Are Your Peripherals Monitoring You?

An anonymous reader writes " Engadget is reporting that 'Lexmark, makers of printers and scanners, has been caught monitoring users' printer, scanning, and ink cartridge usage.'" Newsgroup comp.periphs.printers readers noticed the software; the Engadget report says that "Lexmark say they're just tracking printer and cartridge usage, but the registration information and packets being sent say otherwise."

Newer print drivers only?

[Anonymous Coward]

I have a Lexmark Optra E+ laser printer. It's several years old. I'm very happy with it as a printer.

I don't see any c:\program_files\lexmark500 directory even though I have the print driver, downloaded from lexmark.com, installed.

I've added the following to my hosts file just in case.

0.0.0.0 www.lxkcc1.com

Usenet post

[nstrom]

Original usenet post from comp.periphs.printers on Google Groups here [google.com], or here [google.com] for a news: link.

Sites to block

[Anonymous Coward]

lxkcc1.lexmark.com
www.lxkcc1.com
lxkcc1.com
ww w.lxkcc2.com
lxkcc2.com

ips
192.146.101.0 - 192.146.101.255

Re:printing ripoff

[Helix150]

I recommend the canon multipass series... I have a MP730, its a combo printer/scanner (w/ feeder)/fax/copier, very nice machine. A bit expensive ($300) but IMHO well worth it. The Canon ink tanks are clear so you can see the ink inside them, and there are no chips on them. The printer measures the ink level by shining a light through the tank. They are quite easy to refill, and LaserMonks [lasermonks.com] has replacement tanks for IIRC about $5 each. Replacement official tanks are about $7 each. Four colors, CMYK.

Re:printing ripoff

[Lisandro]

Get an used (old model) HP Laserjet. They can be found at reasonable prices, with service and replacement parts still available, and it's toner lasts forever. The printer will too, they are some of the most relaiable printers ever built. Too bad HP has been going down the crapper lately.
Laser printers are expensive at a first glance, but the price per page is a fraction of a inkjet. It's overall a much better value.

Still, if you want a cheap one, try the newer Cannon inkjets. You'll still be forced to buy overpriced, half-filled ink tanks, but they work as expected, the printing heads don't clog and the print quality is top notch (for an inkjet). I have a Cannon S1000 at work that has been working perfectly for almost two years now. I wish i could say the same about Epson printers.

Re:printing ripoff

[jridley]

I also recommend Canon printers. I have an i970. While not designed intentionally for refilling, it's about as good as it gets these days. As you say, the tanks are just clear plastic boxes with ink in them, refilling is a snap. I've previously refilled Epson and HP, and the Canon is by far the easiest. After refilling Epson/HP, you have to let the ink settle overnight to eliminate bubbles, and do a lot of fiddling to get it printing right. I've refilled my Canon tanks about 15 times so far and haven't had to even do a nozzle cleaning pass once. The printer does automatically do a nozzle clean if it hasn't for a while during idle time after a print job.

The i970 is a 6 color printer, FWIW. Photo printing is quite nice.

Re:Posible reason

[northcat]

No this dates WAY back - to 2001 google groups [google.com]

Re:Didn't the users agree to this monitoring?

[jdreed1024]

This may be another example of people just hitting "AGREE" (effectively signing) without actually reading the EULA (a legally binding agrement).

Legally binding? I don't think so. EULAs have questionable legal status at best (I'm sure some lawyer could argue for the fact that the fact that the EULA is not printed on the box and the fact that some say "If you do not agree, you cannot install this software" could very well amount to coercion or something. EULAs have never been tested in court.

I would love to see a EULA with some seemingly innocuous yet annoying clause such as "By agreeing to this license, you give everyone the right to call you 'butthead' for the rest of your life." and then have that tested in court. Ideally, there would be one of two outcomes: EULAs become illega or software vendors are legally obligated to accepted returned opened software if the user did not agree to the EULA. (Which means many software vendors would stop stocking software with crap EULAs, and maybe the software industry would get a wake-up call.

And the older crowd here will remember that EULAs didn't always used to suck. They used to be printed in fine print on envelopes containing the CD or floppies, and said in big letters "If you open this envelope, you agree to the license". Which is much better, because if you didn't agree to the license, you could take the software back and if the diskettes were unopened, the place would almost always accept returns.

Re:Please clarify

[surprise_audit]

The concern is that, if you fill out the printer registration card with name, address, phone number and serial number and if the spyware sends the printer serial number along with the other information, then they can tie cartridge usage to a particular name/address record, along with the IP it came from.

Which immediately suggests a course of action to "poison" the information pool - register as Darl McBride and start copying something illegal...

Re:Didn't the users agree to this monitoring?

[the_brat_king]

Better than that, when I had a retail shop a few years back, we had some QXPress and MS Software CDs, on the jewel case it said "By opening this case you agree to the enclosed license agreement"

Within seconds of blocking it in my firewall ...

[sho-gun]

Nov/13/2004 09:48:08 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:48:00 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:56 Drop TCP Packet From LAN 192.168.0.2:1654 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:41 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:34 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block
Nov/13/2004 09:47:30 Drop TCP Packet From LAN 192.168.0.2:1502 192.146.101.142:80 Rule: Lexmark Block

and I wonder just how often its trying to phone home.

What about Macintosh Drivers

[goombah99]

Since on Macs you frequently dont have to install a driver to use a printer I wonder if macs have this Issue with the pre-installed drivers.

on a related topic, I was disaapointed how crappy the drivers for mac have be come with HP mulit-function printers. They are really unstable and unfreindly to mulit-user mode. I wish I could use it without the driver.

Re:ZoneAlarm

[ImaLamer]

I've got a Lexmark Z705 on Windows XP with Sygate Personal Firewall.

After installing the printer I noticed the process "LEXPPS.EXE" trying to broadcast and do everything to get onto the network first then the Internet second. I simply don't allow it access because at the time I had a wireless hookup (with no WEP key) and was afraid that someone might try printing to my printer.

Even with that process blocked I could still print "over the network" so it wasn't even an issue and nothing has "broke" since then...

By the way, the process listens on 1026.

Re:printing ripoff

[whovian]

I've used a LaserJet 4 Plus at home for c.2 years now. The gods alone know how many pages it had printed

Actually if you force the printer into test mode, it will print one or two test/info pages, and the page count will be on printed on one of those. Though it may be the page count since the toner cartridge was last (re)installed.

Does no one else check for drivers *first*?

[pla]

When considering the purchase of new hardware, I start by picking something with support already built into my OS. With Linux, this often means the difference between it working or not. With Windows, this means the difference between having to run a dozen tiny third party apps that appear to do nothing at all (beyond take up memory, disk space, and as per this topic, spy on my activities).

It really amazes me when I go to help someone with their PC, and I see a list of startups dozens of entries long. When I see a system tray that stretches halfway across the screen. When their process list requires scrolling down for three pages to see them all.


For a good default policy, when you buy new hardware, throw away any software it came with. You don't need it.

Printers? They all speak PCL or PS (unless you very unwisely bought one that does not, which goes back to "check for driver support first"). End of story.

Scanners? Okay, once upon a time, these could take some work to get up and running. But anything less than five years old (and if older, you can get a better quality replacement literally for around $20)? Free hint - Plug it in, open MS Paint, and check out the "from scanner or camera" menu. Simply amazing, eh? Everything you need to scan, already built in.

Cameras? I had two of my users actually install the software for new cameras we got just this past week. Do you have any idea what a pain it took to remove that software, when they discovered that not only did they not need it, but they couldn't use it due to some vague, irregularly-reproduceable conflict with other software they actually do require? Anyway, point of story - After removing every last trace of Kodak's crappy software (including a very large application, a boot-time driver, and a service! Ack!), I demonstrated to my users that they just need to connect the USB cable and turn the camera on. Poof, all their pictures appear under "My Computer" as a removeable drive named similarly to their camera's model.

How about video cards? Okay, no argument that you would do well to run the newest actual video driver from the manufacturer, but do you have any idea how many people I've see that also have 3Dfx's task manager, NVcpl and Nwiz, or ATi's set of up to half a dozen useless crapware blobs, all loading at startup (I won't even go into startups such as MS Messenger, Office startup, Quicktime, and all the rest that suck memory at the whopping "savings" of 5 seconds the first time you run the relevant program)? Sad. Truly sad, that people let such software steal their memory and CPU cycles.

Okay, I'll grant that more exotic hardware may well require third party support. But that quite simply does not apply to 99% of machines out there.


So I suppose the moral of all this, to stay on-topic... Why do people install Lexmark's own drivers in the first place? Don't ! Use the built-in drivers, and you can get all the same functionality without the spyware or the bloatware.

Not to imply that Microsoft doesn't pull similar crap as Lexmark (time.windows.com, anyone? Which if you run your own NTP server, you will notice does not speak plain ol' NTP). But just because one company likes riding us bareback doesn't mean we need to spread for the rest.

Re:HP Printers?

[beyond_the_blue]

Any moderately current HP printer or multifunction device has the same kind of monitoring software. There was a number of executables and services that would install right after the printer finished Plug-n-Playing, one of which is called HPScout, or something like that. That application monitors ink useage and printer stats just like the Lexmark app. I can't tell you what information was sent: I wasn't privy to that. I can, however, tell you that I had to disable that app along with a few others that get installed automatically to keep the amount of system resources that the printer was using down to a reasonable level. Also, I worked for the Windows side of support, so I can't tell you what it looks like on the Mac side.

Article doesn't say packets were sniffed

[handy_vandal]

Not clear what they are monitoring?
What am I missing? Couldn't somebody just install the program and sniff the information out of the packets?

What's confusing is that the original post:

Engadget report says that "Lexmark say they're just tracking printer and cartridge usage, but the registration information and packets being sent say otherwise."

Wrong: the Engadget report doesn't say that the packets being sent say otherwise -- there's no reference to packet sniffing:

The newsgroup posting claims that the program, found on the X5250 installation software, embeds itself in the registry and monitors the use of the printer through DLL files in the c:\program_files\lexmark500 folder.

The program sends the information, which includes print and scanning data, to the URL www.lxkcc1.com. According to the internet Whois database, this domain name belongs to Lexmark International in Kentucky.

As you suggest, packet sniffing is the next thing to do.

-kgj

HP

[lateralus_1024]

I worked at hewlett-packard's All in One division and we wrote software that did the same exact thing and sent the data back to HP over http.
This software would be installed within the gigantic 120MB setup file. Somewhere deep in the EULA is a sentence about HP being able to process user activity data.

Re:Not clear?

[1u3hr]

Not clear what they are monitoring? What am I missing? Couldn't somebody just install the program and sniff the information out of the packets?

Yes, but nobody has yet. I read this [google.com] on the newsgroup last week; the two articles in the Slashdot "summary" obviously haven't investigated it beyond quoting these articles.

The news posting in full is:

From: Commander (Commander_rn1@yahoo.com)
Subject: Lexmark Printer Users Beware of Spyware
Newsgroups: misc.consumers, comp.periphs.printers
Date: 2004-11-09 08:17:25 PST

Yes, Lexmark is now in the Spyware business!

Just the other day I purchased a new Lexmark X5250 All-in-one printer.
I installed it as per the instructions and monitored the install with
Norton as I do with all new software.

On reviewing the install log I noticed a program called Lx_CATS had
been placed in the c:\program files directory. I investigated and
found a data log and an initialisation file called Lx_CATS.ini.
Further investigation of this file showed that Lexmark had, without my
permission, loaded a Trojan backdoor on to my computer. Furthermore,
it is embedded into the system registry, so average users would likely
never know it was there and active.

This Lexmark Trojan was programmed to monitor my use of the printer by
way of data collected from two DLLs in the c:\program files\lexmark500
folder. The Trojan would then send information on printer usage,
including types of print activity, scanning activity, OCR activity
etc., back to a hidden URL at 30 day intervals.

The URL, www.lxkcc1.com, is identified as being owned by Lexmark.

When I called and spoke with Lexmark support, they denied all
knowledge of any such program, and suggested I had somehow been
infected by a virus. When I challenged them with the facts, they
ultimately aknowleged that this was indeed activity tracking software
that reported printer and cartridge use back to them for "survey"
purposes. Lexmark said that "no personal data" was relayed by the
program, and that I could not be personally identified by it. However
- the program transmits the printer serial number, and when I
registered the warranty with Lexmark, they recorded my personal
information along with the serial number. How much effort does it take
to match the two?

I call it spying! I was not advised of this part of the installation,
nor was I asked to agree to be part of any such data gathering
activity. I see this as a breach of my privacy, and as deplorable
behaviour by Lexmark.

Lexmark users beware! But, they may not be the only ones stealing your
private information.

Re:Didn't the users agree to this monitoring?

[roger_ford]

Actually, as a legal conclusion this is far from true. Many academics have questioned whether "shrink wrap" type licenses are binding, but the court cases pretty unanimously hold them to be binding. See for example ProCD, Inc v Zeidenberg, 86 F3d 1447 (7th Cir 1996). [uconn.edu]

From Judge Easterbrook's opinion:

In Wisconsin, as elsewhere, a contract includes only the terms on which the parties have agreed. One cannot agree to hidden terms, the judge concluded. So far, so good--but one of the terms to which Zeidenberg agreed by purchasing the software is that the transaction was subject to a license. Zeidenberg's position therefore must be that the printed terms on the outside of a box are the parties' contract--except for printed terms that refer to or incorporate other terms. But why would Wisconsin fetter the parties' choice in this [*1451] way? Vendors can put the entire terms of a contract on the outside of a box only by using microscopic type, removing other information that buyers might find more useful (such as what the software does, and on which computers it works), or both. The "Read Me" file included with most software, describing system requirements and potential incompatibilities, may be equivalent to ten pages of type; warranties and license restrictions take still more space. Notice on the outside, terms on the inside, and a right to return the software for a refund if the terms are [**10] unacceptable (a right that the license expressly extends), may be a means of doing business valuable to buyers and sellers alike. See E. Allan Farnsworth, 1 Farnsworth on Contracts 4.26 (1990); Restatement (2d) of Contracts 211 comment a (1981) ("Standardization of agreements serves many of the same functions as standardization of goods and services; both are essential to a system of mass production and distribution. Scarce and costly time and skill can be devoted to a class of transactions rather than the details of individual transactions."). Doubtless a state could forbid the use of standard contracts in the software business, but we do not think that Wisconsin has done so.

(IAN[Y]AL)

Re:As every printer manufacturer...

[arivanov]

They are right that the head gets damaged - their head is not part of the cartridge. They are also right in the way they determine it. They mark it as empty if the level is low enough to allow the system to draw a bubble into the pipeline. I wish car manufacturers were so anal retentive - I know more then one person who have managed to kill their ignition systems (Fiat and some GMs) by running them dry. The thing I do not like is that on a system that is obviously designed for a refill, and used to be refillable (just look at a 1991 stylus) you have to swap a cartridge. Anyway, loads of pros and cons with one major pro in their favour - it actually works. You can forget Epson unused for half a year and you can still print on it (at least their laser printers). They are nasty like all printer manufacturers, but not as nasty as Lexmark, Canon or HP.