TL;DR
Josef Prusa has publicly warned that Chinese 3D printing software, notably Bambu Lab’s fork of PrusaSlicer, violates open-source licenses and may pose security threats. The concern centers on license violations and possible government influence, raising questions about security and compliance in the industry.
Josef Prusa has publicly warned that Chinese 3D printing software, particularly Bambu Lab’s fork of PrusaSlicer, violates open-source licenses and may pose significant security risks.
In a series of posts on X (formerly Twitter), Josef Prusa, CEO of Prusa Research, accused Bambu Lab of violating the AGPL-3.0 license through their fork of PrusaSlicer, specifically regarding the use of a closed-source networking plugin. Prusa emphasized that the plugin’s integration violates the license because it functions as an inseparable part of the product, despite Bambu Lab’s claims that the components are separate.
Prusa also raised concerns about the security implications of this software, noting that the network plugin can be replaced remotely and is downloaded from a CDN, raising potential risks of remote manipulation. He pointed out that these issues are compounded by the close ties between Chinese tech firms and government regulations, which could introduce further security vulnerabilities.
Prusa’s comments follow his earlier discovery in 2021 that Bambu Lab’s software was sending telemetry data to Prusa’s servers, which led to legal considerations that were ultimately dropped due to enforcement challenges. He also highlighted the broader context of Chinese laws requiring citizens and companies to assist with intelligence gathering and hand over encryption keys, which could complicate trust in Chinese-made software.
Why It Matters
This development is significant because it raises questions about the security and legal compliance of widely used 3D printing software originating from China. As open-source licenses are violated, the risk of malicious or compromised code increases, potentially affecting users worldwide. The concerns about government influence highlight broader issues of trust and security in the industry, especially as 3D printers are increasingly used for sensitive applications.
TINA2 Mini 3D Printer, HEPHI3D FDM 3D Printers for Beginners, Fully Assembled Auto Leveling 3D Printer for Kids, Resume Printing Function, Fully Open Source, Removable Flexible Magnetic Build Plate
【Fully Assembled】Out of the box, the user-friendly beginner 3D printer is easy to operate with 2.4" LCD Display….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Prusa Research has long been a major player in the desktop 3D printing industry, known for its open-source approach. The rise of Chinese manufacturers like Bambu Lab has introduced competitive products that often rely on modified open-source software. The licensing violations and security concerns are part of ongoing tensions between Western and Chinese tech sectors, exacerbated by legal and geopolitical issues. Prusa’s public warnings follow previous disputes over software licensing and data privacy, emphasizing the importance of open-source compliance and security in the industry.
“Bambu Studio has been violating the PrusaSlicer AGPL license since their fork, with the same networking binary black box in question today. Why are they willing to burn the goodwill over it?”
— Josef Prusa
“The network plugin can be replaced remotely and is downloaded from a CDN, which can be manipulated. This poses a significant security risk.”
— Josef Prusa
“Chinese laws require companies and citizens to assist in intelligence gathering and hand over encryption keys, which can compromise security.”
— Josef Prusa
Creality Nebula Camera, 3D Printer Camera for 24H Real-Time Monitoring, Time-Lapse, Spaghetti Detection, WiFi Connection Fits for Sonic Pad, Nebula Pad, Ender 3 V3/Plus/KE/SE, CR-10 SE
【Easy to Connect】 The Creality camera with its USB interface, the Creality Nebula Camera is easy to connect…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear how widespread the license violations are across other Chinese 3D printing software, or whether Bambu Lab will respond publicly or modify their software to address these concerns. The extent of potential security breaches or malicious code embedded in these products is also still under investigation.
ELP 16 Megapixel USB Camera Module with 75degree No Distortion Lens 3496P 6K Embedded Webcam Board for Computer 16mp CMOS IMX298 USB2.0 Video Raspberry Pi Web PC Camera for 3D printer Bar/QR Code Scan
Model:ELP-USB16MP01-L75 ELP 16 Megapixel Ultra HD Resolution USB Camera Module:16 million pixels,Max Resolution:4656 (H)x 3496(V)pixels,high definition embedded web…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Prusa Research plans to continue monitoring Chinese software practices and may pursue legal action if violations persist. Industry stakeholders are expected to scrutinize the security and licensing compliance of 3D printing software more closely. Further disclosures or official responses from Bambu Lab are anticipated in the coming months.
Offer 3D Printing Service | We Use Professional 3D Printer to Turn Your Desin Into Reality-3D Printed Objects
Upload your 3D file Via Amazon message.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What specific license violations are being accused?
Prusa claims that Bambu Lab’s fork of PrusaSlicer violates the AGPL-3.0 license by including a closed-source networking plugin that cannot be separated without violating the license terms.
Why are these license violations a security concern?
The closed-source network plugin can be remotely replaced or manipulated, which could lead to security breaches or malicious code execution in users’ 3D printers.
How do Chinese laws influence the security of software from Chinese companies?
Chinese laws require companies to assist in intelligence gathering and to share encryption keys with the government, potentially compromising user data and security in software developed under these regulations.
Will this affect the safety or reliability of 3D printers using these software tools?
The security vulnerabilities and license violations could lead to compromised software, which may impact the safety, privacy, and reliability of 3D printing operations.
