
EFF to Texas AG: Epson Tricked Its Customers with a Dangerous Fake Update - DiabloD3
https://www.eff.org/deeplinks/2018/10/eff-texas-ag-epson-tricked-its-customers-dangerous-fake-update
======
londons_explore
Motorola just did that on the Moto E4 Plus phone.

The August security update (only delivered last week) disabled NFC support
unless you used a sim card from a specific network provider (who had
presumably paid for exclusive NFC ability).

'Once installed, this update cannot be removed' say the release notes, with no
details about lost functionality.

My phone just lost a feature, and I'm not happy about it.

~~~
metildaa
Have you considered taking Motorola to small claims court over this? Motorola
has a history of turning off features in software months after selling a
device, I remember when they bricked band 12 on certain devices at T-Mobile's
behest.

As my friends updated, their coverage went from usable to not working indoors,
with no warning that an update was disabling part of their LTE radio. Very
scummy business practice, it is not good to let Motorola continue to abuse
customers like this with no consequences.

~~~
sp332
There's an app that might help you do that:
[https://news.ycombinator.com/item?id=18193349](https://news.ycombinator.com/item?id=18193349)

------
grahamm
The whole update world is messed up IMHO. My phone shows me multiple pending
updates each day. What I notice is some apps updates are pushed out
religiously every couple of days. I suspect most are legit but some I am not
sure about, in fact I even think it's so my phone reminds me that I have app
or game "X" installed. When I look at the reason for the update all it says is
"Bug fixes" or "Information not provided by user". I feel it's more about
reminding you that app is there than actually fixing issues and delivering new
features.

~~~
tetrep
I don't think regular updates are abused to remind you because it's pretty
trivial for the application to pester you with notifications itself. I think
the updates are a combination of wanting to keep the app fresh and "normal"
bug fixes/features that, especially since "nobody" cares about details,
developers never bother writing details for.

If you're on Android, you can disable update notifications from the app store
settings.

~~~
JoshTriplett
> I don't think regular updates are abused to remind you because it's pretty
> trivial for the application to pester you with notifications itself.

If you get gratuitous notifications from an app to remind you of its
existence, you'll blame the app for being annoying.

The same stigma doesn't get attached to app updates.

------
dm319
Disguising a malicious* update as a security update should remain the realm of
scammers/crackers/outlaw and not large household companies.

*I think malicious is the right word - it is done in the knowledge that it will result in higher costs and inconvenience for customers without consent.

~~~
rocqua
Just spit balling their response:

"These updates secure the user against using dangerous counterfeit cartridges
that might damage the printer"

If you really wanna push it, they might add something like

"Moreover, these counterfeit cartridges could come with malicious hardware
meant to infect the printer"

Because sure, if you wanna get really inventive you probably could get some
kind of hack going by getting hardware in the printer.

------
kodablah
Update aside, the letter also notes the practice of disallowing third party
cartridges in general is nefarious. I wish that were the case, but I liken it
to the printer equivalent of HDCP. Every day I see advertisements for the new,
hip, consumer-friendly tech-gen versions of mattresses, toothbrushes, contact
lenses, etc. Where is the company making consumer-friendly inkjet printers?
Surely it can't be much more difficult than the 3D printers that were made in
proverbial basements.

~~~
rayiner
The EFF is wrong on that front. It's not like Epson is lying to you about
needing to use Epson cartridges, is preventing other printer makers from
making printers with higher up-front costs and unrestricted cartridges, or
even is rolling in profits from their cheap, restricted printers (their profit
margin is 5-6%). It's just a different business model: selling limited
hardware for very cheap, instead of selling more expensive, unrestricted
hardware. It's one that favors low-end consumers, who don't print very much,
by shifting costs to high-end consumers who print a lot.

The EFF's position here is the kind of misguided idealistic thinking that has
destroyed housing affordability by shutting down the less-than-ideal housing
and boarding options that used to be available to day laborers, etc. There is
no free lunch--if you make it illegal to sell cheap, restricted printers,
manufacturers won't just sell unrestricted printers for the same price.
They'll sell better printers for more money, and price out the bottom of the
market.

Printers are a low-margin, highly competitive business, which means that you
get what you pay for. If you want a reliable printer with low cartridge costs,
get a business-grade laser printer.

~~~
wlesieutre
>There is no free lunch--if you make it illegal to sell cheap, restricted
printers, manufacturers won't just sell unrestricted printers for the same
price. They'll sell better printers for more money, and price out the bottom
of the market.

The EFF isn't just complaining about selling "cheap, restricted printers"
though. Epson _chose to sell_ a cheap _unrestricted_ printers, people bought
them knowing they were unrestricted, and then Epson restricted them after
sale.

It'd be like if Tesla had a lower cost car and thought they could make up some
costs by charging you a large premium at their Superchargers on road trips.
You bought the car knowing that topping it up in your garage overnight was
enough for your usual commute.

Then a year later they decide they aren't making enough money at the chargers
because people haven't been using them. Now they push out a "Security Update"
that makes your car refuse to charge anywhere but the Supercharger, which
happens to cost 500x the going rate of electricity.

Somehow I don't think people would be OK with that.

~~~
rayiner
I was addressing only this part of OP's statement:

> the letter also notes the practice of disallowing third party cartridges in
> general is nefarious.

~~~
wlesieutre
Gotcha. I have mixed feelings about that; yes it's nice that you can walk into
Best Buy and get a printer for $20, but it only comes with 10 pages worth of
ink. Makes you wonder what percent of those end up in a dumpster when the
owner finds out that a real ink cartridge will cost several times what the
printer did.

Maybe printer boxes should be required to list the MSRP and page capacity of
compatible ink cartridges on the box so you have some idea of what you're
getting into. As is, any printer company that tries to avoid this race to the
bottom on up-front cost ends up pricing themselves out of the market because
it isn't apparent that the running costs are lower.

------
londons_explore
If Epson were smart, they would make it accept the currently installed, no
matter if fake or real, and then reject the _next_ cartridge installed.

That way they wouldn't be caught.

~~~
comboy
Better yet, apply different printer settings (because you can't use "safe"
setting designed for your own cartridge) that visibly worsen print quality.
Some random line here and there. Ah, these 3rd party cartridges quality is
just so bad..

But given how expensive these are anyway I'm surprised they don't use PK
cryptography (micros are really cheap these days) to authenticate themselves
to the printer. Extracting private key could quite difficult with appropriate
chip used (still cheap). And the keys could be put in batches that correlate
with the cartridge expiration date.

------
guy98238710
How I wish we could buy opensource printers and other devices. There is a so-
so opensource home router and a few stabs at opensource phones/tablets, but
not much more.

------
bsenftner
For this type of behavior, I abandoned printers entirely a few year ago. It
took a bit to find businesses that never required paper for transactions, but
now I am happy to never have to print or scan anything. To turn away from an
entire industry kinda feels good. Everyone should treat dark business
practices this way. Drive them into bankruptcy or ethical behavior.

------
mnm1
If proven, these companies should be forced to pay a fee equal to the entire
revenue from the printers affected and all their ink sales. I guarantee that
if this was law, shit like this wouldn't happen. We really need regulation to
punish companies that knowingly hurt consumers, especially when done in sneaky
ways like this.

~~~
coleca
Companies aren't magical beings. They are made up of people sitting in
meetings in conference rooms, sending memos and writing TPS reports. Some one
or ones made the decision to do this and those people should be punished
individually via the criminal justice system. If a single individual had
written a virus or piece of malware that did the same function and was caught,
they would face criminal penalties. It should be no different if the act was
performed under the umbrella of a corporation.

When people can perform bad acts like this (see: VW) and not fear any personal
consequences this behavior becomes common and acceptable.

~~~
BoorishBears
It's always funny to see people wishing death to companies that they've
probably invested parts of their 401ks in unknowingly, or had their insurance
payouts come out investiture in.

Our economy is less like a cabal of fat cats twirling mustaches and puffing
cigars at the thought of how they can further disenfranchise the poor, and
more like an ecosystem.

It's not like CEOs will even suffer, they'll probably get a fat comp bonus to
try and keep them from jumping ship in the middle of bankruptcy proceeding.

~~~
dragonwriter
> Our economy is less like a cabal of fat cats twirling mustaches and puffing
> cigars at the thought of how they can further disenfranchise the poor, and
> more like an ecosystem.

An ecosystem with a cabal of fat cats twirling mustaches and puffing cigars at
the thought of how they can further disenfranchise the poor sitting at the top
of the food chain, sure.

One of the ways they do that is to assure that workers have a trivial stake in
the same things that the rich depend primarily on, so as to provide a basis
for propaganda misleading the masses about a shared interest.

~~~
BoorishBears
What about their stake is trivial?

As of this week, the lowest paid Amazon employee is less that 2,000$ away from
being part of the global 1%

We all consume like the world is going to leave us tomorrow but complain about
the system that lets us?

I’m from a 3rd world country, and even _there_ , with all the exploitation and
government mismanagement I wouldn’t buy that argument easily.

But in the West? Even the poorest gain too much to wash their hands and say
“this system doesn’t do anything for me”

Maybe it doesn’t do as much for you as you’d like, but if it collapsed
tomorrow morning and we “ate the rich”, their quality of living would be
strictly worse than it is today.

That’s not propaganda, that’s simple logic.

Ironically I think if the entire world “ate the rich”, most Americans saying
“eat the rich” would be eaten.

PS, I hate when things are written off as propaganda. It’s too tautological:
“Why is that false” “Because it’s propaganda”; “Why is it propaganda” “Because
it’s false”. At least show the fault in the “propaganda”.

------
csense
This isn't a new thing. I remember Nintendo's made Wii updates that
intentionally brick modified consoles.

