In a new blog post today, following the highly controversial announcement about the new Authorization Control System announced last week, Bambu Lab tries to clarify its stance and how it will work.
First, Bambu Lab denounces some accusations that the new firmware will brick printers, limit filaments to their brand, or require a subscription. We believe it’s clear that Bambu Lab misread most of the criticism here. Many of those accusations are actually that the new firmware is a first step towards more control from Bambu Lab rather than security.
Bambu Lab continues its blog post by announcing that, following the received feedback, they have decided to add a “developer mode,” which will leave the MQTT, FPT, and live feed open when enabled. However, Bambu Lab will not provide customer support for this mode, as “the communication protocols are not officially supported.”
Then, Bambu Lab says they have been saddened to see people interpret its new authorization control system as a way to prevent third parties from connecting to the printers. Bambu Lab uses OrcaSlicer as an example of the integration they have been working with, even though replies from SoftFever (OrcaSlicer’s main developer) in the GitHub issue opened regarding the new announcement don’t show much collaboration. Nevertheless, Bambu Lab has opened a pull request to integrate Bambu Connect into OrcaSlicer. Bambu Lab says the integration is seamless, but it is not, and it still favors its own slicer, Bambu Studio, as it won’t require multiple applications to start a print.
The blog post also reveals that Bambu Lab favors print farm owners, understandably so since they are the ones you buy the most. Bambu Lab says it has developed a dedicated tool specifically designed for farm management software. It has also contacted several farm management software vendors, and integration is already underway.
So, what do we take from this blog post? It is unclear if Bambu Lab realizes why people are mad at them. They either don’t understand or do not want to understand.
They say they are not blocking third parties and are working with external vendors. Nevertheless, even though it blames PandaTouch for using the MQTT protocol for its PandaTouch, Bambu Lab never provided another solution for PandaTouch (or XTouch) to talk with the printer locally. Bambu Lab will also break Home Assistant integration (for the live feed), but it will not provide any solution either.
Finally, they do that in the name of security, but the private keys have already leaked: https://hackaday.com/2025/01/19/bambu-connects-authentication-x-509-certificate-and-private-key-extracted/
If Bambu Lab believes this is done for security reasons, we think it is fooling itself with a fake feeling of safety. This will not stop hackers (on the contrary), but it will harm Bambu Lab as a company and its customers.