Vlad Waas 🐬🦂 @WA_V - Twitter Profile

Vlad Waas 🐬🦂 @WA_V

8 days ago

@MultiTricker 🤣🤣🤣

0

1

0

2K

WA_V retweeted

Vladimír Smitka

@smitka

8 days ago

I looked at those slicers too... CWE-494 isn't just a Creality issue. It is inherited directly from OrcaSlicer, and all the other vendor forks have it too. This means Bambu can inject its own code into all of these slicers. That might be a good reason to submit a PR to @real_OrcaSlicer adding integrity checks, but someone would have to maintain it... What is unfortunate is that all these vendors forked OrcaSlicer, yet apparently none of them contributed anything back. At the same time, they all modified the cloud opt-out / libbambu_networking behavior. Creality completely removed Stealth Mode from the UI. Elegoo commented out the control toggles. FlashForge left the option in the UI, but commented out and disabled the backend!!!, so the setting does nothing. Anycubic added its own networking stack, and the setting does not apply there. Another interesting detail is that the official Anycubic package does not fully match the GitHub source code. It contains 13 additional binaries, and they also removed the Orca-branded models. 🙂 CrealityPrint has very aggressive telemetry. It sends more than 70 different events to a Chinese SaaS platform, Sensors Analytics / 神策, (IMHO) without clear consent. They claim the data is anonymous, but it includes permanent identifiers such as device_id and user_id, along with information about printed models, other printers, and much more. On top of that, the privacy dialog seems to almost never appear. As for libbambu_networking (used by all vendors), the slicers expose the user's public IP address, the slicer itself, and its usage frequency to Bambu. Once a user logs into MakerWorld (I am not sure all users realize this is Bambu) it can link that to their identity, full printer information, what they print, and their slicer settings (amazing marketing source). Bambu can also silently push arbitrary code to your computer via the libbambu_networking update and execute it when the slicer launches.

5

92

19

14

13K