought to be banned. All spyware should be illegal.
That is the nice thing about OSS -you can check the print drivers, and anyway, like linux.org or sf.net cares about your printing. Interestingly, spyware is very rare in the macos world too. There is something about windows that just encourages it. I think it is the fact that Ms effectively ship windows with spyware-to-MS preinstalled, then the home PC vendors join in, giving the green light to everyone else.
I despair.
The IP 66.35.250.150 is the Slashdot website, type the ip into the browser for slashdot main page.
Here is my firewall log:
11/13/2004 23:14:31 Port Scan Minor Incoming TCP 66.35.250.150 05-00-20-00-05-00 * MY IP *
00-00-05-00-00-00 * My Name * BEAST3 Normal 1 11/13/2004 23:27:33 11/13/2004 23:27:33
Somebody is scanning your computer.
Your computer's TCP ports:
80, 1080, 3128, 8000 and 8080 have been scanned from 66.35.250.150.
The safest thing to do is have 2 computers:
#1 - for internet useage only...
#2 - for everything else...
---- Booth was a patriot ----
I'm running a hand-me-down LaserJet at home; it sits on the lan, has power saving, etc, etc. Refills are possible (no DMCA laws) and the printer's own web page provides the configuration GUI (warning, Java applets).
The inkjet printers are built on a different model -revenue through ink- than the laser printers, where third party refills are mainstream. Indeed what Lexmark were trying to do with their DMCA gig was do the same lock in in firmware that ink cartridges do in hardware. They lost.
So: look at laser printers, especially those on the LAN. make sure they talk LPD and dont need a windows only app for management. That is, take your laptop and some cat-5 cable to the showroom, and test it. Colour laser printers do pretty cheap colour prints too, and are becoming low cost.
Their excuse was that they didn't have an inkling as to user's usage ;-)
Any technology distinguishable from magic, is insufficiently advanced.
Imagine a perl script to generate spoof statistics. Imagine a million ./ readers running the script as a cron job.
They'd soon stop trying to spy on the users, if the data was all that everyone keep on printing the same url all the time, something with "goat" in the URL...
It's just another example of how much control software companies have over you when you use their closed-source software (and drivers): You have no idea what the software really does!
Only in Soviet Russia.
It would be very interesting and fairly easy to find out what the software is doing while it's "phoning home". Won't someone that has a Lexmark printer (Canon myself) please install Ethereal (or whatever floats your boat) and just try to capture whatever the software is sending?
While we may not find out what all of the data is, at least it should be fairly easy to establish whether they are collecting your name, or your username, or your IP. If this is installed quietly, it seems unlikely that they would bother with encryption. They don't seem too interested in privacy in the first place.
As an aside, I can see how real usage information from the field could be extremely valuable to a printer company, but it should say in big red letters "this product phones home". If the consumers are acting as their research lab, they better be volunteers...
No
my first inkjet was an apple-branded canon, back in 1994; i think it actually still works. then i had a loaned i800, and i just recently bought a pixma iP6000D. the last two print great photos (the 6000D is a bit nicer since it's 6-color), and as the parent said the ink tanke are clear plastic so you can check the levels yourself. cheap, too. oh, and the canon drivers have never tried to phone home.
Facts do not cease to exist because they are ignored. - Aldous Huxley
Nov/13/2004 09:48:08 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:48:00 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:56 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:41 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:34 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:30 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block
and I wonder just how often its trying to phone home.
Ever since their announcement of a inkjet
... ...
printer that can print up to 20 layer PWB
using conductive (silver?) ink, I have been
having strange dreams at night. A PostScript
dream. With an Autorouter daemon dancing in
my head.
Whoa! Way too much caffeine! Must stop
drinking so much Starbucks java
Ssst! Connection broken
Comment removed based on user account deletion
Comment removed based on user account deletion
I caught my webcam watching me the other day.
I put a bullet in its beady little eye.
Now my stuffed Tux doll is watching me.
It's the guillotine for him!
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
on a related topic, I was disaapointed how crappy the drivers for mac have be come with HP mulit-function printers. They are really unstable and unfreindly to mulit-user mode. I wish I could use it without the driver.
Some drink at the fountain of knowledge. Others just gargle.
You buy a $50 printer. If you don't agree to the EULA, it's a piece of junk. If you take it back, your retailer is going to keep track of you and make future returns harder, and the time it takes to return it isn't worth the printer anyway.
The lesson? Just don't buy Lexmark.
It's a good thing after all that those somewhat functional, unreasonably cheap, disposible printers don't work with Linux? :)
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
Well, that does make just a little bit of difference, doesn't it?
I don't agree with it but I'd imaging they're after usage data to help with forcasting. They know how many printers they've sold but they don't know excatly how quickly users are going throught the ink. That's important because to add production capacity, say an extra production line to an existing facility, and staff it up probably takes 6 months to a year from the point when you order the line from the machine builders to when it passes QC and starts running in anger. Now you don't want all that metal and folks sitting around doing nothing but eating up your profits, but you also don't want to undershoot and have a shortage of refills, pissing off all your resellers by rationing and handing market share to the competitors. It would also help with financial forecasts too.
Comment removed based on user account deletion
And can I claim violation of my right to privacy under a civil rights act?
Any lawyers out there? Ralph Nader? Public Citizen?
When considering the purchase of new hardware, I start by picking something with support already built into my OS. With Linux, this often means the difference between it working or not. With Windows, this means the difference between having to run a dozen tiny third party apps that appear to do nothing at all (beyond take up memory, disk space, and as per this topic, spy on my activities).
It really amazes me when I go to help someone with their PC, and I see a list of startups dozens of entries long. When I see a system tray that stretches halfway across the screen. When their process list requires scrolling down for three pages to see them all.
For a good default policy, when you buy new hardware, throw away any software it came with. You don't need it.
Printers? They all speak PCL or PS (unless you very unwisely bought one that does not, which goes back to "check for driver support first"). End of story.
Scanners? Okay, once upon a time, these could take some work to get up and running. But anything less than five years old (and if older, you can get a better quality replacement literally for around $20)? Free hint - Plug it in, open MS Paint, and check out the "from scanner or camera" menu. Simply amazing, eh? Everything you need to scan, already built in.
Cameras? I had two of my users actually install the software for new cameras we got just this past week. Do you have any idea what a pain it took to remove that software, when they discovered that not only did they not need it, but they couldn't use it due to some vague, irregularly-reproduceable conflict with other software they actually do require? Anyway, point of story - After removing every last trace of Kodak's crappy software (including a very large application, a boot-time driver, and a service! Ack!), I demonstrated to my users that they just need to connect the USB cable and turn the camera on. Poof, all their pictures appear under "My Computer" as a removeable drive named similarly to their camera's model.
How about video cards? Okay, no argument that you would do well to run the newest actual video driver from the manufacturer, but do you have any idea how many people I've see that also have 3Dfx's task manager, NVcpl and Nwiz, or ATi's set of up to half a dozen useless crapware blobs, all loading at startup (I won't even go into startups such as MS Messenger, Office startup, Quicktime, and all the rest that suck memory at the whopping "savings" of 5 seconds the first time you run the relevant program)? Sad. Truly sad, that people let such software steal their memory and CPU cycles.
Okay, I'll grant that more exotic hardware may well require third party support. But that quite simply does not apply to 99% of machines out there.
So I suppose the moral of all this, to stay on-topic... Why do people install Lexmark's own drivers in the first place? Don't ! Use the built-in drivers, and you can get all the same functionality without the spyware or the bloatware.
Not to imply that Microsoft doesn't pull similar crap as Lexmark (time.windows.com, anyone? Which if you run your own NTP server, you will notice does not speak plain ol' NTP). But just because one company likes riding us bareback doesn't mean we need to spread for the rest.
to the phrase "peripheral vision".
Hey, all you ambulance-chasers: how about a class-action law suit? All you need to find clients are to sniff at lexmark's sites as the packets come in!
Excellent, sturdy-built printer. Probably one of the best medium-size laser printers that HP ever built. I have one that I found outside sitting next to a garbage dumpster full of old 486 and 1st generation pentium pc's. That's right, I got it for free. Took it home and found all the rubber rollers were nasty and the unit was filled with paper dust and assorted debris. It had never been maintained or serviced since new. I disassembled the unit, vacuumed out all the dust and crap, and carefully cleaned every moving part with isopropyl alcohol, bought a refurbished toner cartridge from OfficeMax for $50 and have had about four years of trouble-free printing at a total investment of some labor and less than the cost of two average inkjet cartridges.
That's why I bought that webcam in the first place!
On my OS X box there is a background application called "HP Communications.app" thats always running. I sure hope it does not have a memory leak.
Maybe its time to take that out of startup items and see if I can still print.
did you know that printer ink is one of the most expensive liquids that common consumers buy in the world?
i looked at work a while ago for the cheapest non-generic printer cartridge with the most ink for your buck. if you were to fill you car with printer ink from this cheapest of ink cartridges, it would be about $3,059 dollars a gallon. (how much is my tuition again?).
lexmark needs to stop being so greedy. they already make money hand over fist. the common printer company tactic of making cheap cheap printers that eat cartridges like candy that cost $35 a piece (mind you, printers have a color and a black ink cartridge) should be enough for those guys. shoot, i already feel dirty enough shelling out that money, but having my computer sniffed is going too far.
--no sig.
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
I wonder if Lexmark was smart enough to somehow encrypt or sign the data going back. I doubt it. I don't own any of their stuff, and never will due to their silly lawsuit, but I would be more than happy to feed their little servers plenty of interesting usage data. Plenty. We could distribute a program to allow like-minded folk to send over some good usage data whenever the urge hits (or in a cron job).
Anyone want to start deciphering packets? Can someone with a Lexmark do some capturing? Seriously, this could be fun, and their illegal database could become, shall we say, useless.
People in Nevada and any other states with spyware laws also need to contact their state AG's immediately. If you're in NY, you might want to get Spitzer's office on the phone. That guy can *find* a law that they broke.
Do you have ESP?
Hey, I am sure they are doing it in the name of national security!
Their plan to catch Osama was to flood Afghanistan with cheap Lexmark printers and hope that he or one of his buddies buys one. Then wait until Osama or one of his followers prints his digital camera pics on one of those printers. [Assume anyone in Afghanistan who can afford such a printer has Internet access as well] It should not be that hard to match and existing [reference]photo of Osama's face (embedded in that DLL file) with one in a solo or group photo.
It's not that hard to track someone down once you have their IP address.
Don't forget about the $20million reward!
The right way to do this would be to trigger data upload only if match was found, otherwise sit quiet.
OK, that was movie-of-the-week fantasy, but what they could have really done is monitor anyone scaning or printing $20 or $100 dollar bills.
Doesn't Photoshop alert you if you are trying to scan US currency? (or is that another urban legend?)
When was the last time something insightful came out of usenet?
I'm concerned with privacy, so I use free software. Sure, my ISP can log my web habits but I don't have to worry about them selling information about what I do inside my own network to spammers. Nor do I have to worry about being compromised by some kind of email worm or malicious web site, which are just as large a threat to privacy.
You might be a little more concerned if you think about how any business can function without internet connected computers and what information your company might want to protect. All of that gets thrown out the window with M$ junk.
Friends don't help friends install M$ junk.
Persay, find the server, find the data they are collecting (reverse engineer the software for the packet format), do a google search for port 8080, and fill up their systems with so much junk crap that the data becomes unreliable? Perhaps figure out how they use the data, and over a period of months, feed them innacurate data such as "print cartridges fail fewer times than they normally would, and use ink more quickly than they normally do" to get lexmark to say, for example, make unreliable print cartridges that fail often and do 50 pages for $40 a pop?
Candy-Coated Knowledge
When i run into those issues, i call them and they either get me another way to do it, or "i will return the product due to its being unuseable"..
Normally they get me what i need, and I dont have to threaten them with a law suit....
---- Booth was a patriot ----
I recently got a used network laser printer for $200, it has both PCL5 and PS and since it's my first laser would somebody be kind enough to explain which mode should I use?
Are there any differences in print quality and/or speed, resource usage or something else I should know about? In case it matters the printer has 64MB of memory, a 4MB flash card (for firmware upgrades??) and no hard disk.
The PCL5 driver reports the printer as 24ppm, max 1200dpi and PS driver as 16ppm, max 1200dpi - is PCL really 50% faster or is this just a driver quirk?
I would test it myself but the toner refill won't arrive untill next Tuesday.
Thanks in advance to anyone who helps a laser newbie!
Capitalization is the difference between "Helping your uncle jack off a horse" and "Helping your uncle Jack off a horse"
Surely it would be easy enough for a few people to flood their site with garbage reports so that any useful data gets buried....
If anyone is monitoring me like that, in an identifiable manner, it's only legal if they've included what they're doing in their Data Protection Act registration and follow all the requirements of the Data Protection Act.
I just saved a bunch of money on my car insurance by switching to Geicko. You really need to get your ass back on Usenet, buster. Seriously!
Looks like it might be time to dust off my old Star dot matrix printer. It was a gem and I've never had the heart to get rid of it. Maybe I'll hook it up yet for old time's sake.
Not clear what they are monitoring?
What's confusing is that the original post: Wrong: the Engadget report doesn't say that the packets being sent say otherwise -- there's no reference to packet sniffing: As you suggest, packet sniffing is the next thing to do.What am I missing? Couldn't somebody just install the program and sniff the information out of the packets?
-kgj
-kgj
My printer and mouse have been sneaking into the kitchen and checking out the ice cream supply for years.
It looks like ZDnet.com.au Austrailia has also picked up the story, and has ran an article on the same Lexmark issue.
You can buy a Lexmark printer for about 25 dollars. With shipping it was 32. It comes with one color ink cartridge. It doesn't come with a usb cable, but if you're like me, you have those lying around.
A replacement lexmark cartridge costs 35 to 40 bucks. So when the original cartridge runs out, buy a new printer. Then sell the old one on ebay for 10 bucks (make sure to tell them it doesn't have an ink cartridge). So you've paid about 23 dollars for the whole thing. Which is how much even "cheap" ink cartridges cost, no matter who makes them.
I've got a nice all in one Brother scanner, fax, printer lying around that has something wrong with it, but it would cost me more to fix than I can buy a Lexmark for. And the ink for that printer was about the same as the Lexmark would be, even though the associate at Office Depot told me that it was the cheapest ink around. It is, but when you have to buy 3 color cartridges and one black cartridge it comes to about 50 bucks.
I've also been thinking about buying a lot of these lexmark printers and taking the cartridge out, sell it and the printer on ebay. I could probably make a profit of about 10 dollars for each printer I did this with. They are worth more if you take the ink cartridge and the printer and sell them seperately than they are if you sell them together.
I worked at hewlett-packard's All in One division and we wrote software that did the same exact thing and sent the data back to HP over http.
This software would be installed within the gigantic 120MB setup file. Somewhere deep in the EULA is a sentence about HP being able to process user activity data.
If you think
So it's just common sense that their software would be complete shit as well. Also, I always register all my products to:
Cheese Dick Christ
444 Upyours Ave.
Suckit, CA 91166
Feel free to track me all you want. It's not like the fucking warranty does me any good, because I'll just get the run around and in the 4 months it takes you to refurbish it and send it out, I'm obviously not using the son of a bitch so a fat lot of good your "warranty" does me.
What? No one remembers the printer embedded logic bomb which kept taking out the computer system of a certain power facility some decades ago when a disgruntled employee knew he was being fired/laid off and write a program into the memory of the printer unit which could initiate a communication to the main computer and wipe it out?
By sending packets out like this, Lexmark is opening up a can of worms.
All this means to me is:
A driver that goes out to a website to upload data could just as well go out to a website and download code. Someone who can hijack that domain will probably find a way to screw with the system.
Winged Power Photography
Printer consumables (e.g. ink & paper) generate a lot of revenue for the retail outlets as well as the manufacturer. Companies that sell cheaper ink and more expensive printers will have difficulty placing their printers in retail outlets. The cost per page of large photocopiers is very low, but you don't see them sold at big-box stores.
While retails outlets were the primary source of printers this was a stable situation. What has changed recently is that companies like Dell have enetered the direct sales market and so cut out the retail vendor. Retail can still make some money on consumables since there is some compatibility (e.g. Dell OEMs Lexmark).
But manufacturer's have no forced commitment to retail stores and if the Internet allows them to bypass the middleman and do direct sales, they will attempt to do so. In fact they must in order to compete with companies like Dell. At the same time Dell can't completely undercut the existing price regime because Lexmark still needs to see positive economics for their own printers even though they also build printers for Dell. Cut price ink would cannibalize their own sales more than the benefit of the increased hardware sales.
In order to make up for the loss of retail sales - and the loss of retails sales information - both Dell and Lexmark have created software that tracks usage and directs the user to the manufacturer's website *before* they run out. Otherwise, people will tend to impulse buy from retail rather than wait a week for delivery.
So the manufacturer's want the information, they need it in advance of ink exhaustion to bypass retail, and they can collect all sorts of information that they probably don't need but might find useful.
It's the 'might find useful' category that causes the greatest privacy concerns, and are probably not necessary for the immediate purposes, but it's easy to collect and few people complain. So far.
this site deserves it http://www.lxkcc1.com/. Only problem is they don't let ya in. Anyone know how to get in?
Clarity improves somewhat considering the timeline. First Lexmark denied the allegation. Then capitulated when pressed with the evidence to admit that they were tracking printer and cartridge use.
Less clear is the statement over 'packets saying otherwise'. I wish more detail over information found within those packets would have been disclosed. The two articles I have read so far have not shined any illumination upon that.
No matter. For all the Lexmark drivers out there of that version it should not prove overly difficult for researchers to obtain, monitor and report their findings. If Lexmark is guilty of a greater transgression than what has been admitted to date then all such will be uncovered eventually.
Lexmark brings greater suspicion upon themselves by not being forthcoming as queries go unanswered. Truth being found the alternative whenever suitable lies won't do and at that, extraction forced only when faced with undeniable evidence to the contrary.
Legalities aside, the whole matter strikes one as a sleaze ball operation intended to co-opt, coerce, exploit and defraud. Considering that Lexmark is now a subsidary of the private equity firm Genstar Capital and considering how private equity firms tend to conduct business, this is hardly surprising.
-AC
This is why Lexmark tried to invoke the DMCA: The printer uses a cryptographic signature to identify Lexmark cartridges, and won't work if it finds one made by a third party.
To get around this, Lexmark's competitors reverse-engineered the authentication algorithm, so that the cartridges could fool the printer into thinking they were made by Lexmark. Lexmark responded by suing them under the DMCA. Happily, it lost.
IMO, this can also be implemented without "calling home" - the printer software itself could keep a list of the S/N's of the used cartridges.
If I had a Lexmark printer, I'd fight back. Write a program to send bogus packets with false data to screw up their data. Distribute it to other pissed-off Lexmark owners. Release another program to disable Lexmark's spyware.
It's nasty and somewhat immoral, but sadly it seems like the only way companies will learn.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Whoa! Way too much caffeine! Must stop drinking so much Starbucks java ...
Starbucks? Whoah.... their coffee must rival Epson or Lexmark's ink as the most overpriced stuff ever.
Do you enjoy shopping at Gap as well?
Try opening LEXPPS.EXE in Resource Hacker.
The information is as follows for those who are fortunate enough not to have any Lexmark products.
VALUE "Comments", "MarkVision for Windows '95 New P2P Server (32-bit)"
VALUE "CompanyName", "Lexmark International, Inc."
very very scary!!!
Sorry, but I really don't think that's a very constructive attitude.
There is simply too much small print in an average person's life for them to read and absorb all of it. That would probably still be true even it it were written in plain $LANGUAGE, and not deliberately obfuscated by lawyers. Hence it is unrealistic to expect anyone to understand and, if necessary, challenge everything that they might not agree with if asked in isolation.
To protect society from the unscrupulous behaviour of those who would capitalise on this systematic weakness, we have a legal system. We elect people to form a government that can spend its full time in administration on our behalf, so we don't have to. Their remit is to look after our interests for us in cases like this.
The problem with a lot of technology is that it takes a fairly long time for the elected government's knowledge and views catch up with informed professionals (who, of course, can dedicate their whole working life to the technology industry, an advantage the lawmakers don't have). Consequently there is a fairly large window of opportunity for profitable spamming, spyware, adware, etc. that aren't really in the general public's interests before it becomes illegal.
The only realistic solution to this problem is to educate the lawmakers and draw their attention to new problems faster so they can act against them. Expecting to educate everyone in society about every potential threat to their finances, privacy, security, work-life balance, etc. just isn't a realistic possibility, which is why comments like the parent post aren't very helpful.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
But that would only stop the user from refilling thier own cartridges. The other way would stop the user from considering any off brand carts.
The problem is, capitalism is fleecing the privacy of people
Funny, I thought it was Lexmark doing it, not capitalism. Gotta love dorm-room socialists.
That's like saying Linux is an OS for illegal hackers just because one hackers uses Linux in a bad way.
Pinging it says that it is filtered. Have they teken it down already?
This story has approximately ten times as many responses as the story (five hours older) titled "Airlines Ordered To Turn Over Passenger Data".
Shame on us.
My trusty Epson Photo EX died last week (true story, I'm not making this up) and I bought the Canon i9900 specifically because the people at Canon don't seem to play these games with their customers.. Nothing in the world could comvince me to buy Lexmark and whenever someone I know has looked for an inkjet printer I've made sure to point their antics out.
Two words: worldwide boycott.
I remember an old Gomer Pyle show... (OK - I know - all Gomer Pyle episodes are old...)
Anyway, there was an episode where he would use a particuliar jeep. Everytime he had the jeep, his buddies would keep filling it with gas for fun, and not tell him. He thought that he was getting like 100 miles per gallon. When the sargent had the jeep, they'd siphon off the gas...
You could really screw with their numbers. Your Lexmark printer could report 200 reams per ink cartridge. Depending on the detail of their reporting back, you could make it look like you printed 1000 sheets all red, then all blue. You could mess with their metrics. Worse yet, if you falsify your registration number, you could fill their databases with fake data and even collide with other numbers already registered. How do they interpret data when the same printer is being reported numerous times with different behaviors. They shouldn've used strong crypto to ensure data integrity...
They probably should have had a click-to-authorize this activity as on option with their driver, with some benefit attached. Most would click it anyway, or not read the advisory...
http://www.iamsam.com
I own a Lexmark X1150 Multifunction. I do use the programs included, but I have checked my firewall logs and there is no communication between my computer and any Lexmark servers. In fact, no Lexmark programs are even set up for network access.
I think I remember an option during setup that said something about 'anonymous usage statistics', and I unchecked it. I could be wrong, as several programs have that.
All I know is I'm not being spied on.
In corporate america your scanner scans you!
+1 Insightful, too.
Well spotted, that arab! So it is true that y'all invented Algebra? (-:
Got time? Spend some of it coding or testing
You guys got crossed off my list of potential replacement printers as a result of your using the DMCA to try to lock out toner cartridge competition. Now this? Has anyone at Lexmark even heard of public relations let alone what it means?
CUR ALLOC 20195.....5804M
I bought an Optra L for about $80 a few years ago; it had about 30K pages on the engine. The thing works great; it even came with partially used cartridge, so I've been printing lots of paper. This includes a PS interpreter and a network interface.
Now I'll admit that it has one quirk; when I switched to a 100baseT hub, it has timing issues when it first connects to the network. But I can probably print for a few more years and sell it for what I paid for it.
By contrast, their inkjet stuff looks like junk.
I just bought an all-in-one scanner/printer/fax, and Canon is clearly *clearly* the best choice for an inkjet printer.
I just bought one of these (got it for $250), and I can't say enough good stuff about it.
When you take everything into account, its simply the one to get. HP and Lexmark don't even come close.
See, Canon charges a fair price for the printer, and then get this...they charge a fair price for the ink.
If people RTFA they might've seen a comment suggesting Epson's doing this too:
p ro tectingid/talkback.htm?PROCESS=show&ID=20035702&AT =39125876-3800003100t-39000836c
http://www.silicon.com/research/specialreports/
I just wonder if with my Z605 if I'm safe. I got it as an Xmas gift (free after rebate)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I bought a Samsung laser printer couple of years back. IIRC, it was the cheapest model back then but I'm very happy with it and it does not send my data to anyone.
If a printer I bought would start sending my data without my explicit permisison, I'd demand my money back. As simple as that.
I wonder if when all the anti-spyware legislation finally comes into effect, if Lexmark will be one of the first companies sued over it. Class action lawsuit anybody?
Makes me wonder if Lexmark is gonna scramble to offer driver upgrades that remove the spyware now that the world knows about it.
Use Linux (or a *BSD) and CUPS to run your printers. Since you don't have to run any printer-company applications (because Linux has its own drivers for everything, all thoroughly vetted by the open source community), it is impossible for manufacturers to spy on you.
I'd include OS/X in that, but unfortunately, I'm using a Hewlett-Packard print manager on my iBook, which could possibly be spying on me right now. It's a bummer, but I paid 1800 bucks for this thing (the iBook, not the printer), and I don't want to quit using it until it dies of old age. Sigh...
In the meantime, I have a couple of old mil-spec laptops running Slackware that can take over when the iBook dies, so I guess that's pretty cool.
Farewell! It's been a fine buncha years!
I used to work in the printer business, before their bottom line dropped too close to red for comfort, and they saved money by two subsequent 30% staff reductions. The product manager calls printers "ink and media dispensers." A lot of effort does go into making the ink and paper come out with just the right colors, but several of the knock-off inks, such as is made from Pelikan, all good stuff, good, accurate gammut. You need a decent color profile (ICM file), and the profile for OEM inks never quite does the trick.
It sounds to me like Lexmark is struggling financially, and they have turned to blood-sucking lawyers and unscrupulous programmers writing spyware. Too bad their execs know nothing of the concept of brand image/reputation, because from this point on, I expect several of us won't touch their product. Like it or not, the in-the-know technical crowd tends to influence a larger buyer volume than their own. Consider the multitudes that ask us for shopping advice.
Fear this, Lexmark:
"This holiday season, I would recommend [HP, Canon, Epson] over Lexmark. In addition to this particular brand being my favorite, Lexmark has engaged in unscrupulous practices, and uses the internet to watch you use your ink. Who knows what else they plan to do in their printer drivers next year?"
We have a rough enough time keeping ahead of worms and OS patches, to be bothered with disinfecting device drivers. Lexmark, feel free to fire the idiots who came up with this, along with all guilty parties. You have my permission. When this makes market-based media, heads will roll.
Two eyes have grown up in my mouses' top. I'm worry about that.
Like most manufactured products, their are good and bad implementations of a product family, and professional and consumer grade products.
As a general rule I would be suspicious of any inkjet based or top feed device that claims to be a genuine MFD. All in one products need to be robust or you are at the mercy of the weakest component to bring down the whole device.
If you are looking at a device which scans (either to file or to print) look for something that scans off the glass unless it has a heavy duty document feeder, as those mechanisms have a high incidence of failure.
Paper trays that rely on top-down gravity feed frequently fail and start drawing multiple sheets of paper through at a time.
MFDs have two major market spaces:
1. High volume office environments where the main print engine is a heavy duty copier engine, which is both more reliable and more cost effective than desktop printers, and the total copy volume is probably less than 20% of the print volume. Fax, copy, scan, print should operate independantly of each other for true miltitasking and drivers are handled at an enterprise level.
2. Isolated workspaces where space is at a premium but multiple functions are required, generally still in a corporate environment. An example would be a nurses station in a hospital - most hospitals in service were designed before there were computerised patient tracking systems, everything was managed through card systems and cardboard folders of patient records, now every nurses station needs to fit a computer, a printer, a phone, a fax and a way of copying handover sheets. A small footprint laser MFD saves space and proves the required functions.
For most home offices, inkjet MFDs are a false economy.
Disclaimer: I work for Xerox - we develop, design, manufacture and sell MFDs.
Sara
Designer, Gamer, Macgrrl in an XP World
Second part: but a used laser printer. If you can find one, a low page-count ( BTW - guess where you can get laser printers even cheaper? GOODWILL! I have been making some major Goodwill runs on the weekends here in Phoenix - just yesterday I was at the 16th street and Van Buren location (those in Phoenix know that this location isn't in the greatest of neighborhoods - no big deal, though) - two newer model HP LaserJets (1100's - I think) - with toner cartridges. They looked brand new, and they probably work just fine. If they don't, they are probably easy to get working, or if you want, Goodwill has a 30 day return period. Best of all was the price - under $20.00!!! That's less than an inkjet refill cartridge, for a laser printer and toner! You might find other bargains as well.
Fight the scam - go laser, and don't look back!
Reason is the Path to God - Anon