[qubes-users] Printer recommendation / scanner implications?

Hi,

I figure someone on this list might have done some research from a
perspective sharing similar goals.

Does anyone have a recommendation for a reasonable printer?

My rough objectives are as follows:
1. "Well-supported by linux." In practice I imagine this means
speaking standard protocols, or needing some FOSS CUPS plugin packaged
in the usual repos. Essentially, as long as it's not some
windows/mac-only proprietary nonsense, or GUI-requiring linux blob,
then it's probably good enough.
2. Does not persist printed pages in internal storage, intentionally
or otherwise. No "re-print last page(s)" anti-feature, or similar. I
think ultimately a deliberately "stateless" printer is really what I
desire, but I'd be surprised if those exist beyond perhaps some very
old simple ones with non-network (think parallel port) interfaces and
non-updatable firmware that is somehow trustworthily write-protected.
(Which sounds great, tbh, I'm just not aware of any like that nor
where to get them besides maybe getting lucky in an auction.)
3. Has economical and shelf-stable consumable parts (ink, toner,
etc.). Probably means laser printer?
4. Doesn't take forever to print things and jam every other page.
Probably means laser printer?
5. Color would be nice, but optional.
6. Lack of "printer dots" [1], or similar (font-mutation steganography
[2], if that's a thing now?) would be nice. Do any such machines even
exist these days? (Besides firmware reversing & removal of said
"feature" yourself, I suppose...)
7. Minimizing contribution to aggregate demand for production of
eventual waste. DRM'd ink cartridges and similar are dumb, and as much
as I'd welcome the challenge to defeat them, I don't want to spend my
time doing that right now. An abundance of the actual printers on
2nd-hand markets would be nice, or, if new, something expected to be
reliable and last a long time to amortize the cost of its production.
I'd be perfectly happy with some model already 10 years old as long as
they're available, reliable, and the consumables for it are still
available and/or self-refillable.

As for firmware security: I assume all printers are probably
vulnerable (and/or backdoored?) beyond any hope of being reasonable,
and would like to put a simple trusted device in front to force all
incoming data to be printed to go through something like the Qubes
trusted PDF converter, to sanitize whatever fun PDF / postscript /
whatever exploits might otherwise reach the printer.

A scanner would be nice too. I haven't thought through all the
implications of whether having a discrete scanner & printer vs.
combined unit has a meaningful impact on my threat model. There's the
obvious implication that a compromise of one may steal data from or
exfiltrate data via the other, but then, would such a mechanism need
to be targeted to avoid obvious accidental detection? How might a
likely targeting activation mechanism work? I'm sure it might be
interesting from an attacker's perspective to have a built-in
side-channel between them, but hopefully network (/usb) isolation and
sanitizing input documents would break any likely print-job command &
control vectors besides those which would rely on image processing
(which feels less likely)? Unclear. Thoughts on this welcome too.

Regards,
Jean-Philippe

[1]: Machine Identification Code - Wikipedia
[2]: http://www.cs.columbia.edu/~cxz/publications/fontcode.pdf

1 Like

This, naturally, implies that I consider wireless connectivity to be
an anti-feature, in that it represents an opportunity to bypass any
trusted document-structure sanitizer / re-encoder / isolation box.