Bambu Lab is abusing the open source social contract

Original Article ↗ Hacker News Discussion ↗

Bambu cloud, plugins, and OrcaSlicer fork

  • Bambu’s slicer is AGPL and downloads a closed-source “network connector” plugin that talks to Bambu’s cloud.
  • A fork (of OrcaSlicer, itself a fork of Bambu’s slicer) reimplemented or reused the cloud connector interface and spoofed the official User-Agent to regain cloud-mediated “local print” features after recent firmware/auth changes.
  • Bambu responded with legal threats and framing this as “impersonation” and a security issue; many commenters see this as bullying an OSS dev rather than fixing their own auth design.

Open source licensing and legal angles

  • Several argue Bambu is violating the spirit or letter of AGPL by:
    • Using a closed plugin tightly coupled to AGPL code.
    • Discouraging or threatening modification and use of their own AGPL’d client.
  • Others counter that:
    • AGPL covers the client code, not the right to access Bambu’s servers.
    • A user agreement can still restrict which clients may use the cloud.
  • There’s debate over whether UA-based “authorization” and bypassing it could trigger CFAA/“unauthorized access,” with no clear consensus.

Privacy, security, and state-actor worries

  • Many are uneasy that prints and control commands can flow through Bambu’s cloud, especially for professional or sensitive work.
  • Some suspect Chinese state pressure or data-mining (e.g., drone parts, IP leakage), others call this speculative or conspiracy-tinged.
  • Even critics note that LAN and SD-card modes exist, but newer firmware intertwines auth with the cloud and “developer mode,” weakening local-only stories.

User experience and alternatives

  • Bambu hardware is widely praised: “just works,” fast, high quality; often compared to the “iPhone of 3D printers.”
  • Several say this ease is why they bought Bambu despite misgivings; others now vow never to buy from them or to keep existing machines but not upgrade.
  • Alternatives discussed include Prusa (more open, more expensive, now with its own more restrictive hardware license), Qidi, Elegoo Centauri Carbon, Creality K-series, Anycubic Kobra, Voron/toolchangers, Snapmaker, and others, each with trade-offs in openness, reliability, and price.

Remote printing, fire risk, and cloud-first IoT

  • Strong split on unattended/remote printing: some do it routinely, others consider it reckless due to fire risk and insurance concerns.
  • Broader frustration with “cloud-first” IoT: centralized services become chokepoints, enable lock-in, and can be changed post-sale, yet they’re often the only way non-technical users get remote access working.