Ask HN: Brother printers sending ink data to Amazon?
Today I decided to opt out/unsubscribe once and for all. Instead I see this at the bottom of the email:
"Click here to view or manage settings, including the option to opt out if you are already using another replenishment service.
This took me to https://drs-web.amazon.com/settings
"The data shown is based on estimated consumption reported by smart devices and orders you place through Amazon."
Here it had a link to "Consumption history" which upon clicking showed me the ink levels of my Brother printer for the past two weeks. Date and time.
WTF?! It is not apparent that I can disable this function. Can anyone else duplicate?
Update : This is part of Alexa it seems, and folded in to the Dash replenishment protocol; note I have never had a Dash button.
Amazon's instructions for this were not very helpful.
https://www.amazon.com/gp/help/customer/display.html?nodeId=201357520
Some digging revealed a Brother help document:
https://help.brother-usa.com/app/answers/detail/a_id/172810/~/cancel-enrollment-%28amazon-smart-reorders%29
This bothers me quite a lot. I never authorized, opted in, or gave either device permission to connect, let alone Amazon to monitor and nag me about it!
Model: Brother MFC-J485DW
Purchased from: Best Buy, an American retailer, after July of 2019.
Firmware: N1901041316
78 comments
[ 0.18 ms ] story [ 156 ms ] threadDo you have a firmware date?
I do not have a manufacturer date but it would have been purchased in 2019 or later.
The only interaction that it has ever had with my Amazon account was that I ordered a single purchase of replacement ink cartridges. The idea of it monitoring their status is abhorrent to me and I don't think I would have ever opted in for such thing. Perhaps there was something requiring me to opt out, but ...it was not apparent.
When my Alexa searched for devices connected to my network, it must have noted this printer, then compared it to the fact I ordered ink for it, and just to be extra helpful decided to monitor its levels for me. I can think of no other way...
Here is an image of the email I received
https://imgur.com/a/fhvZlsd
and the current status of the web page:
https://imgur.com/jkTD4Xp
I am speechless. This link brought up a narrow page of blue. Is there any way to recover that? Firefox browser. I would love to capture that .. oh I kick myself now for not grabbing a SS.
What happened on 5/4/21? You say you bought the printer after July 2019, so it probably wasn't the printer purchase date. Does that line up with the date you bought or installed an ink cartridge from Amazon, or set up Alexa?
So the question is, how did your printer get linked to your Amazon account?
Possibilities:
1) You registered your printer with Brother (possibly when setting up wireless or cloud services) and put in your email address which is also the one associated with Amazon. Did you opt in without realizing (via a dark pattern? hidden in TOS?)? Or did they opt you in without any consent at all?
2) You bought the printer from Amazon and they already knew the printer serial number (common with certain electronics brands) and that's how it got associated. Perhaps there's a notice on the add-to-cart or checkout page that you'll be enrolled, or an opt-in checkbox? Or maybe it is without consent?
https://www.amazon.com/b?ie=UTF8&node=19820259011
So it doesn't seem to have anything to do specifically with Brother at all.
Mystery solved. It's an Alexa feature ("feature").
So feel free to be angry at Amazon, but it's not Brother doing anything wrong. It's just reporting ink levels to anybody on your local network who asks, just like every other printer.
You might want to change your headline since it accuses Brother rather than Amazon.
It's under Settings > Device Discovery (near the bottom of the settings). It's on by default of course.
But no - these fuckers, when you do device discovery, it re-adds everything it finds automatically instead of confirming what you want to add. Then you have to disable the device once discovered. What do you want to bet that disabled devices occasionally, mysteriously, get re-enabled?
It’s not surprising to me that Amazon would do this using one of their devices, as everyone seems to be grabbing as much data as they can. It’s probably described in the T&Cs somewhere (that they can scan your network and use data from it).
Which.. I never read but I concur with your theory.
I don’t have Alexa devices on my network, and I’m glad. I do have other vendor smart things, and I’d absolutely expect a notification if they were going to be poking around at my other devices to send information off to a company for their benefit.
Poor play, Amazon
Also I want to make it clear, it shouldn't have to be this way. Devices should be transparent about how they function, but sadly they are not.
I'd say yes to both, and so the problem would persist.
One way to solve this would be to put every single device on a separate vlan (like some public networks do). Just like NAT, that approach certainly has its advantages for the average user from a security perspective, but forces centralization and usage of third-party servers where it shouldn't be required.
Maybe what we need is a "network administration protocol" that would give you pop-ups on your phone when devices tried to discover what's on your network.
>I'd say yes to both, and so the problem would persist.
My IoT LAN is configured to keep each device within the subnet isolated from one another. So while they might share a subnet, they aren't able to snoop on each other. They also do not share the same switch.
This is done via "L2 Isolation". WiFi access points typically have this setting, as do some wired switches (ex: Cisco's PVLAN)
I just use two.
One for IoT, guest WiFi, etc.
And one for our server, laptops/PC, and mobile devices.
But ideally I'd fine grain it further.
I'm on a single VLAN and associated WLAN for all my IoT devices but I would also like to segregate them further. The 4-WLAN limit on Unifi does limit what can be done, however.
FWIW, I try to use wired as much as possible. Although for security cameras people like to use PoE and I think if you can get physical access to the PoE port, you can also try a MITM or a physical sniffer for examples see the stuff Hak5 sells.
Do you have a link or guide to help me understand how to set this up. It seems like a great idea!
More complicated settings involve the keyword "VLAN", afaik most home routers don't have this.
Keep in mind that a lot of this will be heavily dependent on what kind of router and LAN configuration you have.
How you setup your LAN printer from subnet to get data from your your main subnet?
There’s no legal rights or enforcement against any of this.
Put your Amazon devices in an isolated "IOT" network if possible.
https://www.reddit.com/r/amazonecho/comments/ip5i1c/alexa_no...
https://help.brother-usa.com/app/answers/detail/a_id/164663/...
Then there is the issue of certain devices only accepting things like HomeKit via a barcode and/or discovery, and not via IP addresses.
If I could just do IP addresses it would be so much more easy to cordon off things. IPs can talk across networks with ease, no hacks required, but at least I control it.
Inside of a network it's very hard to selectively allow / deny traffic.
Network level security is already difficult enough even for professionals, it's nearly impossible to really "secure" consumer grade home networks with tons of random consumer grade devices by trusting one brand and distrusting another.
Personally, I don't see my printer's ink level as some sensitive information. But if I do, I would put it behind auth/encryption.
[1] https://darknetdiaries.com/episode/31/
If you really must have this trash on your lan, you have to isolate it at the network level.
I see my paranoia was not unwarranted.
That being said, if I had a network printer, I would've connected it to yet another VLAN I have set up which does not even have access to the internet.
Setting all this up required quite a bit of time, effort and networking/firewall knowledge. I wonder if there's a market for providing such capabilities out of the box for the less tech-inclined privacy-conscious consumers.
That group is much smaller than most tech-conscious people imagine (at least outside of Germany).
My experience with people outside of the tech bubble is that people care a lot more about privacy from their bosses / exes / partners / parents (and very occasionally law enforcement), but almost never about privacy from big companies.
The only thing that actually makes people scared is seeing ads for products that they were recently discussing in person, and that's actually due to coincidence and search history, not, as they think, devices listening on them. I keep pointing this out every time the same thing happens on (linear) TV.
Mostly because privacy prevents a lot of desirable features from working.
This is basically the 'promise' of all this smart home junk: your fridge automatically adds milk to your Amazon cart when it scans the contents and sees the level is low. A dubious convenience for users, but an excellent way for companies to ensure you keep buying things from them.
I have a feeling this is alexa searching your network and helping itself to your devices.
It's also not worth it to me to isolate them on my network. It's easier to only allow devices that I have control over.
These devices cannot be trusted.
>Protect your Brother machine against unauthorised access over the network
https://support.brother.com/g/b/faqend.aspx?c=us_ot&lang=en&...