Reports on the comp.periphs.printers Usenet newsgroup claim that Lexmark has been planting spyware on its customers’ PCs in the form of undocumented software that monitors the use of its printers and silently reports back to a Lexmark-owned company Web site.
Lexmark accused of installing spyware
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
of learning software phones home for “anonymous surveying” ? I don’t mind sending anonymous information, but I like to be asked to allow it first.
What’s frightening, to me, is that if Lexmark could pull that stunt, any other company could, you just name them, and not just for printers.
*closely watches his HP printer…*
Big Brother is doubleplusungood.
parently it`s much Lexmark printers out there.. site is swapped so no reply even, or they trying to cover up…
I thought everyone knew.
I haven’t had much luck getting Lexmark printers working on Linux.
Lexmark sucks.
Monitoring private information like printing behaviour is only a small part of the unfair tricks Lexmark does.
The cartridges sold with their cheap printer-like GDI devices (called “printers”) are only half filled, although Lexmark claims they are normal cartridges.
The cartridges for their Z series non-printers (and other models, too) contain a chip which detects when the cartridge is emtpy, to prevent you from simply refilling your cartridges. Also, Lexmark non-printers refuse to take replacement cartidges from other manufacturers.
So, this news changes nothing. Lexmark should be on everybody’s boycott list, and they will stay there.
Makes me wonder about all those masked Dell printers too.
They certainly smell like a Lexmark.
This company has a history of these sort of shennanigans.
For instance the drivers for the Z series printers that are not installed, even after running the Lexmark uninstaller. Removing these things is like performing an exorcism.
Lexmark has proven time and time again that they do not deserve our money.
If I were to break into machines belonging to some corporation and install software that monitors and send me back info, they call it hacking. If a corporation does the same thing to my machine, they call it ‘collecting aggrogate data.’ Why is there no justice here? I hear Logitech is guilty of the same crimes. I know that some companies install spyware as part of ‘freeware’ programs, but it’s even worse when you’re paying for the damn hardware and they’re still doing it. Reminds me of paying $8.50 for a movie and then having to sit through 10-15 minutes of commercials before the movie starts – it’s just insane.
I made the mistake of buying a Lexmark all-in-one that was on sale. The box stated it supported OS X 10.2.3 and up. Since I had 10.3.5, I figured I was good. Nope, they only support to 10.3.2. Anyone who did regular OS updates was screwed. The tech support was very unhelpful (in addition of being unintelligible, in India I suppose), telling me I should buy a new computer to use their $50 printer. Story ending, returned it and bought a Canon.
This is not Lexmark’s problem, it is Apple’s. It is a well-known problem with the OSX printing (and other) APIs breaking compatibility from version to version (even minor versions). It has been outlined by many people, especially by hardware manufacturers who now refuse to support OSX just because the APIs break so fast (e.g. Samsung). Hardware manufacturers and driver writers need a stable API, that’s the strength of Microsoft and that’s something that Apple hasn’t managed to deliver yet: API/ABI stability.
I have written about this a number of times too, and it is a constant fear if you are using third party hardware. My husband doesn’t let me upgrade the PowerMac anymore from fear that his 2 printers and 2 pro scanners won’t work anymore. Especially after our PCI USB card stopped working only months after we purchased it last year, after an OSX upgrade that broke compatibility with that chip. I wrote to the manufacturer, and I even got up to the manager of the division (Taiwan and all :-). He said he was working with Apple on the matter, but he was conciously aware of the OSX API instability. The card is still not compatible today with latest OSXes, 1 year after Apple broke compatibility with it. We had to buy another one (with an NEC chipset) which currently works fine. We won’t be upgrading our OSX on that Mac, so we can keep compatibility with our hardware. The machine is used for photography work and not for fun anyway.
I agree..
Canon make very good printers.. I have one, works very well and is cheap.. The cartridges are also more cheaper than those of lexmark..
The design of their new printers is also better than those of lexmark.. Though, the new hp inkjet printers also look good
I got a Lexmark, but have to get a new printer. It’s Z11, doesn’t perform well in BSD/Linux. What manufacturer that can be trusted do you recommend? Thanks.
Isn’t CUPS a stable printing API?
I think this is more a problem of other special features of the printers rather than the drivers or the printing system..
Or not?
>Isn’t CUPS a stable printing API?
I don’t know if their port is. Besides, I am not sure it’s the CUPS part that keeps breaking, but surrounded libraries, kernel stuff etc. because many other devices break compatibility with new OSX versions, not just printing (however printing is the one happening the most).
It seems no one is reporting the fact that the software asks the user if they would like to participate, as well as there is the option in their software center to enable/disable the usage statistics. Thats more than most other spyware companys that I know of.
This isn’t a surprise. I used to be a rep for a third-party company selling Lexmarks about six years ago, and they were good printers back when they were trying to actually focus on competing. Since then they have become something altogether different, and their culture (like EA’s and others now) absolutely reeks to high heaven.
I had an Epson a few months ago, and like others I tried to use the cheap cartidges as you should be entitled to do. All was fine until I got internet access, and they failed to work properly producing poor prints. There was definitely some network activity going on when I installed new cartridges, but I couldn’t nail it down definitely as I went and bought an HP, now on a CUPS Linux server, printer instead.
If any of you have been worried about Trusted Computing and other such initiatives stopping freedom and piracy, it’s far, far worse than any of that. What it does is give companies an encrypted framework to get away with this stuff all the time without people knowing, and to ride roughshod right over any Data Protection laws. Be afraid – be very afraid.
Makes me wonder about all those masked Dell printers too. They certainly smell like a Lexmark.
They most certainly are.
AFAIK Dell purchased en-masse Lexmark technology, and the right to mfg it at will. that would certainly fit with their prior tight business methods, and they’re making *bank* off of it. I hope to god they dont do this, and i really doubt it. They have a lot to lose..
“of learning software phones home for “anonymous surveying” ? I don’t mind sending anonymous information, but I like to be asked to allow it first. ”
“If I were to break into machines belonging to some corporation and install software that monitors and send me back info, they call it hacking. If a corporation does the same thing to my machine, they call it ‘collecting aggrogate data.’ Why is there no justice here? I hear Logitech is guilty of the same crimes. I know that some companies install spyware as part of ‘freeware’ programs, but it’s even worse when you’re paying for the damn hardware and they’re still doing it. Reminds me of paying $8.50 for a movie and then having to sit through 10-15 minutes of commercials before the movie starts – it’s just insane.”
Are you familiar with the “Golden Rule”? Those who have all the gold, make all the rules. And for the record, no, I am not a fan of this particlar goldent rule.
Asking yes, stealing information, no:
Why should the consumer be an unwknowing bastion of marketing data. And for those who question theft, let me point out a few things.
1) Theft of processor time
2) Theft of bandwidth
3) Theft of data
4) Theft of system performance
All of these claims have been used in court before; however, its been on the other side of the court room. Now I am somewhat suspicious about the data being sent across the Net. A couple of questions:
1) Why was permission to install not asked?
2) Why is the data being sent w/out permission (stealth).
Has anyone ever put a sniffer on the line to capture the data being transmitted. I guess since its only usage information w/no personal information, then it should be transmitted in plain text, right?
This has me wondering if there’s a hardware printer a la hardware modem. Or printers cannot function without drivers?
Aren’t we all forgetting something? If this is true, then wouldn’t WinXP’s SP2 firewall pick it up in an instant? As soon as it would try to contact the website, wouldn’t the firewall popup asking you if you want to continue to allow such-and-such lexmark program to contact the “outside”?? Seems to me this would not hide any of these sort of programs very well on WinXP SP2 anymore (as long as the firewall is enabled that is…)
I am afraid you have the wrong firewall then, the WinXP SP2 firewall only stops incoming connections to your PC.
It does nothing to outgoing connections. It doesn’t tell you of any suspicious activity of the part of your PC.
Try Sygate Personnal Firewall, does the job both ways
You’re rather close, actually; you can’t have a printer that functions without *any* kind of driver at all, but yes, most cheap printers nowadays offload a lot of grunt work to the host computer, like softmodems. This is why writing Linux drivers for them is a bitch. The more expensive, business-oriented printers – high-end inkjets and medium to high-end lasers – don’t do this, all the drivers do is deal with transmitting the document data to the printer, which does all its own processing gruntwork.
This has me wondering if there’s a hardware printer a la hardware modem. Or printers cannot function without drivers?
All printers of course need a driver, just as all modems need software to work. The thing with modems is that all the sane ones share the same interface. There are a few standard printer languages as well, namely postscript and pcl. You will however find neither in the cheapass printers, as they actually make the printer do a lot of the work.
But printers don’t need a driver in the normal sense of the word, meaning they don’t need something loaded into the kernel, at least not to just get printing working. My crappy HP DeskJet 710C with its proprietary interface works in CUPS by piping the generated code through a filter (pnm2ppa) to turn it into PPA code, which the printer can understand. It also needs a description file (PPD, or Postscript Printer Definition, which is just a text file) to tell the client what the printers capabilities are. (color mode, paper size, resolution, etc.)
Well, it depends on what you mean by “driver”. If you have a printer that supports Postscript, you can just send a Postscript file to it, e.g. cat file.ps > /dev/lp0
Well, it depends on what you mean by “driver”. If you have a printer that supports Postscript, you can just send a Postscript file to it, e.g. cat file.ps > /dev/lp0
Also ISTR, if it is setup to use PCL by default, you can just send it raw PCL data (i.e. ascii text and escape codes).
im sitting with an hp laserjet 4050n at home, havent tried it with my Mandrake yet (suppose it works great), but im going to buy a home printer soon and connect to a Axis printserver or to my debian box.
you happy guy´s with working printer´s !
which ink & laser brand work great on OSS ?
regards from a sunny but cold Stockholm/Sweden
“If I were to break into machines belonging to some corporation and install software that monitors and send me back info, they call it hacking. If a corporation does the same thing to my machine, they call it ‘collecting aggrogate data.’ Why is there no justice here?”
Because people don’t complain about it. (Complain in the sense of really complaining or simply buying other hardware). Either they don’t know, or they don’t care.
“Are you familiar with the “Golden Rule”? Those who have all the gold, make all the rules.”
I don’t agree with this. Gold is only one factor, but publicity is another big one. Example: The Linux project doesn’t have the gold, but they do have some publicity, and they do have influence. Gaining publicity is in everyone’s reach in times of the internet. In other words, if you are annoyed by Lexmark’s policy, make it public.
I bet any true postscript printer will work like a charm on ANY operating system under the sun that supports even the basic printing. Even BeOS! They’re more expensive, but it’s so much cooler to have, add a network option here and you have a really cool machine. Solid-ink printers from Xerox are nice and much less expensive to have than crappy inkjets.
http://www.linuxprinting.org/vendors.html
They also have a Mac OS X section.
“This has me wondering if there’s a hardware printer a la hardware modem. Or printers cannot function without drivers?”
Postscript printers need no drivers. There is a PPD file, which you can manage without, but even this is a plain ASCII text file in Postscript, which works in any system.
Postscript printers cost more. The only reason there are printers without Postscript on the market is that buyers are cheapskates. Cheaper printers sell more even when they lack major features, or cost twice as much to run.
I would advise any reasonably serious computer user to stick to printers with Postscript built in. Your printer will then go on working for years, even when you change computer platforms.
HP scanner now requires not only IE to be installed but Windows Scripting Host enabled.
Which turns every carefully tuned for security system absolutely unsafe.
kaiwai: “The problem ISN’T the operating system but the printer and its software.”
A printer works perfectly with version x of the operating system (OS). The OS is then upgraded to version x.x and the printer no longer works. So, that’s the fault of the printer manufacturer? If the OS vendor gives advance notice of changes to the API, then fair enough, printer manufacturer’s will need to update their software. If no indication is given of a change in the API for a forthcoming OS release, then it’s definitely the OS vendor at fault.
It seems as though most people buy printers by waiting for the latest flyers in their mailbox, then rushing out to buy the cheapest one advertised. Maybe they’ll look at a couple of features, like the pages per minute or the dots per inch, but not much else.
It took my family weeks to find a decent printer because we decided to hunt down a manufacturer and model where they didn’t play games: it is a PostScript printer, so you can use the OS vendor’s printer drivers; no games with third party tones; and so forth.
If you buy the cheapest crap on the market because you are unwilling to do the footwork, you probably deserve what the manufacturer dishes out to you.
Lexmark is a horrible company, their printers are crap, I currently have a Lexmark printer on my desk, but only because I was popping keys out of my keyboard with a screwdriver a couple weeks ago and my ‘c’ key flipped up and into the printer. I’m hoping that it’ll crawl itself out of there soon so I can dump Lexmark.
For instance the drivers for the Z series printers that are not installed, even after running the Lexmark uninstaller.
Their drivers aren’t still installed after you run the uninstaller? Well, d’uh. That’s how it’s *supposed* to work.
If I were to break into machines belonging to some corporation and install software that monitors and send me back info, they call it hacking. If a corporation does the same thing to my machine, they call it ‘collecting aggrogate data.’ Why is there no justice here?
Big difference. You are opening a package, inserting a CD in to your computer and clicking “I Agree”. Lexmark isn’t breaking into your system and installing this while you are asleep or not looking.
Its sucks man and everybody is joining the party it seems. *shoots self*
If any of you have been worried about Trusted Computing and other such initiatives stopping freedom and piracy, it’s far, far worse than any of that. What it does is give companies an encrypted framework to get away with this stuff all the time without people knowing, and to ride roughshod right over any Data Protection laws. Be afraid – be very afraid.
You and me rarely have anything we agree on but amen brother. You hit the nail on the head.
Does anyone have any evidence of this “phoning home” ? can they tell me what to look out for?
Also, does anyone have a copy of the Lexmark Printer Driver EULA, so we can check for “hidden consent” in it?
Has anyone installed a Lexmark printer, and seen a screen asking them to consent to this “phoning home” ?
Please enlighten me.
>>I currently have a Lexmark printer on my desk, but only because I was popping keys out of my keyboard with a screwdriver a couple weeks ago and my ‘c’ key flipped up and into the printer. I’m hoping that it’ll crawl itself out of there soon so I can dump Lexmark.<<
Why don’t your expertise with that screwdriver on the printer to get the “c” key out. Better yet how about a hammer.
“I haven’t had much luck getting Lexmark printers working on Linux.
Lexmark sucks.”
Why? Because they dont work on Linux? So does that mean that anything that doesnt work on Linux sucks as well?
The general rules of thumb for printing in Linux go like this:
1) Don’t get Lexmark.
2) Canon makes wonderful printers, but offers near zero Linux support. Hence, Linux drivers likely don’t exist. The secret to run Canon on Linux is Turboprint. If they support your printer (and they support a lot of Canon), you will get top quality, but you will have to pay to unlock the best quality mode.
3) Epson support isn’t bad.
4) HP has the best Linux support, except for those “freebies” that get bundled with computer systems. These are not made by HP. For cheap printing, get an HP Laserjet. If you get a Deskjet, be sure to use draft mode as the default. Text will still look good, and you will save a lot of money over time.
5) Don’t get Lexmark.
I was considering getting an elcheapo (30 euro) lexmark printer because my HP DeskJet bit the dust – I think I’ll just live without colour and fall back to my LaserJet 6MP thats been doing Postscript and PCL for me for years…
alright, most cheap printers don’t have HW Postscript support since they necessitate of a host machine doing all the job of reading page data and sending color nozzle commands (for the CMYK printing head)
Hence they can actually be labeled as “winprinters” since the memory resident stuff they rely on, is often only available for the Windows series of OS’s, with little or no supprt for alternative operating systems (namely, linux)…
But, to get color prints at medium-to-high resolution on photographic (glossy) paper, are there any viable alternatives in the postscript world?
Why? Because they dont work on Linux? So does that mean that anything that doesnt work on Linux sucks as well?
No, because they don’t work on ANY other Operating systems, and there is also a lot of trouble om Windows (lots of people have problems with Windows Update and applications ceasing to work).
Also, GDI printers steal your CPU. And they are very expensive in operation.
And if you still think just because you’ve got Windows and you can continue to use el cheapo “printers”, it’s your own fault.
For those that haven’t already, you can view the original article & thread in comp.periphs.printers (note that there is also a separate thread from the same originating article in misc.consumers, since it was cross-posted):
http://groups.google.com/groups?hl=en&lr=&threadm=Xns95A0A0F59C631r…
In theory, everyone should be able to read and understand software license agreements; in practice, it doesn’t work that way. While it may be legal to “bury” details of installed spyware in the middle of a long-winded license agreement, and while it may be reasonable to say that those who pay lip service to the license agreements on their software deserve what they get, I regard such a tactic as proof of bad faith on behalf of the vendor. If Lexmark are engaged in this, I won’t be considering their products at all.
We’ll need to wait for conclusive results, though; there’s no actual proof presented in the article that Lexmark’s printer software is doing this, and their silence cannot be construed as an admission, given the circumstances. But people will be watching now…
LexBceS.exe Windows/System 98SE
It tries to run every month or so but I catch it with Outpost.
Lexmark Z51
Its actually a great printer and runs on my OS/2 system, which is where I actually originally found out about it as it showed up in the server’s logs.
i have an lexmark laserprinter with linux. but im running it with cups and native pcl5e driver. there no reason to mess u my system with 64mb lexmark stuff just for having a second print system.
Here is what L* is doing with your information: http://www.lraiser.com/
“Daily, weekly and monthly charts are now available and eventually we will add annual charts.”
This is a story about data collecting by L* from the L* itself: http://www.linspire.com/lindows_michaelsminutes_archives.php?id=137
Wait! Wrong L*! Sorry, posted to the wrong place. When Linux distro does it, no one should complain.
“What’s frightening, to me, is that if Lexmark could pull that stunt, any other company could, you just name them, and not just for printers.”
Yes, it is scary…
What a cheap attempt to advert for Lindows. Article heading is Lexmark, body of article refers repeatedly to Lexmark, yet links posted either contain linspire or the page uses logo of Lindows. Michael Roberts has chutzpah out the wazoo and needs NO help from a driveby advert here.
I have several friends that work for one of those little taiwanese computer accessory companies here in Southern California. They said that their company was arguing internally over whether or not they should start including “tracking and monitoring” software in their drivers. They said that Lexmark and several other competing companies do the same thing…
If you have a two-way firewall on your windows computer, it’s amazing to see how many of the programs and drivers you install try to send information back out over the Internet.
I know for a fact that Canon does this also. Bloody thing installed “Double-Click” (spyware) when I installed the software for the Printer Dock!
It was this kind of s**t that finally made me switch to Linux. There’s no real way of safely browsing the Internet on Windows. You either lock it down to the point where the Internet is unusable, or you get tonnes of spyware. And now that “reputable” companies are bundling spyware, what chance do you have?
I would just like say that I would never-again buy Lexmark products. They sort-of remind me of a certain Redmond-based software vendor that wants to lock you in to buying only their products. Lexmark does the same. No 3rd party consumables available. End of story. And their pricing is ridiculous. You pay the same for a printer with ink, as for ink alone.
I would say go for HP or some other decent player.
BTW. I’m using a Canon, HPs are just a tad too expensive for me.
Heh, it’s amusing how completely Egon missed your point.
Actually, when Lin*cough*spire*cough* released that data, I distinctly remember quite a few complaints about them gathering it, some of which were made here.