Bambu Lab is abusing the open source social contract

Full disclosure: I've never owned a Bambu because I've never loved the idea of a "closed" ecosystem 3D printer, however I have used them, and am very familiar with the 3d printing space beyond Bambu.

For anyone considering alternatives: You should know that almost all other 3D printers expect you to know a little more about how they actually work than Bambus. Bambus are as close as you can get to a "just works" type experience, but modern alternatives from others are nowhere near as hard as they used to be.

The closest "easy" alternative is probably Prusa, but you'll pay significantly more for a Prusa machine than you would a Bambu. They're an excellent company, and the complete opposite of Bambu when it comes to Openness. If money is no object, Prusa is highly recommended.

Beyond Prusa, there's a lot of other options. https://auroratechchannel.com/#section2 This list is a good one.

I personally run an old Elegoo Neptune 4 pro - but my needs are quite low. If I were buying today, a Snapmaker U1 or the Creality K2 Plus is probably where I'd end up going.

This sentence in Bambu Lab's blog post is wild:

> We have documented incidents of service outages caused precisely by spikes in unauthorized traffic - overwhelming the servers, causing service disruptions affecting everyone. The cost was instability felt by all users.

So it's a problem that their printers are popular, and they can't be bothered to scale their infra, so let's gate everything based on USER AGENT STRING! This is so crazy of an excuse that I don't believe it.

OK - so Bambu has harassed legitimate F/OSS projects.

Serious question: why not just release whatever you want but not tie it to your identity? Bambu demands OcraSlicer make changes under threat of litigation? OK, cool. Enjoy the 5,000 forks of OcraSlicer that implement that functionality in exactly the same way. Hell, post a notice that they were compelled to remove the feature, and that they're thereform removing the release x.y.z, with the sha256 hash of "...".

Now OrcaSlicer has complied, and the community has an semi-official way to make sure that the commits that were removed aren't modified when they get them from other sources.

Funny how fast people forget. LAN mode was NOT part of their original plan until outrage like this happened last time. They shifted their course and changed their blog post after. Putting pressure as a customer is how you steer company’s direction.

"It pretended to be the official client" is not a security argument if the mechanism was client-supplied metadata.

That’s not impersonation. That’s Bambu discovering that user agents are not authentication.

I am an outsider on the details of the Bambu software requiring users to go through their servers in China and the closing of their software.

Still I suspect it is about spying in wartime, Bambu printers are at the core of the Ukrainian war effort, the main reason even Ukraine is winning since januari 2026.

First China prevented Ukraine from using any of the drones that they sold in millions to Russia while exercising the built in kill switches in Chinese drones used in by Ukrainians.

Suddenly Bambu, another Chinese company started listening in on the 3D printing on a massive scale in secret factories all over Ukraine that make the drones to replace the Chinese drones. Very suspicious.

Whatever is the reason Bambu locks down software or firmware on their 3D printers, now is the time for programmers to change the situation. We need to put up money like Louis Rossmann did [1], not to fight legal battles but for a assembly language programmer to reverse engineer the Bambu firmware and make a free and open source version.

This firmware replacement will cost a couple of months to write so we all should send that programmer a little money so he/she can release it for free.

A free Bambu firmware will allow the Ukranians to continue producing another few million drones and save over a hundred thousands lives by ending the war.

Now is the chance for us outsiders to help Ukraine, by freeing Bambu firmware.

[1] https://www.youtube.com/watch?v=qLLVn6XT7v0

P.S. I would be willing to do the reverse engineering but I would need at least 35 euro per day (to eat) to build a new firmware for all Bambu models from scratch. I would need a few different models of printers on loan for a few weeks to test the new firmware. I estimate it would take 5-9 months to rebuild firmware for all models from zero and release it. Maybe Rossmann and Geerling could use their influence and coördinate this freeing of the firmware?

I just emailed Rosmann and Geering to see if we together can free the Bambu firmware. Anyone who wants to help, please contact me trough my HN profile.

I'm an open-source advocate (some would say zealot?) but I ended up buying a Bambu P1S a few months back because my research indicated that there were ways use it normally without creating a Bambu account, or using their slicer, or having to send all of your prints through their servers.

I don't have my notes in front of me, but I managed to do all of that with hardly any trouble at all. IIRC, you only had to change one setting on the printer itself, and optionally block the printer from Internet access via the firewall to prevent automatic firmware updates and telemetry. I have only used OrcaSlicer to tweak my models, mess with parameters, and send the prints to the printers.

So other than Bambu getting all heavy-handed with a legitimate open-source fork of their slicer software (which is definitely not okay), I'm not sure I'm clear on what the kerfuffle is about. Are their printers now MORE locked down than before? Or maybe only certain models?

It's by far not the only Chinese 3D printer manufacturer that completely disregards open-source licenses. There's also Anycubic Slicer Next, which is essentially a reskinned OrcaSlicer with additional presets for Anycubic printers, yet you won't find its source code anywhere, not even if you request it via email.

Was about to pull the trigger on a P2S. Now I'm not.

Bambu Studio is literally a PrusaSlicer fork. You don't get to build on the community and then threaten it.

I bought a Bambu Labs A1 Mini. It cost $199, on sale. I plugged it in and started printing excellent prints.

Previously I bought an Ender printer for around the same amount. Never did get it to work. I'm not an engineer or a mechanic. I have other technical hobbies, astronomy for example. I tried making a telescope mirror with results similar to the Ender printer. I buy ready made telescopes, not telescope kits.

I have immense admiration for those who can and will make telescopes and 3D printers. I'm very interested in the base technology. But when I want to print something, or look at a faint fuzzy, I just want the system to work.

(Interestingly, I actually like star hopping, the process of finding an observation target with a finder scope and star charts. Go to telescopes have no interest for me. Go figure ...)

To me this seems like a failure of the U.S. corporate/economic system. We should be able to make a 3D printer that simply works. We should be able to make a drones that work as well as the DJI drones. (My understanding is that Bambu Labs was started by a group of former DJI engineers.).

I don't have any solutions here. Not buying a Bambu Labs printer means I don't get to print things in 3D. I would pay more, but whenever I look into the various alternatives that I'm assured are turnkey, they turn out to not be turnkey. And if my Bambu printer breaks I can generally buy a new one cheaper than paying someone who knows what they are doing to fix it.

I'll admit this kind of offends my geek sensibilities. I actually agree, at least emotionally, with Geerling. But I also agree that the U.S. military industrial complex should be able to make excellent consumer facing 3D printers.

If I were doing commerce with the 3D printer I almost certainly would be using something else. Maybe. For what its worth, I'm basically printing out puppet mechanisms and art figures. Occasionally a wall hook or missing part for something that I happen on a STL file for.

I don't disagree with Bambu from an operational standpoint, but disagree with their handling of this.

They are offering a cloud infrastructure that allows users to remote control the printer via their software. If they don't want users to use a non-approved software to access their cloud, they should just build auth around it and explicitly tell people that. The accessibility for users to utilize the printer without going through official software and cloud is a whole other can of worms of course.

This whole fiasco could have been avoided by not being so confrontational, giving their user base ideological ammo.

> I find it doubly ironic since their own fork caused Bambu users' telemetry to hit Prusa's servers back in 2022, and (to my knowledge) Prusa didn't snap back with a C&D.

This for me was the most telling.

I don't care if my 3d printer is "open" any more than I care if my refrigerator is "open". I get that for a lot of you it's a hobby that you want a dedicate a lot of time to, upgrading, hacking, etc.. which is great. But for me, I just want something that prints when I need it to print. The fewer minutes per month that I have to spend thinking about or interacting with my 3d printer, while still getting great prints, the better. And that is what Bambu has nailed better than anyone else, as far as I'm aware.

Related topic from 2 days ago : https://news.ycombinator.com/item?id=48084432

Bamboo not understanding the OS licencing when they themselves took from Prusa if I remember correct is pretty rich.

A User Agent not being suitable for any kind of authorisation aside, given this was published under AGPL, is any kind of legal action even possible? Or is this like DMCA abuse, technically not grounded in any legal basis (and in the case of knowingly filing an improper DMCA claim, clearly illegal but never prosecuted) and solely a scare/might makes right tactic?

I bought my bambu labs ps1 about 4 years ago now. I have never connected it to the internet. I've never printed from bambu slicer. I've always exported the gcode and manually placed it into the machine. It's been a nuisance and I'd never recommend Bambu to anyone else because of this. I knew they were collecting from the beginning and I CHOOSE to do it this way, which is incredibly sad. Our data has a lot of value and I refuse to be monitored. I just wish more people would choose to push back.

One aspect of this may be Chinese laws, which I am assuming if they don't already require the ability to monitor or even censor what gets printed, they will soon. Even in the US we are starting to have legislation related to blocking firearm component printing, but this doesn't necessarily mean central servers do it or have access to everything printed. Yet.

I think the primary problem is actually more than just Bambu's behavior, it's that China is an authoritarian country, and most of the population not only accepts the idea of central servers monitoring and "moderating" behavior but largely may embrace it as a sensible thing to do. It's probably beyond Stockholm Syndrome to the point of much of the culture genuinely not completely even understanding the idea of why privacy and personal control is important.

Much of the United States is so far on the other side that they can't begin to understand the position Bambu is in. Large companies in that country just do not have the option to allow their users to bypass censorship and monitoring.

I do think it's actually great that this type of issue gets in everyone's face though and it's great people are fighting back. But realize that the problem is deeper than one company. It's the whole type of government and attitude towards it and technology.

What's most surprising to me is that this is coming from a company that directly markets towards hackers and makers.

Like when you think of the App/Play store lockdowns, the new ReCaptcha attestation stuff, and other things that have a more authoritarian angle to it as of late, you can at least see how it happens: most of their consumers aren't technical and don't even know how to argue against it or why they should care.

With Bambu on the other hand, I'd think a good portion of its customers do actively care about this kind of thing. 3D printing just doesn't have the same market reach as computers and smartphones.

Also, it seems to me like there's eventually going to be a turning of the tide on all of these pushes (app stores included) and companies that are making these kinds of moves aren't seeing that writing on the wall.

Anyways, yeah, my next purchase will be a Prusa.

IDK anything about 3d printing, but is their online service so complicated that people can't create an open source self hosted alternative? If they can already take the LAN version and send spoofed requests to their servers, they can do the same to a new fully open server.

Surely people can check the traffic and build a server to answer similarly, no? Or is this much more than job management?

Maybe this is impossible and I'm talking out of my ass, but for me it seems like a perfect opportunity to completely remove the problematic party from the equation.

I wish they weren't privacy invading, and abusing open source, but I love how good the printers are. I want to print practical things, not continually fix design flaws in the printer (as was the case with the Creality Ender).

Here is my perspective as someone who has not started 3d-printing yet, but is interested to give it a try:

I'm a confused about the whole "3D printer sends prints to its manufacturer's server" issue. Because I wouldn't want to connect hardware device like a 3D-printer to a network in the first place.

Can I buy a Bambu Lab printer and just never hook it up to any network?

Will I be able to print from sd-card just fine?

Can I update the firmware from an sd-card?

If these two are possible, I would not have any problems with such a device. If they are not, I would not even think about getting such a device.

And when it comes to slicing software: Can I use any slicing software and all I have to do is load the hardware info of the Bambu Lab printer I want to use? Or do I have to use Bambu Lab Studio or a fork like Orca Slicer for some reason?

And while we are at it: Does command line slicing software exist? I wouldn't want to dabble with a GUI. I would want to define the parameters of a print job in a yaml or json file and then slice it like "./slice.sh config.yaml myobject.stl"

Playing devil's advocate, but Bambu had the writing was on the wall for this kind of stuff for years.

You buy this, you "vote" for this.

The open alternative exists. It costed more, but I saved a bit more and got it.

Vote with your wallet, where and while you can.

There are many valid criticisms one can make about Bambu Lab, but the constant overreactions to everything they do is so tiring. Somebody at their company saw a fork with their own company name on it, impersonating their own client auth code, and sent a C&D.

The receiver of the C&D should see a lawyer about what changes or user-facing messages might get Bambu to back off. This is a normal, solvable business disagreement, not an excuse for everyone to get their pitchforks out again.

Also: I run multiple Bambu printers offline and they all work fine via sneakernet without anyone's files going anywhere. People should stop acting like these devices are bricks when used without internet access.

I remember people dumping on Prusa for him complaining about Bambu Lab, pointing out all the mistakes he made, instead of seeing how he was right.

He was right.

Good article, but I'd like to ask about two small technical details (I've used Bambu before, but I'm not very familiar with the 3D printing ecosystem).

1. OrcaSlicer: so it's a fork of Bambu's official client, Bambu Studio - but it apparently still goes through Bambu's servers for printing? How exactly does that work? Does it also "impersonate" the User-Agent, and Bambu was okay with that?

2. OrcaSlicer-bambulab: if the goal of this fork-of-a-fork is to bypass Bambu's cloud servers, why would it still need to "impersonate" the UA and communicate with Bambu's servers (as Bambu claimed)? Wouldn't the whole point be to avoid doing that in the first place?

We have a Bambu Lab P2S at work. I was considering to buy one myself, because of the ease of use and relative affordability.

What printers are similarly priced and have similar specs, for someone relatively new to 3D printing?

New development: Louis Rossman is rehosting the code and dares Bambu to sue him.

> they can see everything you ever print on your printer

This will be the only legal way to own a 3D printer if WA HB 2320 or CA AB 2047 are passed. If you don't like it, call your representatives immediately.

I can't speak to their open source, but I really enjoy Bambu 3d printer and it works great for me and my 9 year old son.

The problem here is Bambu is an excellent printer. It is MORE reliable than my paper printer and just works!!

I honestly don't get it. They have more to win by doing things right than with this crap they pull out . Never getting a Bambulab.

What about Elegoo Centauri Carbon? I've had my eye on this for some time.

I got a P1P a few years ago and haven't regretted it. A the time BL's price/performance/reliability was peerless. It really was a turn-key printer.

That said none of this is surprising. Bambu Labs have been very candid about their playbook which is following Apple's lead. They want to be the Apple of printers, a very walled garden with high integration good UX and not a lot of freedom because they want to tightly control the full experience.

And that is going to alienate a lot of people and endear a lot of others. The only reason they've even paid lip-service to open source or open hardware is simply to get a foothold in an industry that had strong roots in that area. Now that they're a more established brand we should expect them to start bricking in the garden and adding controls.

Fortunately I think they've been a net-good for the printer landscape, they shook things up pretty hard and I think there's now more competitive models from other brands.

is there case for Bambulabs breaching Direct Export Controls of dual-use technology to China? 3d printing tech is obviously dual-use. they are forcing network now, and they clearly have servers in China.

same for breach National Defense Authorization Act (NDAA)

I'm supportive of Jeff's general philosophy towards open source, but this feels a little disingenuous. Did Bambu mishandle the situation? Absolutely. But we need to stop vilifying companies for being cloud-first. The reality is that 99% of their users set up the printer and app using the cloud service. It's easy and convenient. The slicer is still open source, and you can still use their printers without the cloud. (Yes there was some fighting after their security issue in 2025, but they did put in an effort to maintain compatibility with third party slicers even if it was misguided and/or out of touch.

Bambu has every right to restrict or limit how their cloud service is used, even if they do it in a completely insecure and trivially reproducible way (a user agent).

I'm curious from a legal perspective - the user agent in the Bambu slicer is AGPLed, so copyright wise it seems anyone could put it in their own slicer too. Nonetheless, something feels wrong to me about saying you're a Bambu slicer when you're actually not. Bambu is going after it because of the user agreement, but is there any other legal standing for complaint?

Bambu has proven time and again that they don't understand security. Unless, of course, it's theater and by design because real security would be inconvenient to state actors. Regardless, they gaslight and bludgeon those who wish to use the hardware they purchased in peace offline and away from prying eyes.

Having said all that, the hardware is very good. Software, not so much.

What did `orcaslicer-bambulab` actually do?

My understanding is that right now, you can run your printer in LAN or USB mode without Bambu's cloud, and this is supported natively by OrcaSlicer (or any slicer using USB), but you lose some of the Cloud monitoring features.

You can also use Bambu's cloud with their Cloud Connect app and gain those monitoring features while using a third-party slicer, but at the expense that you send your prints through their cloud.

Or, you can use Bambu Studio and get the "fully integrated" experience.

My understanding is that this plugin just replicated their Bambu Studio communication with the Cloud, and that it _enabled_ you to send your prints to their cloud, not _disabled_ it. Is there something I'm missing that made this valuable? (ie - did it do some hybrid where it could hack in the Cloud monitoring without sending the prints through the Cloud?) Otherwise, I think what Bambu are doing are distasteful but I don't understand all of the Chinese espionage hand-wringing or "stealing our files" commentary around this.

EDIT: I finally got to the bottom of this; there is a cloud-based RPC method called `bambu_network_start_local_print` where Bambu's Cloud would authorize a print using (ostensibly) only locally transferred data. The goal of this project was basically to pretend to be the Bambu plugin in order to authorize this method, which is otherwise locked behind Bambu's auth system. This makes more sense. I wish the commentary on this subject would actually explain this.

Aside from orca slicers issues

Bambus p2s and their ams2 pro have had more hardware reliability issues in 1 month than is normal

Wayyyy more than my p1s and ams combo

I think there’s also some issue in their firmware that needs to be rolled back or perhaps properly tested

Gonna sound harsh :

This isn’t a printer anymore … it’s AI slop

If you don't do any 3D printing, it's hard to understand the difference between bambu labs and nearly everything else.

The Bambu printers work. Imagine the difference between windows XP and OSX. Do you guys remember the insane breath of fresh air it was to get a computer which just worked?

That's Bambu. Yeah they aren't open source there's all sorts of telemetry, etc. Nobody cares because they really just want to print things.

Yeah, I was considering getting into 3D printing and Bambu was one of the finalists. It's good to have one less brand to think about, makes it a bit easier to decide.

They will lose relevance soon anyway. Toolchangers are the future and their offerings on the matter are kinda shitty at the moment. Their nozzle changing solution is overengineered.

This is a pretty clear case in court to me - Bambu would lose it.

I think we should go to court and beat Bambu into submission here.

I installed the third party X1C firmware and locked it down last year. Their whole excuse about security was nonsense then and it’s nonsense now. Every step they take pushes them closer to fully locking their printers down to be either subscription based or use their (always out of stock) filament.

So happy to see this climbing HackerNews. I hope someone at Bambu gets their head out of their ass after this debacle, but I'm not holding my breath

To me, this looks like state pressure rather than a normal business decision. I cannot see a convincing reason for it otherwise. If these printers are used in professional settings, users may be unknowingly sending prototypes, designs, and internal project data to China. That kind of access would be extremely valuable, especially if the company can identify the buyer, their location, and their field of work. Given the relationship between Chinese companies and the Chinese state, corporate espionage seems like the most plausible explanation.

> Some people are okay with using OrcaSlicer and printing through Bambu's cloud. It's convenient if you're on the road and want to start a print on your printer at home

Do such people really exist? Are there actually people who are comfortable blindly starting a robot in their home, with a part that heats to 150 C, and then hope that everything will work out and when they get home the part will be waiting for them, instead of the firefighters?

Hacker News - the place where shills love to make reasonable sounding arguments.