[HN Gopher] Ask HN: Brother printers sending ink data to Amazon?
___________________________________________________________________
Ask HN: Brother printers sending ink data to Amazon?
A most unusual thing. Every once in a while I get an email from
Amazon that it's time to re-order Brother ink. I always delete
these because I rarely print, but also figure it's just Amazon
reminding me to buy something. Today I decided to opt
out/unsubscribe once and for all. Instead I see this at the bottom
of the email: "Click here to view or manage settings, including
the option to opt out if you are already using another
replenishment service. This took me to https://drs-
web.amazon.com/settings "The data shown is based on estimated
consumption reported by smart devices and orders you place through
Amazon." Here it had a link to "Consumption history" which upon
clicking showed me the ink levels of my Brother printer for the
past _two weeks_. Date and time. WTF?! It is not apparent that I
can disable this function. Can anyone else duplicate? _Update_ :
This is part of Alexa it seems, and folded in to the Dash
replenishment protocol; note I have never had a Dash button.
Amazon's instructions for this were not very helpful. https://www.
amazon.com/gp/help/customer/display.html?nodeId=201357520 Some
digging revealed a Brother help document: https://help.brother-
usa.com/app/answers/detail/a_id/172810/~/cancel-
enrollment-%28amazon-smart-reorders%29 This bothers me quite a
lot. I never authorized, opted in, or gave either device permission
to connect, let alone Amazon to monitor and nag me about it!
Model: Brother MFC-J485DW Purchased from: Best Buy, an American
retailer, after July of 2019. Firmware: N1901041316
Author : Ajay-p
Score : 59 points
Date : 2023-10-09 21:19 UTC (1 hours ago)
| orev wrote:
| If you have the printer on your network, and any Amazon device on
| your network, the Amazon device could easily query the printer
| for ink levels. My Home Assistant does this and I never connected
| HA to the printer. It's just part of the status information the
| printer seems to make available on the network.
|
| It's not surprising to me that Amazon would do this using one of
| their devices, as everyone seems to be grabbing as much data as
| they can. It's probably described in the T&Cs somewhere (that
| they can scan your network and use data from it).
| RIMR wrote:
| Time to learn everything they scan for, and set up a honeypot
| that makes people's Amazon devices fill with dummy devices.
| Ajay-p wrote:
| _It's probably described in the T &Cs somewhere_
|
| Which.. I never read but I concur with your theory.
| wepple wrote:
| Whilst it might be in the T&Cs somewhere, it's the not-good
| variety of surprise that a company should really try to avoid.
|
| I don't have Alexa devices on my network, and I'm glad. I do
| have other vendor smart things, and I'd absolutely expect a
| notification if they were going to be poking around at my other
| devices to send information off to a company for _their_
| benefit.
|
| Poor play, Amazon
| kxrm wrote:
| This is why IoT devices on my network get their own subnet and
| they are blocked from communicating with anything but what I
| allow them to communicate with, including the Internet.
|
| Also I want to make it clear, it shouldn't have to be this way.
| Devices should be transparent about how they function, but
| sadly they are not.
| mnd999 wrote:
| If you cared about privacy you won't have an Alexa device in your
| house.
| briHass wrote:
| Amazon does the same thing if you link a Samsung Smartthings hub
| and those little sensors have a low battery.
|
| This is basically the 'promise' of all this smart home junk: your
| fridge automatically adds milk to your Amazon cart when it scans
| the contents and sees the level is low. A dubious convenience for
| users, but an excellent way for companies to ensure you keep
| buying things from them.
| trvr wrote:
| This reddit post from 3 years ago suggests that Amazon is using
| SNMP to monitor your local network printers.
|
| Put your Amazon devices in an isolated "IOT" network if possible.
|
| https://www.reddit.com/r/amazonecho/comments/ip5i1c/alexa_no...
| Ajay-p wrote:
| That is an excellent idea, thank you! I have some micro routers
| that I can use.
| WirelessGigabit wrote:
| That should be the solution for everything but unfortunately
| I'm dealing with containers that advertise their IP via
| Bonjour (or whatever the new thing is). But since they run in
| a container they get their 172.19.0.0/24 IP, so they
| broadcast the wrong one.
|
| Then there is the issue of certain devices only accepting
| things like HomeKit via a barcode and/or discovery, and not
| via IP addresses.
|
| If I could just do IP addresses it would be so much more easy
| to cordon off things. IPs can talk across networks with ease,
| no hacks required, but at least I control it.
|
| Inside of a network it's very hard to selectively allow /
| deny traffic.
| trvr wrote:
| What model(s) of Alexa devices do you have, if you don't mind
| sharing?
| trvr wrote:
| You could also try changing the "SNMP Community String" on
| your Brother printer and see if your "consumption history"
| stops.
|
| https://help.brother-
| usa.com/app/answers/detail/a_id/164663/...
| pengaru wrote:
| You backdoored your own network by putting an Alexa on it. I
| wouldn't be surprised if Ring cameras pulled the same shit.
|
| If you really must have this trash on your lan, you have to
| isolate it at the network level.
| WarOnPrivacy wrote:
| What model printer?
| Ajay-p wrote:
| Sorry, just added it. Brother MFC-J485DW
| WarOnPrivacy wrote:
| What year was it manufactured? Manuals seem to be from 2016.
| That's a bit earlier than I'd expect this kind of behavior
| (not conclusive of anything. Just an observation).
|
| Do you have a firmware date?
| Ajay-p wrote:
| Current firmware is N1901041316
|
| I do not have a manufacturer date but it would have been
| purchased in 2019 or later.
| koyote wrote:
| I've recently changed my home network to ensure all IoT devices
| are on their own VLAN where they can't talk to each-other and
| only have access to the internet.
|
| I see my paranoia was not unwarranted.
|
| That being said, if I had a network printer, I would've connected
| it to yet another VLAN I have set up which does not even have
| access to the internet.
|
| Setting all this up required quite a bit of time, effort and
| networking/firewall knowledge. I wonder if there's a market for
| providing such capabilities out of the box for the less tech-
| inclined privacy-conscious consumers.
| qingcharles wrote:
| I for one would pay for such a thing. I hate spending hours
| tinkering with network/firewall rules. It's dull as hell and a
| huge time sink to get everything right. And I have three
| decades of Linux knowledge. How is man-on-the-street supposed
| to do any of this stuff? :(
| OJFord wrote:
| How has it linked with your Amazon account then? Just because you
| bought the printer from Amazon? (As they do with their own
| devices, e.g. Fire TV Sticks, of course.)
| Ajay-p wrote:
| The printer was purchased at a store called Best Buy.
|
| The only interaction that it has ever had with my Amazon
| account was that I ordered a single purchase of replacement ink
| cartridges. The idea of it monitoring their status is abhorrent
| to me and I don't think I would have ever opted in for such
| thing. Perhaps there was something requiring me to opt out, but
| ...it was not apparent.
|
| When my Alexa searched for devices connected to my network, it
| must have noted this printer, then compared it to the fact I
| ordered ink for it, and _just to be extra helpful_ decided to
| monitor its levels for me. I can think of no other way...
| RockRobotRock wrote:
| Maybe Amazon tags the serial number of the cartridge and
| correlates it to your printer with the data Brother gives
| them. Fucking crazy.
| [deleted]
| Brian_K_White wrote:
| I would not rule out some connection via the credit/debit
| card, like how every shop now emails you even though you
| never gave them your email.
| QuinnyPig wrote:
| This is deeply disturbing.
| xfitm3 wrote:
| I get an error on https://drs-web.amazon.com/settings - has it
| been taken down? I also have a Brother printer, which I bought
| from Amazon.
| Ajay-p wrote:
| _removes glasses_... MOG... That is INTERESTING.
|
| Here is an image of the email I received
|
| https://imgur.com/a/fhvZlsd
|
| and the current status of the web page:
|
| https://imgur.com/jkTD4Xp
|
| I am speechless. This link brought up a narrow page of blue. Is
| there any way to recover that? Firefox browser. I would love to
| capture that .. oh I kick myself now for not grabbing a SS.
| greyface- wrote:
| "You are receiving this message because you connected your
| Brother MFC-J485DW to Alexa on 5/4/21"
|
| What happened on 5/4/21? You say you bought the printer after
| July 2019, so it probably wasn't the printer purchase date.
| Does that line up with the date you bought or installed an
| ink cartridge from Amazon, or set up Alexa?
| qingcharles wrote:
| When you found that page originally you must have either got
| there from a POST from another page, or a prior page set a
| cookie which this page gobbled.
| crazygringo wrote:
| The feature seems perfectly fine for those who want it, but the
| idea that you never opted in is troubling.
|
| So the question is, how did your printer get linked to your
| Amazon account?
|
| Possibilities:
|
| 1) You registered your printer with Brother (possibly when
| setting up wireless or cloud services) and put in your email
| address which is also the one associated with Amazon. Did you opt
| in without realizing (via a dark pattern? hidden in TOS?)? Or did
| they opt you in without any consent at all?
|
| 2) You bought the printer from Amazon and they already knew the
| printer serial number (common with certain electronics brands)
| and that's how it got associated. Perhaps there's a notice on the
| add-to-cart or checkout page that you'll be enrolled, or an opt-
| in checkbox? Or maybe it is without consent?
| Ajay-p wrote:
| See my other comment on this. I did not register it with
| Brother, and have no account with Brother. Given this is
| Amazon, I cannot help but feel pessimistic that this was done
| without consent.
| crazygringo wrote:
| Ah ha, it turns out there's a third option -- Alexa
| automatically finds printers on your network and checks their
| ink levels:
|
| https://www.amazon.com/b?ie=UTF8&node=19820259011
|
| So it doesn't seem to have anything to do specifically with
| Brother at all.
|
| Mystery solved. It's an Alexa feature ("feature").
|
| So feel free to be angry at Amazon, but it's not Brother
| doing anything wrong. It's just reporting ink levels to
| anybody on your local network who asks, just like every other
| printer.
|
| You might want to change your headline since it accuses
| Brother rather than Amazon.
| RajT88 wrote:
| You can turn this off in the Alexa app. I went looking for
| it after reading that page.
|
| It's under Settings > Device Discovery (near the bottom of
| the settings). It's on by default of course.
___________________________________________________________________
(page generated 2023-10-09 23:01 UTC)