1. write a script to scrap google links to HP admin panel
2. filter out the IPs that are from US (given you want to work on US market)
3. assemble the list of printer types and current toner levels.
4. write a script that will print to each of those printers a one single page, stating your company "Cheapo Suppliers Inc" was notified that "your printer is low on toner. Call xxxxxx to re-fill. Lowest prices quaranteed within one day delivery!". You can add link to your shop page that already redirects user to specific type of printer they have, some type of one-click order (based on which toners are low).
Back in the late 90s there was a common scam run against big-ish offices.
A caller would call asking to talk to the person in charge of printers, typically either IT or Facilities.
Once connected they would say that they are sending out the recipients free gift, which was some lame piece of electronics - often a small television. They would get the work address and confirmation to ship the free gift. They would claim that along with the free gift - they would send a sample toner cartridge that had "super fine toner in it, certified by HP to last 3 times as long as other toner cartridges"
Then, along with the free gift, a PALLET of toner cartridges would be sent - along with an invoice for some ridiculous amount.
When I got my first call about these "super fine toner cartridges" - I got suspicious and contacted HP. They told me about the scam - but that it was hard to find the people. They asked me to get as much info as I could from them if they called again. I got a call again, got as much info as I could without accepting the offer for the free gift - but they wound up sending it to me, along with the pallet of cartridges as well.
HP came to my office and picked it all up after contacting them again.
Over the years - I received more of these calls - and as soon as they brought up toner and free gifts, I tol them I knew the scam they were running - and they would promptly hang up on me...
Yeah and then they retaliate by sending you two pallets of crap toner cartridges, had enough? No? Still not going to pay? Ok here are five pallets of crap toner cartridges sitting in your mail room. Call up the dump, "What? Toner? That probably a toxic waste, you'll have to make an appointment and pay the extortionate hazardous waste fee." Then the toner guy calls back "You either pay us or next time it will be 10 pallets."
Because it is a scam, the toner isn't viable toner. The SJ Mercury news had a story on this during the great re-inking (people refilling ink carts, HP retaliating) and this particular scam was tied to people getting 'scrap' toner (which is they offered to dispose of unused/old/not-to-spec toner, got paid to do so, took it and poured it into plastic toner holders and then tried to sell it as 'oem' or 'extra fine' toner etc) There were complaints that it clogged printers, had smearing issues, and cost money to throw away. So the scammers were getting it on both ends, money to dispose it, and money from people tricked into buying it. The key here is that if there were a legitimate way/value to selling this toner they wouldn't be using it in their scam, they would just be selling it.
At that point it's extortion and you can tell the police where the criminals are going to show up. No different than any other "We're going to keep dumping stuff on your lawn until you pay us protection money."
It's not a postal thing, I believe it's common law. If someone ships you something unsolicited, you are under no obligation to return the item or make payment.
Aha! "Unsolicited" was the missing piece in the Google puzzle. It's actually not common law. It's 39 USC § 3009: http://www.law.cornell.edu/uscode/text/39/3009, and was passed in the Postal Reorganization Act of 1970.
I believe this was originally in response to shoe manufacturers mailing people shoes and then invoicing for them if they weren't sent back.
As for whether it applies to non-USPS shipments, I have strong doubts. The law says "mail", and my understanding is that because the USPS is a protected monopoly, non-USPS carriers are explicitly not mail services.
Sending random invoices to companies hoping they'll just pay without thinking about it is a pretty common scam actually. Here in Germany for instance you start getting dozens of fake invoices via ordinary mail the exact second you register a new company, and I guess it's not very different in other countries.
They're scam is that when they invoice - they hope that the company is big enough to the point where A/P just pays it when they say "Yeah so-and-so in IT confirmed this order" -- they are hoping that the initial contact and the AP departments dont talk.
No nostalgia required ... they still call, even the small business I work for gets at least one or two calls for toner cartridges and we work for your printing company a month.
Yup. They are still around and pretty ruthless. They get the printer models on the first call from a receptionist or someone "I'm calling about fixing the printer... that's a... HP... right? No? Konica, yeah, that's right we have that change in our forms."
Then they call back again and ask for the person in charge of ordering toner and reference the exact model. Sigh. Almost as bad as the "yellow page" people.
In the US, this will get you arrested, you will have a huge fine and probation, and prison time is not off the table.
I'll refer you to the CAN-SPAM Act of 2003, which does not just govern unsolicited e-mail, but all commercial mail which the law defines as electronic communication (bulk faxes, etc.)
You had not done any crime by using Google to find them.
You obtained access to their open HP admin panel via public link with no password or credentials you had to pass.
You haven't stole any information and, furthermore, there is NO confidential information even to be stolen to start with.
On the top of that, you cannot even determine who they are (name, company, address, email, nothing?). They are totally undefinable sitting by a raw IP address. Sure you know someone is using HP printer. Can you get legally punished for that?
I don't think that taking advantage of a publicly accessible information is punishable by jail, especially since noone got hurt and no information were stolen, whether it is information someone made their living off of (Aaron case), or just totally worthless information as of what brand computer of printer is being used. It would be hard for a company to sue you -- (lack of merit)?
If Google got away with snooping private data from open Wifs (and I am sure they made some sort of use from all that gathered data, even if only internally), then I am pretty sure you wont get any heat for such a petite stretch of snooping people's printers.
another though: you may say that someone can sue you for printing a page using their material and toner, but thats too little of damage to even start with. However, arguendo, if you would get slammed with class action lawsuit, you are most likely a millionaire from your idea anyways :)
It's about time for all people to recognize that web server software is an unrestricted broadcasting system by default and that if users want some sort of security they should definitely get behind a firewall or restrict MAC addresses. If they fail to enforce security it should be their fault, not the person accessing them. Apache and other web server software vendors should put that in their license. If that clause had been there maybe Aaron Swartz would still be alive today. As things stand today it's just a lame way to enable irresponsible people to set up web servers and printers containing web servers to put their hands up and way "not my fault."
If people want to play geek they'd better learn geek, No excuses.
Who says I am not authorised? I can claim that public access is an implicit authorization, like any website! And there is no warning or message in the public control panels.
Is a printer publicly accessible over an IP network really so different from a fax machine publicly accessible over switched phone network? Hell, many times (probably always these days) the fax machine is a printer so if the printer is a "computer" the fax machine half of it surely should be as well.
I can see them getting you for spam, just as they can with unsolicited faxes I believe, but anything more than that? Seems a little silly.
To add to the printer/fax comparison, I have known people who used printers in different physical locations within an organization as a "fax machine" that was easier to use with a computer. Need to send some documents to the guys across the state? Print it to them.
There have been case(s) I think (in USA) concerning websites where it was argued successfully that placing an non-password protected page available on the public internet was implied consent to access/use that service.
That seems the right way to do it. You can't then, for example, put up a website which enables printing and then claim that people who use it are financially liable for using that service.
That would be like putting a bench on a busy street and then popping up and charging people if they happened to sit on it - if they sit down, you can tell them they're not authorised to sit without payment, or you can advertise lack of authorisation (eg with a price list) but otherwise you're implying consent.
Yeah, and there is a guy currently fighting in court because he changed some numbers in a URL and was able to get information on other customers from AT&T ... CFAA.
This is different in essential details. Google are indexing these pages. That means the pages are advertised as part of the public internet.
Now not every layman knows how to properly hook things up to the internet, but there is a definite implied consent in doing so. If the pages were restricted by password and we were bypassing it, or they were locked to an IP and we could spoof it, then there wouldn't be an implied consent to access the service being provided; but that's not the case here.
If you want to look at intent then it's notable that many listed are University addresses - people setting up those printers absolutely know what they're doing.
If you purposefully used excessive paper/ink or you kill the hardware with a broken firmware update then those things are definitely not authorised by the implied consent and would constitute vandalism.
Do you really believe that? That the owners of the printers on this public wire would appreciate, in fact deliberately encourage, anonymous users accessing them like that?
I don't see where the implied consent is unless they were advertising the availability of those addresses on the public internet, eg they were listed in Google. It's a small but crucial difference to the legal position IMO.
> The printers are on public wire.
> You had not done any crime by using Google to find them.
> You obtained access to their open HP admin panel via public link with no password or credentials you had to pass.
There's even less barrier to sending a junk fax, and that can get you fined and potentially jailed.
I will argue. Junk fax is a message send to a number for no reason. In my example I would only send messages (print) on the printers that would be low with toner. I would NOT print on every single printer just because I can. Huge difference.
What a great way to distribute malware. Host it on a server somewhere, encode the URL in a QR code, and print just the code, blown up large, with no descriptors to printers everywhere. People will be so intrigued they'll just scan it. Aaaaaaaaand infected.
1. write a script to scrap google links to HP admin panel
2. filter out the IPs that are from US (given you want to work on US market)
3. assemble the list of printer types and current toner levels.
4. write a script that will print to each of those printers a one single page, stating your company "Cheapo Suppliers Inc" was notified that "your printer is low on toner. Call xxxxxx to re-fill. Lowest prices quaranteed within one day delivery!". You can add link to your shop page that already redirects user to specific type of printer they have, some type of one-click order (based on which toners are low).
5. daily rinse repeat.
6. sell your business to HP (at least try to).