TL;DR
Josef Prusa has publicly warned that Chinese 3D printing slicer software, notably Bambu Lab’s fork of PrusaSlicer, violates open-source licenses and poses security risks due to potential government influence. The issue involves license violations and possible security vulnerabilities linked to Chinese industry practices.
Josef Prusa, founder and CEO of Prusa Research, has publicly warned that Chinese-developed 3D printing slicer software, particularly Bambu Lab’s fork of PrusaSlicer, violates open-source licensing and poses significant security risks, raising concerns about industry security and intellectual property violations.
In a series of statements on X (formerly Twitter), Prusa detailed how Bambu Lab’s Bambu Studio, which is based on PrusaSlicer, violates the AGPL-3.0 license by incorporating a proprietary networking plugin. This plugin is integral to the software’s primary functions but remains closed-source, contravening license terms that require open redistribution of derivative code.
Prusa explained that Bambu Lab’s defense—that the plugin is a separate work—fails because the plugin is essential to the main product and cannot operate independently. This constitutes a license violation, he said. The company first discovered Bambu Lab’s network activity in 2021 when telemetry data was sent to Prusa’s servers, indicating the presence of a fork of PrusaSlicer within Bambu Studio.
Beyond licensing issues, Prusa raised concerns about security risks linked to Chinese industry practices. He cited China’s extensive legal framework, including laws enacted between 2017 and 2023, that compel citizens and companies to assist intelligence efforts and surrender encryption keys to the government. He linked these laws to potential security vulnerabilities in Chinese software, which could be exploited or used for espionage.
Why It Matters
This warning is significant because it underscores potential security vulnerabilities in widely used 3D printing software originating from China, a major player in the industry. Violations of open-source licenses threaten the integrity of software used in manufacturing and prototyping, while concerns over government influence raise questions about data security and intellectual property protection for Western users and companies.
As 3D printing increasingly integrates with sensitive industrial and research applications, the security of the underlying software becomes critical. The allegations suggest that Chinese industry practices could introduce risks of espionage or data theft, impacting global supply chains and innovation.
Sovol SV06 Plus ACE 3D Printer Open Source, 500mm/s Max High Speed 3D Printers, Fully Auto Leveling, with Camera Upgraded Structure Planetary Dual Gear Direct Drive Large Volume 11.8×11.8×13.8 inch
Speed up to 500mm/s with Enhanced Precision: Harnessing advanced technology to deliver Sovol SV06 Plus ACE rapid printing…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Prusa Research has long been a vocal advocate for open-source software in 3D printing, emphasizing the importance of licensing compliance and community trust. The current dispute centers on Bambu Lab, a prominent Chinese manufacturer, which has forked PrusaSlicer into Bambu Studio, a popular slicer with cloud-based features. Prusa previously identified telemetry data being sent from Bambu Studio in 2021, revealing the presence of a fork based on their open-source code. Meanwhile, Chinese laws enacted from 2017 onward mandate cooperation with government intelligence efforts, including data sharing and encryption access, fostering concerns about security vulnerabilities in Chinese software products.
“You take from the community, you give back to the community. That’s the social contract. Violating the license isn’t just an open-source issue; it’s a security risk.”
— Josef Prusa
“The networking plugin in Bambu Studio is a core component that cannot function separately, making their defense of it as a separate work invalid under AGPL-3.0.”
— Prusa Research
“Chinese laws between 2017 and 2023 require citizens to assist intelligence efforts and surrender encryption keys, which poses potential security risks for software derived from Chinese industry.”
— Prusa
2D & 3D CAD Software Suite USB – 8 Program Bundle for Windows & macOS – Complete Design & Drafting Tools
Ready-to-use software preloaded on a high-speed USB flash drive for easy installation on any Windows PC, no internet…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether Bambu Lab will respond publicly to these allegations or take corrective action. The extent of security vulnerabilities linked to Chinese government influence in Bambu Studio and other Chinese slicers is also not yet confirmed. Additionally, the legal enforceability of license violations across international borders continues to be a complex issue.
Official Creality Ender 3 3D Printer Fully Open Source with Resume Printing Function DIY Printers Build Volulme 8.66×8.66×9.84 inch
Resume Printing Function: no worry to the immediate power outage or electric circuit error, Ender 3 has the…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Prusa Research may pursue legal action if violations persist or escalate. Industry stakeholders and users are likely to scrutinize Chinese slicer software more closely, and further investigations into security vulnerabilities could follow. Bambu Lab has not issued an official statement addressing these claims as of now.
3D Printer Tools Kit, 34pcs 3D Printer Accessories for All FDM/SLA Printers Includes Nozzle Cleaning, Removal Scrapers, Finishing Tools, 5 Types of Files,Brushes, Wire Cutter, Engraving Knife
【3D Printer Tools Expedite Your Workflow, 1-Year Warranty】Designed and Selected by a 15-Year 3D print enthusiasts team, this…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What specific license violation is Prusa accusing Bambu Lab of?
Prusa claims that Bambu Lab’s Bambu Studio, based on PrusaSlicer, violates the AGPL-3.0 license by including a proprietary networking plugin that should be open-source under the license terms.
Why are license violations considered a security risk?
License violations often involve proprietary code that may include undisclosed features or vulnerabilities. In this case, the closed-source networking plugin could be exploited for unauthorized data access or espionage, especially given the broader concerns about Chinese government influence and security laws.
Chinese laws require companies and citizens to cooperate with government intelligence efforts, including sharing encryption keys and assisting in data collection. This legal framework raises concerns that Chinese software could be used for espionage or data theft, affecting global security.
Could users still use Bambu Studio safely?
While Bambu Studio can technically be used without cloud features by setting up LAN mode or using local file transfer, the integration of closed-source components and remote update capabilities pose ongoing security concerns. Users should evaluate risks accordingly.
