Update 2 (1/22/2025) - The Verge has an article with a Q&A with Bambu's representative, which clears up some of the murkier points that people were concerned with. It is worth a read.
As is often the case, when a product or service achieves a certain level of success, companies may let the mask slip a bit. Some companies wear several masks, and we never really get to get a picture of what they may be capable of, while others wear their intentions on their sleeves, as boring and trustworthy as that may be. Bambu Labs, which is widely admired for their technical innovations, was starting to earn some trust in the 3D printing community for their seemingly balanced approach to some touchy issues that have emerged, as hobby machines mature into consumer products. Last Thursday though, they lifted their mask a bit and gave their customers and the 3D printing community a more candid look. As is often the case, bad things can start off small, and the changes they announced seem that way to a good number of their customers, if the reaction on reddit is any signal. On the surface, the changes are simply being done to address legitimate security concerns, and should simply be a footnote in the story of an innovative company. And to be fair, many of their customers simply see it that way as well.
For a bit of background, in the modern history of the 3D printing hobby, the user interaction with printers has been pretty simple, with three basic steps. First, a user will either design or find a 3D model to print, and in the latter case there are many repositories of models to choose from (Thingiverse, Printables, Cults3d, MakerWorld, etc). Next the model (usually a .STL, .STP or .OBJ file) needs to be prepared for the printer, and that requires the use of a "slicer". The slicer does exactly what the name implies, it creates slices of the model, and commands which a 3D printer can use to create the model in the real world. The slicers are generally open source, with the most popular being Cura, PrusaSlicer, OrcaSlicer or Bambu Studio. Some of these slicers are open source forks of others on that list, and share a common heritage, but all the top slicers have their roots in open source. The slicer generates a .3mf profile, and then a "GCODE" file, which in the final step, is sent over to the printer. The printer parses the GCODE file, line by line, and uses it's instructions to build a print. layer by layer. This is how Octopus_v6.stl goes from the computer screen, to collecting dust on a shelf (after several stops along the way, being passed between co-workers and friends).
The TL;DR of it is:
1. Design or find a 3D model to print (.stl, .stp, .obj files)
2. Prepare the file using a "slicer". (.3mf "profile is created), which then outputs "GCODE" that is sent to the printer.
3. The printer parses the GCODE line by line, and uses the instructions to print the object.
There is another, simpler workflow which removes step 2 from the user experience, and allows printing directly from an app. Step 2 never really goes away though, and the slicing is simply performed in advance by other users of a platform like MakerWorld or Printables, and shared as a prepared .3mf profile set up for a specific model of printer. There are several nuances to this workflow, and MakerWorld seems to be leaning into AI pretty heavily, so they will probably further refine it, but for now, this should do for a basic explanation of the process.
Now, back to the controversy already in progress. The change announced by Bambu, has placed an "authorization and authentication protection mechanism" between steps 2 and 3, that is, between the slicer and the printer. Bambu's reasoning for doing this is security, and they claim that such a scheme is necessary in order to protect the printer from trojans and other threats. They also point to DDoS attacks on their network which caused outages on MakerWorld. Bambu claims that they are working with 3rd party software and hardware providers, whose products or software will be broken by the changes, though they make no commitments that full functionality of 3rd party tools will be restored (it sounds like that may never happen in some cases). They offer two paths forward for users who rely on 3rd party tools, with the first being to avoid further firmware updates (bad), or install "Bambu Connect" to act as an authentication broker of sorts between their 3rd party tools and the printer (incomplete and also appears to be closed source). It's unclear right now if they are making a long term commitment to maintaining Bambu Connect, or if it could be left to wither on the vine as they introduce new features (but I would not hold my breath).
Adding to the mess, is a function of Bambu printers called "LAN Only" mode. This is a mode of operation where a Bambu printer can be isolated from any Bambu cloud or network services. "LAN Only" mode was added in response to the concerns from some users that their private data may be shared with Bambu. "LAN Only" mode is useful for business, institutions and privacy focused users, who require their printers to be a tool, and are less concerned with the extra functionality of using Bambu's cloud services (like the Bambu Handy app). With "LAN Only" mode, the printer could be walled off and would still function normally, with very few limitations (primarily the loss of remote monitoring and control via the Handy app).
On the surface, the changes that Bambu announced have a reasonable explanation, and they claim they are not locking the gate for 3rd party tools, so why the kerfuffle? To start, the changes they announced place Bambu as a gatekeeper between the slicer and the printer, which is a new (and untrusted) concept in the open world of the 3D printing hobby. Concerningly, this also applies to "LAN Only" mode, which belies some of their rationale for the changes. Many users are concerned that this is the first step down the "slippery slope" of possible vendor lock for consumables, or the expulsion of 3rd party tools from the Bambu ecosystem (including the popular OrcaSlicer). This is a reasonable fear, as Bambu printers have the required sensors which could enable vendor lock for filament refills. Others worry that giving Bambu a veto between their slicer and the printer, could allow Bambu to parse their proprietary 3D models or even restrict what they print. An account will also be required in the new scheme, unless printing using the SD card (which would be initiated from the printer menu itself). In fact the only true (yet partial) work around, if using the new firmware, would be direct printing from the SD card, which is largely considered to be an unacceptable workflow for a modern 3D printer.
Upsetting things further is that the change has been poorly telegraphed, since, till now, Bambu had been adding functions such as offline SD card firmware updates (which will only be possible via the cloud going forward). They also have a reasonable policy for handling X1Plus, which is an alternate firmware available for the X1 series. They could have shut X1Plus down in it's tracks, but instead offered a way for interested users to give up their warranty and support, but still use X1Plus if they wished. Another example is the "LAN Mode" previously discussed, which was implemented when users expressed concern for their proprietary models or data being potentially shared with Bambu (due to the encrypted communications between the printer and Bambu's cloud, nobody really knew what was shared). Seems likely to me that "LAN Mode" was more about convincing businesses and institutions to buy Bambu printers, as they could be made to act as a "normal" printer without the cloud based baggage, but I was happy to see it introduced regardless of why. So, with the latest announcement, users were caught a bit off guard, and some feel betrayed after buying expensive printers with the expectation that they could continue to use them as they had before.
In my opinion, there is truth to both sides of this. But since Bambu did not provide a carve out for "LAN Only" mode in their new "authorization and authentication protection mechanism", I'm leaning towards the more worrying reasons for the change. A printer that is currently in "LAN Only" mode (prior to the firmware update), can work perfectly well, even if the printer and workstation running the slicer are on a boat in the middle of the ocean, or on a spaceship without any Internet connection. The new scheme however, will require an internet connection to authorize some commands between the slicer and printer. I feel they are effectively removing "LAN Only" mode as an option. That may not seem like a big deal, but for many, that was a key reason for buying a Bambu printer, or even a requirement if they need to work on sensitive or proprietary designs.
If Bambu does not back track a bit, at least on "LAN Only" mode, there is little reason for me to think that the change does not represent the first step to closing the gate of their garden. They will have effectively placed their veto between users and their printers, which opens up a number of user unfriendly possibilities. The idea of not being able to update firmware going forward is not a serious work around. And rolling back to a firmware that does not require their authorization scheme will not be possible on any future models (which is clearly stated in their announcement). I've been looking forward to their next flagship printer (due sometime early this year), but the new direction Bambu is signaling is not a good one in my opinion. It seems to me that they've altered the terms of deal for the part of their customer base who rely on a true (isolated from the Internet) "LAN Only" mode. The hope for existing owners of Bambu printers, who disagree with the new direction, lies in either a partial reversal of changes (at least for "LAN Only" users), or with the community, and projects like X1Plus, or other work-arounds that may allow people to take back their printers.
(See the update from Bambu at the top of this post).