Epson is teaching the internet not to install security updates

More on the story of how Epson tricked its customers into installing a fake "update" to their printers so that they would stop accepting third-party and refilled ink cartridges: not only does this force Epson customers to pay more for ink, but it puts everyone on the internet at risk, by teaching people not to update their devices.

If you were affected by this scam, please get in touch with your state, phone number, and whether you saved the original receipt and (better still!) packaging.

Activist, author, and EFF member Cory Doctorow tells Motherboard that Epson customers in other states that were burned by the update should contact the organization. That feedback will then be used as the backbone for additional complaints to other state AGs.

"Inkjet printers are the trailblazers of terrible technology business-models, patient zero in an epidemic of insisting that we all arrange our affairs to benefit corporate shareholders, at our own expense," Doctorow told me via email.

Doctorow notes that not only is this kind of behavior sleazy, it undermines security by eroding consumer faith in the software update process. Especially given that some printers can be easily compromised and used as an attack vector into the rest of the home network.

"By abusing the updating mechanism, Epson is poisoning the security well for all of us: when Epson teaches people not to update their devices, they put us all at risk from botnets, ransomware epidemics, denial of service, cyber-voyeurism and the million horrors of contemporary internet security," Doctorow said.

"Infosec may be a dumpster-fire, but that doesn't mean Epson should pour gasoline on it," he added.

Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus 'Security Updates' [Karl Bode/Motherboard]