HP printer small print says kit phones home data on whatever you print – and then some

Security engineer actually reads privacy policy to his horror


Hewlett-Packard Inc's printers don't just slurp the contents of your wallet at a frightening rate. They also guzzle a surprising amount of data on you and whatever you're printing.

Security engineer Rob Heaton discovered exactly how much slurpage HP is engaging in after his in-laws asked him to set up their new home printer. Instead of doing what the rest of us would do and clicking past everything until it started working, Heaton read each and every step along the way.

"After I had finished removing pieces of cardboard and blue tape from the various drawers of the machine, I noticed that the final step required the downloading of an app of some sort onto a phone or computer. This set off my crapware detector," he blogged.

"Of course, in reality it was a way to try and get people to sign up for expensive ink subscriptions and/or hand over their email addresses," he sniffed, pointedly adding that this was "a shame, but not unexpected."

Most unexpected of all, however, was the sheer volume of data slurped by one's home printer. Pointing to HP's own privacy policy (as archived here lest they change it in future), Heaton said that by agreeing to HP's "automatic data collection" settings, you allow the company to acquire:

... product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies...

... information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product...

The privacy policy does state: "We do not scan or collect the content of any file or information that might be displayed by an application." However, multi-function corporate printers store copies of printed documents on internal storage media, as was brought to public attention nearly a decade ago.

Although all of the data slurpage is laid out in the legal agreements presented to consumers, Heaton told The Register he hadn't sniffed what his in-laws' printer was beaming back to base.

A few years ago, HP deployed a software update that prevented its printers from functioning with cheaper third-party ink cartridges, something that would end up costing it a few million dollars in legal settlements. More recently, the company has split with its EMEA president as its sales in the region continue their relentless slip downwards – causing its share rating to be downgraded by a Wall Street analyst firm.

HP has been asked to comment and we will update this article if we hear back from them. ®

Similar topics

Narrower topics


Other stories you might like

  • It's 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017
    Crafty file names, encrypted malicious code, Office flaws – ah, it's like the Before Times

    HP's cybersecurity folks have uncovered an email campaign that ticks all the boxes: messages with a PDF attached that embeds a Word document that upon opening infects the victim's Windows PC with malware by exploiting a four-year-old code-execution vulnerability in Microsoft Office.

    Booby-trapping a PDF with a malicious Word document goes against the norm of the past 10 years, according to the HP Wolf Security researchers. For a decade, miscreants have preferred Office file formats, such as Word and Excel, to deliver malicious code rather than PDFs, as users are more used to getting and opening .docx and .xlsx files. About 45 percent of malware stopped by HP's threat intelligence team in the first quarter of the year leveraged Office formats.

    "The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures," Patrick Schläpfer, malware analyst at HP, explained in a write-up, adding that in this latest campaign, "the malware arrived in a PDF document – a format attackers less commonly use to infect PCs."

    Continue reading
  • Warren Buffett's Berkshire Hathaway buys 11.4% stake in HP
    Even notoriously tech averse stock market gambler can't resist piece of pandemic-boosted PC extravaganza

    Warren Buffett's Berkshire Hathaway has taken up a double-digit stake in PC and print biz HP Inc's stock worth about $4.2 billion, a move that sent the company's share price up by 10 percent.

    The purchase, confirmed in a SEC filing by the investment vehicle on 6 April, saw roughly 121 million HP shares shift over to the new owner in what can be seen as a vote of confidence in the residual value of HP. This equates to a circa 11.4 percent ownership of the company.

    "Berkshire Hathaway is one of the world's most respected investors and we welcome them as an investor in HP," the world's largest printer and second largest PC brand said.

    Continue reading
  • HP bets big on future of hybrid work with $3.3bn Poly buy
    Plantronics and Polycom have a new parent company

    HP Inc sees the future of its business as one supporting a workforce partially based at home and partially in the office, and appears to have bought office telecom giant Poly for that reason.

    Formerly known as Plantronics, Poly changed its name shortly after it acquired Polycom in 2018. HP didn't mention in its acquisition announcement whether or not it would keep the Poly brand separate, but it's still early: the deal is not expected to close until the end of the 2022 calendar year. 

    HP described the $3.3 billion purchase ($40 per share) as a bid to refocus its portfolio on growth and take advantage of what it said is a massive growth opportunity due to the likely permanence of hybrid work. 

    Continue reading

Biting the hand that feeds IT © 1998–2022