I don't doubt the developers are using it for 'morally acceptable' purposes, but I don't trust Amazon not to abuse that data later down the line!
I really don't feel that anyone needs to know precisely what pages I have viewed in a specific book.
That it's an opt-out and not opt-in is not a good thing, but it can be opted out of on the e-readers.
I rely on that regularly as I use both my phone and a Kindle device to read books.
Efficiency is not always the best humanistic approach. So maybe they support unused features and maybe they let some features wither that lots of people like. Maybe it would make things cost a little more. I think people would be ok with some of those inefficiencies.
It's a book. You don't need to collect and track every fucking action I do to find out if your stupid highlighter is being used in Poland.
Privacy LARPers are a tiny segment of the market, the average person doesn’t really care if their ‘usage of the highlighter function is tracked’
Why is that so hard to understand?
Why don't developers ever push back against this sort of thing? Collectively we build this stuff, we are not 'soldiers following orders' which makes us responsible for what we create.
The current actual use is not relevant. Consent and the possible uses are relevant.
Every webserver logs the IP address and the URL visited. Do you think most people know this? Do deverlopers push against this?
This.
I was under the impression there was a revenue-allocation problem that Amazon needed to solve (Kindle Unlimited subscriptions?), that depended on reliable reading statistics. E.g. How many people read book A?
Wish I could find the article, but the implication was there were a ton of publishers attempting to game the system. For example, by publishing blank, very long "books" and having them "read" by software automation.
First, if an entity want my input and are going to use it, they should be decent enough to pay me for giving it. Why do users need to work for free for Amazon?
Second, is it opt-in? If not, then there's an ethical issue here, even if a manual opt-out option is given (does it?). If there's no opt-out, there's a double ethical issue.
Thirdly, is this data deleted once it's being used for the goals you mentioned, or is it kept, making it a risk both for leaking and for Amazing deciding to put it for a different usage in the future.
Understanding how the book reader features are used in practice is good. Selling the same data to a advertiser is bad. Profiling people into predefined groups is bad, and the technology has risk of having false positives/negatives that reinforce stereotypes. The law has yet to catch up to treat information gathered by libraries and information gathered by a developer of e-readers as being very similar in risks.
An instructive case here is Target figuring out that they could use customer purchase history to detect, with a pretty decent degree of confidence, when a customer was pregnant. They then proceeded to use this model to send out mailings, and those mailings resulted in people being outed in rather compromising and potentially seriously harmful ways.
Philosophy should always be store the minimum amount of data to provide the function that the user wants.
IP address is transitory and shouldn't be kept longer than needed for the tcp session, maybe it sticks in firewall logs, but that shouldn't be used for anything other than security.
goodread account details would only apply if you connect to goodread, I'm not sure what the benefit of that is, but I could see that 'user abc123 read this book' is useful data - again ask if you can send the data.
I mean, we already knew this, but it means any and all Amazon hardware must be considered potentially hostile.
Back when they had a cell phone in them. I was standing behind a guy who was supporting it. "Uh lets bring up where you are at? It says you are 10 miles off the coast of miami?...." "oh yeah I am calling from my yacht" "do you see any cell towers?" "no" "It kinda needs those to work. I am surprised I got the location data."
The Kindling never leaves Amazon properties; it is not yours even though you paid almost the full price of a book.
If there is rule of law in the US and EU, these will eventually become free e-books, that is, separated from Amazon; they will regain the status and properties of the book.
Same with any data you store on an iOS device. You never let a device you don't control have the only copy of any data important to you.
With all that said, I do dream of a PINE64 E Ink device (or something that's open and hackable).
How much time and frustration do I potentially waste on something that no one ends up using?
Things like this are very useful and it's strange to me that people aren't sympathetic to that perspective.
Attempting to get the subnet IP address? That seems pretty invasive.
From the article:
> Attempt to get the IP address on the local network (a 10. address, which was incorrect for me)
Fine. So you allow them to collect it. However, don't decide for others if it's "invasive" or "perfectly appropriate" for them or not. Do it opt-in such that people who wants to share their data could do that.
Oh yeah, and offer them payment for that. They deserve it.
Usefulness is NOT the same as usage.
Metrics can tell that story though so you’re arguing a straw man.
Example: If you see that 99% of users have never used a function ever - you have a pretty good idea that it needs to be reworked or removed. You may also see a function that is used by 80% of users once a month, that you may opt to keep.
But it is a pretty clever hack to get a hostile machine to not connect to the internet as airplane mode is (I assume) regulated behavior.
Never supply a wifi connection during setup, and instead immediately engage airplane mode. USB transfer is easy with something like Calibre, which also handily converts ePub to Mobi for Kindle use.
It used to be that you could buy Kindle books and download them to your computer for transfer to the Kindle via USB, but they seem to have made that more difficult in the last year or two. Other sources still work fine, though.
That fact that Amazon collects these very detailed metrics has been well known for a long time. You will find old discussions in the MobileRead forum. Here is a thread from 2013 "Block Big Brother":
Same, however I had to connect my Kindle Oasis to the internet 1 time after purchase though, if i remember correct it was to download the dictionaries (for translation) i needed. And i think there was a feature that was missing until i connected it to the internet once (i used a new/temporary account for that) but can't remember what feature that was though.
Any cheap budget tablet can read ebooks and stay off the internet.
[1]: https://hackaday.io/project/168761-the-open-book-feather
E-ink gives you Better screen for text, a lot better battery life, no apps, no notifications, no video ads, o ads in general, nothing flashy.
And kindles are relatively cheap, and available almost everywhere.
Why is it subsidized? Obviously to make it more fun to buy books, but also collecting valuable data on your reading habits. Obviously they know _what_ you're reading but it seems useful to them also to know what you bookmark etc.
They also have all the hardware they need for location history tracking by remembering wifi broadcasts seen. Is it known if that's being uploaded?
The downside is that eInk currently only supports black-and-white and turning pages is roughly only as fast as turning the page of a book.
Also, battery life is counted in days (and sometimes weeks) and not in hours.
Plus, for all the people saying basically "it's for your own good", the battery lasts much longer on aeroplane mode. For this device, for me, WiFi is an anti-feature.
It will convert any format of E-Book to a compatible format for the Kindle (usually MOBI) and allows you to upload it directly. I use it often and it's an amazing piece of software!
Edit: I know I could convert between formats, but that process is not always perfect and can lose important formatting.
The pitfall in all this, though, is that there are a lot of commercial books that are only available from publishers that use DRM, and personally I don't consider DRM a sufficient justification for piracy -- so that leaves me stuck with locked books regardless. Lately I've been buying them from Apple rather than Amazon, although if I actually jump through whatever hoops are required to set up DRM stripping with Calibre for Kindle books, assuming that's still possible, I may switch back.
https://support.apple.com/en-us/HT207056, see "Significant locations"
Last but not least, Significant Locations data is not just described as "end-to-end encrypted and cannot be read by Apple", it's clearly in the list of items under "By enabling Location Services, location-based system services such as these will also be enabled": e.g., if you're really, really bothered by this, you can turn it off.
To sync a "last read page" across devices, you need to send a location back to Amazon. It's also appropriate to tie a location to a device, so you can pick the appropriate device to sync your position from. And, when you highlight a word, the translation, definition, and wiki page is brought up, so of course it's being sent to bing and wikipedia.
There are valid concerns here (there's too much information being sent overall - the location data doesn't need to be sent with every page turn, for example), but these concerns are being buried behind FUD about none of this data needing to be transmitted.
EDIT: Can I also point out the ironic nature of griping about Amazon's analytics collection while running an analytics suite on the webpage yourself?
zql=Kindle%20Collects%20a%20Surprisingly%20Large%20Amount%20of%20Data pqo=1 xfg=1 xqi=946451 h=8 m=58 s=11 eqm=https%3A%2F%2Fnullsweep.com%2Fkindle-collects-a-surprisingly-large-amount-of-data%2F uel=https%3A%2F%2Fnews.ycombinator.com%2F nvn=b271bb7f9e0fe444 xpx=1598364493 bqq=2 oso=0 ajh=1598366510 lyz=1598364493 _ref=https%3A%2F%2Fnews.ycombinator.com%2F euq=0 cookie=1 res=1080x1920 fpr=429 rlp=xnxpI1
Might be worth noting that you can opt out of their data collection (on the e-reader, at a minimum) as well. Settings > Device Options > Advanced Options > Privacy or in the device management console in your account on amazon.com
It can't just track the very last page in the book that you read, because authors were gaming that by encouraging people to immediately skip to the last page of very large works they didn't otherwise care about. Instead there's some kind of heuristic that tries to figure out if you've more-or-less-normally read the book.
It is just a shame that you have no options. Had to quickly search if my kindle has GPS capabilities. Gladly it does not.
"Kindle Collects a Surprisingly Large Amount of Data" is a completely honest and in my opinion correct statement. So yes, companies are dishonest in their data collection practices and responding with exaggeration is maybe wrong. But I do care more about the data collection issue.
The Kindle has an option to "sync last page", which you can turn off -- that sounds like it could be exactly what you're asking for, but more experimentation would be needed to know for sure.
I didn't see any mention of this config in the OP, aside from mentioning that the feature exists, so it's unclear whether the data being sent is used just for that feature, or whether less data is sent if the sync feature is turned off.
There's no motive on Amazon's part to do it this way, it would be a hassle to implement, possibly not great for battery life, and I expect that users don't care much.
Frankly, I don't care much, in practice. In principle, yes; everything which can be kept private, should be. But Amazon knowing what page I'm on just doesn't discomfit me, the way the prospect of some company being able to read my messages does.
The most common response about online privacy is "what does is matter if X knows Y? I've got nothing to hide".
People already don't care, and I guarantee they also don't care that Amazon knows what page they are on in the book the are reading. There are much bigger issues to focus on
Or, you can trust that a position in a book (bookmarks, notes, etc.) is not sensitive information that really needs to be encrypted. This is my - perhaps overly pragmatic - position.
why not? if i open a book on my phone that i stopped reading on my kindle, i want it to open to the last location i read to on my kindle. not ten pages back because it doesn't sync data every page turn for some imaginary privacy benefit.
Why is location needed for that? Shouldn't a device id and account work just fine? I don't need to share my location to sync other devices.
And, good question. It would be nice, though I'm sure they've buried it in their multi-page privacy doc somewhere.
EDIT: No, it's not opt-in. Reading failure on my part.
But yeah, the Kindle iOS app is crap in many ways - the one that bugs me is how hot it makes my phone. I mean, WTF?
The domain I extracted for my kobo aura:
api.ipinfodb.com
api.kobobooks.com
auth.kobobooks.com
authorize.kobo.com
kbdownload1-a.akamaihd.net
kbimages1-a.akamaihd.net
mobile.kobobooks.com
pool.ntp.org
script.hotjar.com
social.kobobooks.com
ssl.google-analytics.com
static.hotjar.com
stats.g.doubleclick.net
storeapi.kobo.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.fr
www.googletagmanager.com
www.msftncsi.comIt's not a big deal for me, but apparently it's a dealbreaker for some Kindle refugees that they can't start reading a sideloaded book on their phone and pick up where they left off when they open their Kobo.
Maybe other Kobo variants do better however.
Synching can be an issue. I had a one of the early kindles, and it was fine until I hit a few hundred items. It would re-index and be completely unresponsive for 10minutes at a go. That could have been done cloud side. In the end I decided I needed to purge loads of documents/titles to get it useful again. But accidentally sat on it. So game over. Moved to a simple Nook and SDCard loads.
It's easier to hold with dedicated page turn buttons, good lighting, and fast screen response time. Also water resistant and good battery life.
So far I've been able to get all the books I've wanted, mostly from the Kobo store, but it can work with any open format.
1. I can't highlight text across pages.
2. There's also an issue in which I navigate to some highlight and the text gets shown in a dark grey against black background, making it nearly impossible to read.
3. Since I can't highlight text properly (thanks to issue 1), I can't simply extract my highlights from a book, so I have to manually type it on a laptop, which is a painful experience thanks to issue #2.
Aluratech black and white https://m.youtube.com/watch?v=e2WoVRsap9Q
No drm, suppported all formats, held a charge for a week. No internet. Fits in jeans pocket.
It came out in 2009... I wish they still made them.
Applying technical workarounds is still supporting a company, and is giving them a thumbs-up to keep at it.
I agree, generally. However, if you already have the hardware than it's wasteful to not make use of it.
mobile-app-expan.amazon.com
cde-ta-g7g.amazon.com
[edit] as others have noted, it's possible to permanently use offline mode, and transfer books via usb cable.
> Unfortunately, in order to use a non-Kindle application, I have to buy DRM-Free books.
One can remove DRM for amazon's ebook format (.azw3 ?) via some python scripts. You didn't hear it from me though.
Keeping it in offline mode doesn't help.
Permanently keeping it offline and only transferring via USB does.
Not for the new KFX format. Only way to get around that is to use an older version of the kindle desktop app that downloads the azw format. Workaround won't last long though. And won't work on newer macs because the old version is a 32bit app .
1: https://epubor.com/how-to-convert-kindle-kfx-to-epubpdfmobi-...
The fonts can be a pain to descramble though.
E-Readers do a hell of a good job at emulating the experience with e-ink displays & you can't compete with the ability to carry 1000's of books in your bag, but there's something about the reading experience that I wish to keep completely 'analogue'!
I buy, on average, about one book per month on paper.
There's nothing quite like the smell and feel and experience of paper books, and there's nothing quite like the convenience of Kindle.
I also like to go back to re-read books. With non-fiction I'll often want to go back to reference or quote something, and with fiction I love reimmersing myself in the worlds the author's create.
I've amassed quite a little library of books that I still enjoy having access to and it's lovely. But it's also /terribly/ inconvenient to move to a new apartment. It's also quite annoying when I'm visiting a place, and I'd love to pull up a favourite story but didn't think to bring it with me.
I've started moving to a hybrid solution - My absolute favourite stories I keep in paper because I enjoy the feel, but for most books having them digitally much nicer.
I think there's room for both.
I use my Kindle for reading my pop-fiction and stuff I like to read on the go or in bed.
> We collect Personal Information when you use or otherwise interact with the Kobo Services. For example, we collect information about how you use the Kobo Services, such as pages you view, the rate at which you consume e-content (how often and for how long), genres, authors or subject matter you prefer and searches you make or share, the ebooks or audiobooks you have liked, comments you have left and also websites you have viewed through links in the comments. [1]
It's depressing that the market will not stomach the true cost of "dumb" hardware anymore, so it's becoming harder and harder to find. Everything that can be subsidised with hoovering up data, or pushing content, is. If this is the thin end of the wedge, I dread to think where we're heading.
I have an 2010 Kindle Keyboard and naively thought that we wouldn't end up here. The closer we got the less likely I am to "upgrade".
I doubt most users need a real-time sync of their book location to the cloud, unless they read on multiple devices.
Also, if you use the kindle to get loaned/library books on this particular model, they aren't removed even if the due-date is exceeded until you reconnect to wifi, which has been handy at times...
I concur with keeping the wifi off while not downloading, because battery life is way better, but it doesn't help against data collection.
> Each request also isn't sent as soon as it's generated. A number of these records are created and stored locally, then uploaded (note the sequence_number field). Even if a person is offline while reading, this data is stored and sent when reconnected.
One of the much-advertised features of the Kindle is its ability to highlight a word and look it up against a dictionary, against Wikipedia, or against the web.
Using the Kindle's Wikipedia function actually requires going through Amazon's servers and is a privacy violation, so I would not recommend users do that.
It has no need to be sending that much data, including attempting to find out the local IP.
The article stated that a few seconds of usage sent 100 requests to Amazon servers. I'm fairly certain that most websites don't make quite as many requests as the tablet did.
I stand corrected. New Reddit made 150 requests in about 30 seconds, not counting images/media/html.
That being said, It's easy to block many of these with NoScript/uBlock Origin.
What isn’t collecting “too much” data at this point?
Perhaps I should do that myself.
Edit: You can request your kindle data here (UK version): https://www.amazon.co.uk/gp/privacycentral/dsar/preview.html
[1]: https://www.theguardian.com/technology/2020/feb/03/amazon-ki...
> Each request also isn't sent as soon as it's generated. A number of these records are created and stored locally, then uploaded (note the sequence_number field). Even if a person is offline while reading, this data is stored and sent when reconnected.
That being said, if you leave airplane mode on permanently and sideload books, you should be fine.
This is a complete whataboutism but you gave Amazon a lot more information when you purchased the kindle from them.
I think the answer is Amazon should add an option to turn this off.
Kindles are sold in physical locations – at least in the EU, many Kindle owners got their device from a local electronics shop. You don't necessarily have to order them from Amazon. Then, when you unbox it, there is no requirement to register with Amazon or even connect to the internet at all.
The philosophy of Amazon appears to be to do as much as possible in the hopes that one day it will be useful. This is at odds with the principle of philosophical skepticism, that because we can't be sure of the consequences of our actions we should strive to do as little as possible. The data could be hacked and leak out, for example. There is tremendous uncertainty around things like that.
"There have been cases of Amazon removing specific books from customer accounts (and kindles)."
It redirected me from:
https://io9.gizmodo.com/amazon-secretly-removes-1984-from-th...
to
https://www.gizmodo.com.au/amazon-secretly-removes-1984-from...
So it seems I am not allowed to read up about this reference.
Or some underpaid developer messed up the redirects.
Either way this issue about data collection is interesting in its own right, but this other issue of global redirects also feels important, but I only say that as someone who tried to follow the news here.
But this doesn't actually surprise anybody, right?
No. All you have to do is own an old Kindle (buy one on ebay if necessary). Then you can download DRM protected Kindle files from Amazon for this old device, and Calibre and the appropriate plugin can un-DRM them, and transform them in any other format (epub, mobi, text, rtf...) for you to use on your app of choice.
It's certainly better to buy DRM-free books directly if you can find them, but the above solution works quite well.
If people reviewed some analytics solutions (many trials are available), then they'd see how pervasive this is and what product vendors are encouraging. The like's of Amazon have much more scrutiny around the use of data collected than those of smaller organizations. Obviously, they wield great market power so the concerns are broader, but an attacker has a much better chance of raiding smaller developers for volumes of data with much the same fidelity.
If you are using a device designed to market to you - they almost all run ads and collect analytics. I guess this is technically not a user facing feature, but it provides some user benefit (cheaper price).
Does anyone know sales breakdowns? If everyone is concerned about privacy / not being marketed too I guess the versions with ads are not selling. But I've been surprised not that marketing platforms collect data (authors website did) but that most users don't care about this "abuse" that the author is so concerned about.
Originally, I didn't realize this. I learned this when I'd pull out my phone in a waiting room, or on a train, only to not be anywhere near where I last read the book on my physical Kindle.
Now, I'm quite happy that Kindle syncs aggressively. I use an old phone to read in my hot tub, and it's great that the book opens up to the last place I read it, no matter which phone I'm using.
I load all the books I get directly from my computer (Mostly from project Gutenberg).
Turning airplane mode on permanently now.
It was sending an enormous amount of data back to the church including what the user was reading and for how long, everything the user highlighted or bookmarked etc.
It was enough to really question the need for such data.
I really believe that if that data served a legitimate purpose to the functionality of the app (which I’m sure a lot of it did) then the data should have been saved locally on the users device.
That said, the article appears to list activity type ( which is problematic in itself -- time stamp + person is reading now ). I can see a legitimate use for it, but I also hate the idea of being profiled in that way.
To be perfectly honest, Kindle does not seem to pull more than average Android phone ( thought that is problematic in itself ).
The character analytics stuff is probably contractual obligations they have to publishers. The publishers probably want to double check the way people read as well and ensure that they are paid out correctly.
The other logging, as someone else mentioned is probably analytics for their own product development.
But this kind of explains it, to me.
This is why I download e-books from the dark web and read them on an airgapped machine, free from The-eye-of-Amazon
It seems that the author is not really that surprised with the amount of data being collected.
Out of spite I added password to my wifi (I didn't have any and I even named my hotspot smth like "free" for my neighbors to use, wouldn't do that now).
To my surprise, some ~8months later I discovered my kindle to happily connect to my wifi. I'm pretty sure I would never enter the password there, because the kindle was the reason I added password to begin with. Maybe there is some more sane explanation than "kindle bruteforced my wifi", like a bug or some nuance in authorization protocol?
edit: it happened 7 years ago with kindle 2013 paperwhite.
Legitimate or not, it seems obvious that Amazon would be heavily monitoring device use, especially with the ad-supplemented devices.
https://www.amazon.com/gp/help/customer/display.html?nodeId=...
That doc also includes instructions for how to opt-out of this collection:
> you may opt out of processing of your personal data relating to the use of your Kindle e-reader collected by the operating system of that device ("device usage data") for marketing and product improvement purposes via All Settings > Device Options > Advanced Options > Privacy. If you turn this setting off, we will stop processing this device usage data for the purposes of serving you customized marketing offers and improving our products and features. Turning this setting off will not affect... your ability to use features of the device, such as data syncing or backup features or Special Offers we display if you purchased a device that includes Special Offers, as we will continue to collect and process your data to deliver those features to you
I'm interested to see whether this sort of biometric/behavioural data will ever be thought of as Personal Data under GDPR (since I bet you can identify someone from their browsing behaviour, just like you can using walking gait and typing cadence). If that was the case you'd need to present an opt-in when you first booted the device, which I think would resolve the complaints from most folks in this thread.
What! Why? What about all the other data?
thanks for sharing this
thankfully Kindle is not selling very much (relatively) so it is not a big issue if they collect a lot of data