Your router may not be the only device creating a wireless network. Many HP printers (and probably other vendors too, but I tend to see this from HP) create their own Wi-Fi network using a feature called Wi-Fi Direct that lets wireless devices connect to the printer directly without going through the router. The security of Wi-Fi Direct is poor, so you should either connect a printer to your network -or- use Wi-Fi Direct. Do not use both. Suggestion courtesy of Ryan Woodings, the founder of MetaGeek. (added March 19, 2020)
My printer automatically created a WLAN Wi-Fi Direct. It's a rogue AP and a huge security issue!
This just an info
Please block access to internet for HP crapware
+config rule
+ list proto 'all'
+ option name 'Deny-Internet-HP-Print'
+ list src_ip '192.168.12.201'
+ option dest 'wireguard'
+ option target 'REJECT'
+ option src 'lan'
While I don't disagree that Wifi Direct could potentially represent a security vulnerability, I don't think the need for a boycott or alarm of this nature is warranted. My reason for feeling this way: You can turn it off!
I'm looking at the web configuration page of an M281cdw right now. Open the administration page, navigate to Networking > Wifi Direct Setup > Wifi Direct > Off.
Done. No need for custom firewall rules or anything else on your OpenWrt router. Further, the firewall rule will only help for inter-VLAN or internet connections, as LAN connectivity is switched (not routed) so it never hits the firewall.
I'll also add that I think (but I cannot be certain without testing) that the wifi direct mode only allows access to the printer itself and does not bridge to any other network interfaces (such as wired or an upstream wifi network, if it can support operation as both a wifi client and a wifi direct AP simultaneously).
The printer I mentioned earlier is at a remote location -- I have VPN access to it, but I am 3000 miles from that device so I cannot do any practical wifi direct testing.
I read HP has some kind of auto-refill program you can subscribe to and have new cartridges sent home against a flat fee when yours are running out. That might be (part of) the reason it's phoning home.
Either way, I got my mom to buy a laser printer a few weeks ago. And we'll be doing the same. Those inkjet ones dry out when you don't use them often enough, and once you get to that point there's only a long windy road of suffering ahead.
Also, some printers allow to send files directly from a mobile phone, or Google Drive, even when outside the local network. That could cause the "phoning home" connections.
I believe Wifi direct is ad-hoc networking as opposed to infrastructure and the term does not imply intrusive marketing by HP. HP does have intrusive marketing built in to their printer packages but it was possible to install just the printer drivers in Windows. As @psherman said, Wifi Direct can be turned off but it will not disable the marketing.
Older HP printers used PCL5/PCL6 and the ghostscript project provides OpenSource ljet4/pxlmono drivers for these protocols. It is possible to build ghostscript drivers in Windows/Mac OS/X - and some University CS departments provide the binaries and build instructions.
It is sad to see a once innovative company reduced to hustling printer consumables at high markups.
I would not block on IP level. Instead I would use MAC to catch IPv6 also.
config rule
option name 'Block-HP-Printer-to-WAN'
option src 'lan'
option src_mac '00:00:00:00:00:00'
option dest 'wan'
option proto 'all'
option target 'REJECT'
As a side-effect blocking Internet you loose features, like scan and send document to cloud directly. A nice feature not only in business environment.
Beside that. The largest part of their crapware is that what you install along with the drivers. This part is almost impossible to block. So they are getting their usage statistics anyway. Because the device is sending it to their applications. Installing the drivers only will always mean loosing features also. Blocking the client applications itself is no option either (because this is almost impossible on Windows clients; heading "svchost").