Hacker News new | comments | show | ask | jobs | submit login
EFF to Texas AG: Epson Tricked Its Customers with a Dangerous Fake Update (eff.org)
178 points by DiabloD3 65 days ago | hide | past | web | favorite | 60 comments



Motorola just did that on the Moto E4 Plus phone.

The August security update (only delivered last week) disabled NFC support unless you used a sim card from a specific network provider (who had presumably paid for exclusive NFC ability).

'Once installed, this update cannot be removed' say the release notes, with no details about lost functionality.

My phone just lost a feature, and I'm not happy about it.


Have you considered taking Motorola to small claims court over this? Motorola has a history of turning off features in software months after selling a device, I remember when they bricked band 12 on certain devices at T-Mobile's behest.

As my friends updated, their coverage went from usable to not working indoors, with no warning that an update was disabling part of their LTE radio. Very scummy business practice, it is not good to let Motorola continue to abuse customers like this with no consequences.


There's an app that might help you do that: https://news.ycombinator.com/item?id=18193349


Motorola is a wholly owned entity. Rather, 联想集团有限公司, better known in the West as Lenovo Group Ltd., did that to you


The whole update world is messed up IMHO. My phone shows me multiple pending updates each day. What I notice is some apps updates are pushed out religiously every couple of days. I suspect most are legit but some I am not sure about, in fact I even think it's so my phone reminds me that I have app or game "X" installed. When I look at the reason for the update all it says is "Bug fixes" or "Information not provided by user". I feel it's more about reminding you that app is there than actually fixing issues and delivering new features.


Updates are too easy and it makes developers sloppy when they can just push changes so often.

I think some consoles used to charge a lot of money to vet an update for a game. I wonder if that pushed devs to update less often and test/prepare more.


Making it artificially harder to push out an update doesn't sound like much of a good idea, if that is what you are suggesting.


No suggestions. Just a thought on cause and effect.


I don't think regular updates are abused to remind you because it's pretty trivial for the application to pester you with notifications itself. I think the updates are a combination of wanting to keep the app fresh and "normal" bug fixes/features that, especially since "nobody" cares about details, developers never bother writing details for.

If you're on Android, you can disable update notifications from the app store settings.


> I don't think regular updates are abused to remind you because it's pretty trivial for the application to pester you with notifications itself.

If you get gratuitous notifications from an app to remind you of its existence, you'll blame the app for being annoying.

The same stigma doesn't get attached to app updates.


I can't swear that developers are setting updates to reengage users. My first suspicion would instead be that very frequent updates without obvious impact are either bugfixes, or somebody running/settling A/B tests via pushed updates.

That said, I have seen mobile game devs show daily user charts that rise (relative to installs) after updates. It wouldn't shock me if people had decided to capitalize on that.


Disguising a malicious* update as a security update should remain the realm of scammers/crackers/outlaw and not large household companies.

*I think malicious is the right word - it is done in the knowledge that it will result in higher costs and inconvenience for customers without consent.


Just spit balling their response:

"These updates secure the user against using dangerous counterfeit cartridges that might damage the printer"

If you really wanna push it, they might add something like

"Moreover, these counterfeit cartridges could come with malicious hardware meant to infect the printer"

Because sure, if you wanna get really inventive you probably could get some kind of hack going by getting hardware in the printer.


Update aside, the letter also notes the practice of disallowing third party cartridges in general is nefarious. I wish that were the case, but I liken it to the printer equivalent of HDCP. Every day I see advertisements for the new, hip, consumer-friendly tech-gen versions of mattresses, toothbrushes, contact lenses, etc. Where is the company making consumer-friendly inkjet printers? Surely it can't be much more difficult than the 3D printers that were made in proverbial basements.


> Where is the company making consumer-friendly inkjet printers?

Brother, enough said. No bullshit preventing you from using refilled cartridges if you want, their hardware doesn't randomly die as much as competing brands, etc. Heck, even if you go with OEM cartridges they aren't too bad either.


I agree that Brother is probably the best of the bunch. My specific question didn't ask it the way I led up to it, but I was wondering if there was a potential disruptor of the old guard. But as another commenter mentioned, the space is likely not lucrative and has already raced as far to the bottom as it will (whether consumers will pay a bit more to encourage an upstart is unlikely).


100%. I have Brother laser printers that are over a decade old that still hum along without any troubles.


Well... https://epson.com/ecotank-super-tank-printers Epson sells printers that are explicitly marketed as "easy to refill".


Looking to avoid the existing printer hegemony, regardless of what products they sell.


There's no money in printers. They haven't improved technologically in any meaningful way since the inception of Wi-Fi, and when buying a new printer, the ink that comes in the box is worth more than the printer itself. No matter how expensive of a printer you buy, it's going to break in just over 13 months anyways, $300 printers aren't more reliable than $30 printers.

My current recommendation is the Canon MG2500 series: They can scan, copy, and print, you can often get them for about $20-25, and they come with ink. And if they stop working, you can just toss them and get new ones. It may or may not be more economical to just buy a new printer every time you run out of ink.


My Epson AIO is going on about five years now, use it all the time, and I don't expect it to break any time soon.


The stack of Epson AIOs I have at home says otherwise. I actually find the Epson's the worst, because if you don't print with them regularly (every couple weeks) they are permanently ruined. Something something microtubules you can't clean in a print head you can't replace.


I haven't had that issue with mine. It's been shipped across the planet a couple of times and works just as well as the day I bought it.

I think that might have been an issue ten+ years ago.


I think there's room to improve - the latest Fuji printers have incredible colour gamut.


Very few people need high quality photo printers. Usually they have a document that they need on paper. For most users, you are better off not having an expensive photo printer and paying Walgreen's to run off a good print of a photo when you need it.


Personally my answer was to get a decent color laser printer. The printing is basically magazine quality or better, and even though the toner cartridges are expensive they last for years it seems like (at least for home use).


The EFF is wrong on that front. It's not like Epson is lying to you about needing to use Epson cartridges, is preventing other printer makers from making printers with higher up-front costs and unrestricted cartridges, or even is rolling in profits from their cheap, restricted printers (their profit margin is 5-6%). It's just a different business model: selling limited hardware for very cheap, instead of selling more expensive, unrestricted hardware. It's one that favors low-end consumers, who don't print very much, by shifting costs to high-end consumers who print a lot.

The EFF's position here is the kind of misguided idealistic thinking that has destroyed housing affordability by shutting down the less-than-ideal housing and boarding options that used to be available to day laborers, etc. There is no free lunch--if you make it illegal to sell cheap, restricted printers, manufacturers won't just sell unrestricted printers for the same price. They'll sell better printers for more money, and price out the bottom of the market.

Printers are a low-margin, highly competitive business, which means that you get what you pay for. If you want a reliable printer with low cartridge costs, get a business-grade laser printer.


>There is no free lunch--if you make it illegal to sell cheap, restricted printers, manufacturers won't just sell unrestricted printers for the same price. They'll sell better printers for more money, and price out the bottom of the market.

The EFF isn't just complaining about selling "cheap, restricted printers" though. Epson chose to sell a cheap unrestricted printers, people bought them knowing they were unrestricted, and then Epson restricted them after sale.

It'd be like if Tesla had a lower cost car and thought they could make up some costs by charging you a large premium at their Superchargers on road trips. You bought the car knowing that topping it up in your garage overnight was enough for your usual commute.

Then a year later they decide they aren't making enough money at the chargers because people haven't been using them. Now they push out a "Security Update" that makes your car refuse to charge anywhere but the Supercharger, which happens to cost 500x the going rate of electricity.

Somehow I don't think people would be OK with that.


I was addressing only this part of OP's statement:

> the letter also notes the practice of disallowing third party cartridges in general is nefarious.


Gotcha. I have mixed feelings about that; yes it's nice that you can walk into Best Buy and get a printer for $20, but it only comes with 10 pages worth of ink. Makes you wonder what percent of those end up in a dumpster when the owner finds out that a real ink cartridge will cost several times what the printer did.

Maybe printer boxes should be required to list the MSRP and page capacity of compatible ink cartridges on the box so you have some idea of what you're getting into. As is, any printer company that tries to avoid this race to the bottom on up-front cost ends up pricing themselves out of the market because it isn't apparent that the running costs are lower.


You present the current market situation as if it's the result of well-informed consumers making rational choices.

This is far from the case. The majority of people who buy 'cheap' printers do not know how expensive they are to run. Even if the manufacturer displays the # pages a cartridge can print, these numbers usually assume 5% page coverage, which is very low compared to the eye-catching sample prints shown on the printer's box.

All of this is intended to mislead consumers.

I like how in supermarkets (in the UK at least), shelf labels clearly show the price per kg, or per ml. So it's easy to compare items. And I like how there are regulations for how efficiency (and hence running costs) is measured for cars and washing machines.

Maybe we need similar regulation for printers: you can sell anything you want, but the ongoing cost must be calculated in a specific way, consistent across all manufacturers and models, and must be displayed prominently.


The cartridges are sold on the shelf right next to the printers! People can easily see how much they cost. And there is an ISO standard for calculating page counts: https://www.lexmark.com/common/images/iso-page-yields/unders.... Yes, that's not the coverage for eye-catching sample prints on the box, but you also won't achieve the EPA-estimated gas mileage driving the way they show in car commercials.

I have a different theory--power users want to have their cake and eat it too. People who print a lot lose under this model, because it shifts costs from light users to heavy users. From their perspective, it would be better to have expensive printers and cheap ink. (The same is true for price discrimination generally. Apple's pricing practices are good for people who can get away with a 32GB iPhone, bad for people who need a 256GB one.) Or, they're simply ignorant of the economics, and think that printer companies could offer unrestricted printers for the same price by cutting into their fat, fat profit margins.


"The cartridges are sold on the shelf right next to the printers!"

No they're not. The cartridges aren't usually on a shelf at all.

Epson's ink cartridge retail packaging is designed to be hung on a hook.

"Yes, that's not the coverage for eye-catching sample prints on the box, but you also won't achieve the EPA-estimated gas mileage driving the way they show in car commercials."

Right, but the way EPA-estimated gas mileage is close to the way real people drive. The 4%-5% coverage listed in the PDF you linked is not, especially given that most home injket users are printing photos, web pages, and their kids' school stuff.


See Figure 2 on page 3. Seems quite representative.


Those pages in figure 2, that have 5% coverage PER COLOUR may be representative of the median coverage, but not of the mean. Watch some middle school kids print out their homework. That one cover slide with a coloured background, or the few slides with full page photos, may have close to 50% coverage per colour. Even if only every tenth page is like that, the mean coverage will be twice the median.


While I agree this isn't the law's place in general, this hovers very close to the right-to-repair argument. Do you have a right to repair a printer? Can the company make physical attempts impossible or how far is a company allowed to go? Then apply that to reverse engineering and manufacture of replacement parts. Do you have a right to replace parts in a printer? Or, does a company have the right to go to any lengths to prevent it? Or is there a middle ground?


Agreed. An analogous way to put how the printer companies are doing business would be if car manufactures setup gas stations and only allowed you to use their brand of gasoline.


If, like printer companies, they sold the cars for a fraction of the up-front price, that might be a very good deal for consumers who don't drive very much.


Their choice of business model does not obligate me to work within that business model. Even more so when their business model requires restricting my ownership of a product purchased at the offered price.


Property and contract rights are flexible. There is no requirement that every sale transfer unrestricted ownership at a fixed price. Selling things with conditions, selling fractional ownership, etc., is perfectly acceptable, so long as the seller is up front about the terms. And the buyer, having notice of the terms, absolutely is obligated to adhere to them if they go through with the transaction.

Not only is this true morally--you agreed to the deal, you should be bound by it--but it's economically efficient. It allows mutually beneficial transactions to happen that otherwise would not.


I didn't agree to any of that. I took a box from a shelf and paid for it.


The box tells you it requires Epson cartridges.


If Epson were smart, they would make it accept the currently installed, no matter if fake or real, and then reject the next cartridge installed.

That way they wouldn't be caught.


Better yet, apply different printer settings (because you can't use "safe" setting designed for your own cartridge) that visibly worsen print quality. Some random line here and there. Ah, these 3rd party cartridges quality is just so bad..

But given how expensive these are anyway I'm surprised they don't use PK cryptography (micros are really cheap these days) to authenticate themselves to the printer. Extracting private key could quite difficult with appropriate chip used (still cheap). And the keys could be put in batches that correlate with the cartridge expiration date.


Don't give them ideas.


This is devious.


How I wish we could buy opensource printers and other devices. There is a so-so opensource home router and a few stabs at opensource phones/tablets, but not much more.


For this type of behavior, I abandoned printers entirely a few year ago. It took a bit to find businesses that never required paper for transactions, but now I am happy to never have to print or scan anything. To turn away from an entire industry kinda feels good. Everyone should treat dark business practices this way. Drive them into bankruptcy or ethical behavior.


If proven, these companies should be forced to pay a fee equal to the entire revenue from the printers affected and all their ink sales. I guarantee that if this was law, shit like this wouldn't happen. We really need regulation to punish companies that knowingly hurt consumers, especially when done in sneaky ways like this.


Companies aren't magical beings. They are made up of people sitting in meetings in conference rooms, sending memos and writing TPS reports. Some one or ones made the decision to do this and those people should be punished individually via the criminal justice system. If a single individual had written a virus or piece of malware that did the same function and was caught, they would face criminal penalties. It should be no different if the act was performed under the umbrella of a corporation.

When people can perform bad acts like this (see: VW) and not fear any personal consequences this behavior becomes common and acceptable.


Perhaps both. Punishing only the people deemed directly responsible makes it much too easy for corporations to scapegoat someone low on the totem pole, and it ensures that the culture that fosters bad behavior will never change--there's an endless supply of ambitious underlings to be sacrificed as necessary.

If you hit them in the bottom line every time, they'll learn to police themselves. (Or perish. Either is fine.)


It's always funny to see people wishing death to companies that they've probably invested parts of their 401ks in unknowingly, or had their insurance payouts come out investiture in.

Our economy is less like a cabal of fat cats twirling mustaches and puffing cigars at the thought of how they can further disenfranchise the poor, and more like an ecosystem.

It's not like CEOs will even suffer, they'll probably get a fat comp bonus to try and keep them from jumping ship in the middle of bankruptcy proceeding.


> Our economy is less like a cabal of fat cats twirling mustaches and puffing cigars at the thought of how they can further disenfranchise the poor, and more like an ecosystem.

An ecosystem with a cabal of fat cats twirling mustaches and puffing cigars at the thought of how they can further disenfranchise the poor sitting at the top of the food chain, sure.

One of the ways they do that is to assure that workers have a trivial stake in the same things that the rich depend primarily on, so as to provide a basis for propaganda misleading the masses about a shared interest.


What about their stake is trivial?

As of this week, the lowest paid Amazon employee is less that 2,000$ away from being part of the global 1%

We all consume like the world is going to leave us tomorrow but complain about the system that lets us?

I’m from a 3rd world country, and even there, with all the exploitation and government mismanagement I wouldn’t buy that argument easily.

But in the West? Even the poorest gain too much to wash their hands and say “this system doesn’t do anything for me”

Maybe it doesn’t do as much for you as you’d like, but if it collapsed tomorrow morning and we “ate the rich”, their quality of living would be strictly worse than it is today.

That’s not propaganda, that’s simple logic.

Ironically I think if the entire world “ate the rich”, most Americans saying “eat the rich” would be eaten.

PS, I hate when things are written off as propaganda. It’s too tautological: “Why is that false” “Because it’s propaganda”; “Why is it propaganda” “Because it’s false”. At least show the fault in the “propaganda”.


Someday Americans will hopefully devise a system where bad actors can be punished without fear of jeopardizing their ability to retire or receive other benefits.


> It's always funny to see people wishing death to companies that they've probably invested parts of their 401ks in unknowingly...

It's always funny to see people thinking their personal profits should come first over preventing widespread harm.


It’s widespread gain for widespread harm, let’s just make that clear.

The loans people take out on their homes, the insurance on their cars and homes, and more tangibly, the companies involved in getting them the food they put on their tables for pennies on the dollar in raw value.

We’re all in on this. Just because you don’t get a yacht out of it doesn’t mean the system doesn’t benefit you.


...those people should be punished individually via the criminal justice system.

When does that happen to execs in USA? This suggests that it has been a long time:

https://www.theguardian.com/commentisfree/2018/oct/05/americ...


Yeah, the only people punished will be the lowly worker who was forced to do the job by the higher ups in the first place.


This isn't a new thing. I remember Nintendo's made Wii updates that intentionally brick modified consoles.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: