Slashdot Mirror
Amazon Just Removed Encryption From the Software Powering Kindles, Smartphones, Tablets (dailydot.com)
Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.
Come to us now!
Bezos owns the Washington Post. The Washington Post endorses Clinton for president.
Amazon does away with device encryption by inference.
Maybe if Amazon actually sold any of those devices it would make a difference. I can't imagine the average criminal relying on a Fire phone.
But I guess I'll sleep a little better now knowing that the FBI can more easily find out what books the terrorists are reading.
I think it's a good nickname, and I KNOW I won't be doing business with Amazon after they
made this move.
captcha = behead
( I'm not gonna say anything about the above captcha, except : That is not
an acceptable word to use, EVER. And it's not funny, you sick twisted Slashtwits. )
These authoritarians really need to go. At the same time, the fools who allow it need to go with them. Until that time comes, I'm not going to bend for either side.
I seem to remember this book called "The Republic" which talks about this very thing. I also read a whole lot of history about this Republic which was founded because of the same things.
History is always forgotten, so we continue to repeat it...
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
and though I don't use it much at all, I got an email from amazon saying that an 'important update' is available for my kindle and I should install it.
of course, i don't trust them so I didn't. not sure what it would do but its not likely it would benefit ME, so unless I can see a reason to install it, I won't.
as long as I leave the radio off, I should be good, I guess. and whatever content is on my unit should stay there since its not really cloud-based when the radio is off.
--
"It is now safe to switch off your computer."
Only the Fire OS powered Kindle, which is a full fledged tablet with the Amazon android fork. Old fashioned e-ink kindle doesn't have encryption to start with.
Thats awesome!.....Darn that's not what TFA said at all.
So the rich people get to keep their encryption (DRM) and the rest of us get screwed again.
Minimum threshold fixed. Thanks!
It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"
How has Amazon avoided anti-trust investigation, etc etc etc etc....
Looks like we now know.
Amazon removes encryption on their devices, all 3,512 users are confused.
to easily circumvented encryption. Seems more honest that way.
Within the arms of tragedy, there is little comfort in being right.
After I already ordered an Amazon Echo... so now there is nothing stopping the NSA from listening to everything said in my house? Man, they are really going to be bored!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
isnt Amazon heavily involved with the cia?
That's like a car company disabling half the cylinders in your engine after you buy the car.
Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.
What I hate is that Amazon was looking pretty good there for a while.
So if you want FDE on your device, you have to have the latest Android or one of the bulk of iOS devices which support FDE.
Guess that's clear - not buying an Echo or any of it's satellites anytime soon.
Make sure everyone's vote counts: Verified Voting
All of the security related shenanigans lately have created a perfect opportunity for Mozilla to make itself relevant again.
All Mozilla needs to do is step up to the plate and take advantage of this opportunity.
Instead of just imitating Chrome and building a shitty, second-rate web browser that few use, they should start to embrace security.
The first thing they need to do is to create desktop and mobile platforms built around OpenBSD.
This does not mean repeating the mistakes of Firefox OS: Gecko would not be used, and JavaScript would not be the only way to write apps.
These desktop and mobile platforms would be built around KDE, since it's the premiere desktop environment.
They would then gradually rewrite X, Qt and KDE using Rust, which is Mozilla's custom programming language that's supposed to be ultra-secure.
Hipsters would not be involved with this project. We've already seen how they've ruined Firefox.
Mozilla could become known for providing us with the most secure desktop and mobile environments around.
My family has a few and I couldn't see myself ever tolerating Amazon's take on the interface for more than a couple of minutes...
XML is like violence. If it doesn't solve the problem, use more.
I buy their books on occasion, but I won't be buying any of their hardware.
But clearly the pressure is on. The FBI and other investigative and intelligence agencies worldwide want to make you safer by making your data more vulnerable.
This is what happens when you let idiots and sociopaths into positions of power.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Ah, so you hated Amazon back when they were underground. Nerd-hipsterism is a funny looking beast.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I've been looking through TFA and related material, but I'm still trying to figure out what this actually means in practice. What data, on an e-book reader, is usefully encrypted anyway? This is a genuine question, as I don't have any sort of Kindle. Perhaps there is integration with payment services or personal accounts of some kind? If so, does this mean anyone who installs this "upgrade" and then has their device stolen would have some significant credentials compromised?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"
Perhaps that might work for the average idiot, but someone with half a brain can easily argue that you could remove the locks from your front door and then turn a blind eye to anything bad that might happen. "Look, that citizen got rid of their locks, and they're doing just fine!"
Not for long applies to both idiotic "solutions".
What else is new?
If "doing fine" means being a third class player in the mobile market despite having a huge infrastructure ready to support it then sure...
The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.
Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.
I agree, but a more practical question might soon be: if upgrading to firmware that removes this feature is necessary in order to fix some other defect with the original product as purchased (broken functionality, security vulnerability, etc.) then would that already be illegal? Consumer protection laws are quite strong in some places, Europe for example, and even the biggest of tech firms can find themselves called out and penalised if they don't meet the required standards.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
what a relief?
. . . .I've long since known to put any app on one for anything else but reading or other entertainment. And that's the nice thing about the Amazon App Store. By eschewing Google Play. . . . none of my PHONE apps can show up on my Fire reader/pseudo-tablet.
Hint: No lock screen. OF COURSE it's not even close to secure.
Any reliable sources to this? I've never heard of dailydot and the only other place I can find mention of this is a single post on Reddit.
That crap.
Lets see if I can hack their unencrypted network.
Holy crap I barely even tried and got in.
Wont knowingly buy an insecure device.
If amazon doesn't know the value of encryption in maintaining security I question the entire operation.
A family member has a amazon echo so I guess that thing is going offline, no great loss it wasn't that useful anyway.
Another reason why I am avoiding the entire IoT fad until the security weakness are addressed and the phoning home to mystery IP's in china.
The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.
Sure. You pay them with a breath of fresh air. Who would use a credit card?
well, legal arguments are usually for your "average idiots", except they are held in legaleese to hide that fact. btw., removing your locks might not have any bad repercussions in many neighborhoods - not everywhere is like the U.S.
It said an important update is *required* for your Kindle to be able to continue to access books.
It seems to me that it is a sort of preventative measure against bad press in the future. Take away any expectation of privacy when you are using a device and they explicitly state this, then you can't really be upset in a year when the police pick up your kindle plug it in and see you've been googling 'best way to cut up a body'.
Look at the Apple situation, there is no way for them to come out clean on this. Either they 1. already had a backdoor, 2. are going to lie about helping them get int 3. left some vulnerability that the FBI will exploit to read the phone anyway..you get the picture. I'm all for the fact that their initial reaction was to push back but the goodwill generated by that will only take them so far.
Now I don't agree with what Amazon did at all--I actually won't be happy until there is a smart-card adapter for every piece of communication/information system equipment in the world--but I can see how the move is beneficial for them. In 1 news cycle no one will care while Apple still has years and years of this tomfoolery to deal with.
OMG facts!
Perhaps you're describing USA, but dunno, I didn't think the US situation had deteriorated so badly that americans were silent slaves to the wishes of their corporate overlords. There would have been pushback.
In Europe, what you say doesn't apply at all. We have very strong consumer laws here, and they would stop a company's attempt to abuse the users of their products. A company EULA is not allowed to impose conditions that contradict the law of the land here, and if it does then that EULA is legally invalid.
EULAs can add benefits beyond the requirements of consumer laws here, for example they could offer 5 years warranty instead of 1. But if a EULA tried to override the law of the land and reduce warranty to 6 months, it would have no validity.
What's more, we have concepts of fitness for purpose and reasonable expectations here as well, so a company that gave only 1 year warranty on a washing machine or on a car would lose immediately in court if it refused to accept liability for materials failure after a mere 2 or 3 years of reasonable use. The reasonable expectations would be far longer.
So you're wrong, at least in Europe.
I have simply never preferred blatant advertisng. Childish as it may be.
Your credit card information isn’t on the Kindle, though; it’s on Amazon’s servers.
It makes the devices easier to hack. Time to remove that stupid "special offers" advertising.
Do not look at laser with remaining good eye.
When trump is elected president, morons will rule the world and we all can act the same way.
Do not look at laser with remaining good eye.
This is why ceding control of your reading library to a third party is never a good idea. Keep buying paper books people. It's one of the few things that businesses can't control after you've bought it. That's why we should keep buying physical media wherever possible. CDs are great for music and you can easily rip them to a DRM-free library if you prefer, but those songs will never be removed from your library over a licensing dispute or someone going out of business.
I don't have a password/passcode on my kindle so there can't be any effective encryption. It's not a big deal.
When we talk about personal data, we mean the union of private personally identifiable information (name, address, phone number, SSN) and information that users create. A credit card number is neither.
You do enter your name when you buy something with a card, but that's the least private piece of PII, and is likely to be present on any device you own anyway, making that not personal data in any meaningful sense except when combined with other private data, such as browsing habits.
A credit card number is a disposable identifier. It identifies your account, not you, and is valid only until the card number is canceled due to theft or whatever. And your liability in the event of theft is zero. This makes CCN theft a problem for CC companies and vendors, but not really a concern for you as the user.
With that said, I do disagree with the original poster for different reasons. There is a definite privacy impact here. People's reading choices can be very personal, and there is enough PII to at least potentially identify the owner (name plus the location where the device was found/stolen). When you combine that with someone's penchant for reading stories about [insert regionally taboo topic here] and their copy of the Anarchist Cookbook, you suddenly know more than any third party rightfully should know about someone even without having what most people would think of as "personal data".
Check out my sci-fi/humor trilogy at PatriotsBooks.
If Trump is elected, I'm rooting for the World Killer asteroid to hit as soon as possible...
Gee, it's a good thing Amazon only sells client machines, right? If anyone ran their servers/services on Amazon anything, they'd REALLY have to be worried...
How do you find the pricing/selection on Play Versus the Kindle store?
Also, can you use either of those on an actual eReader (e-paper)? If so, I may be looking to switch after this crap...
It would be awesome to have an opensource os for kindle! I recall reading about gpl3 and tivoization and it seems only the later one has gained more traction. I'm still unable to install Debian on my mobile and doing the same on my notebook got harder thanks to new security technologies such as EFI, that protects only Microsoft.
Funny, I said the same thing when Bathhouse Barry got elected...
That implies all 3,512 users knew there was encryption to begin with. I think that's implying a lot.
In other news, Amazon just release two additional Echo always on listening devices that they want people to buy and place in their homes and take with them wherever the go. Coincidence? I think not.
Device has encryption, now it doesn't have encryption.
If you upgrade, all of your old data will be lost forever, since the OS can't decrypt it anymore.
Oops. Too bad for you.
Or Android?
Or Linux?
Or Windows phone? (oh, wait. Never mind)
So, US will join the rest of the world, huh?
Customers using an outdated software version on Kindle e-readers require an important software update by March 22, 2016 in order to continue to download Kindle books from the Cloud, access the Kindle Store, and use other Kindle services on their device.
Ummm.... so? How has a company doing something that another company hasn't done ever been a legal precedent for anything?
I'm really failing to see the point you're making here.
Let's be clear; the encryption has ABSOLUTELY NOTHING to do with protecting your data. The encryption is 100% about protecting the walled garden. That is the only purpose of encryption on an iPhone. That was the only purpose of encryption on a Kindle.
I *was* considering a kindle.
Now I'll either get a Nook or just a regular table (maybe an iPad, given the Apple kerfluffle)
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
You're already leading the way in acting like a moron, I see.
The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.
So Apple and Google can both use that same excuse now too?
"Sorry FBI, Android tablets and phones, and iOS tablets and phones, are just ereaders and not something you put personal data on. So there is no reason to look for any data. Some guy on Slashdot said it was so!"
If you feel Apple shouldn't count as an eReader since their smartphone and tablet OS isn't Android, could you detail why one tablet OS that you use for more than just ebooks should be backdoored while another tablet OS that you use for more than just ebooks gets a pass?
I'd also be interested in your reasoning that Google should encrypt your Android phones and tablets but Amazon shouldn't have the same rule applied for their Android tablets.
Also you should probably be aware of the fact that, even if you don't, most of the rest of us DO put sensitive data on our Android phones and tablets, at the very least access to the Play store and usually email and saved browser passwords. Some even use Google Pay from their phone.
Why do you feel that, despite your personal ebook only usage of your phone/tablet, that all the rest of us who take full advantage of our Android devices should not be doing so?
Aha! An ALGEBRA book! An Arab name for a weapon of math instruction.
... Than be forced. Whoever ends up in the White Houss, encryption has very little time left. In the next 4 years the internet will be turned into something we'll barely recognize.
If they remove encryption, but allow users to leverage their own 3rd party encryption of choice - they win.
Then the government can spend time going after the 1,000 companies that spring up to provide 3rd party encryption s/w for Mobile Devices.
Considering that Amazon's business model is centered on destroying your privacy, why are you surprised as they strip your last shreds of protection?
Personal story:
For about 8 months now some troll has been abusing my name and Gmail address with a fake Amazon account. There have been various fake bills and ebook loans and of course reams of troll-related spam directly from Amazon.
I did NOT validate my Gmail address for Amazon's use, and one of their so-called customer reps actually slipped up and admitted that there is a bug in the Android version that allows for validation of email addresses without a confirmation from the actual owner of the email account.
This seems to be a very simple problem to fix.
1. Nuke the fake account.
2. Put a block on the email address to make sure another fake is not created.
3. Profit!
Just joking on Step 3. I will NEVER again buy anything from Amazon, so no profit there.
However, the first two steps seem easy enough. Amazon cannot do them. That's because I cannot provide the physical address associated with the fake account. Once again, one of their people slipped and confirmed that it's in Indiana. I've never been in that state, but there is evidence in some of the spam that points there.
Anyway, in conclusion I was twice an Amazon customer, but NEVER again. Privacy does not exist in Amazon's book.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Corrected Subject: above. Even the Preview is not sufficient...
Maybe I should have said "supremely EVIL", but there is so much competition for that title among various fabulously profitable companies.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Anyone that uses the word sheeple should be ignored.
Not even in a pissy "how dare you call anyone that" way. But a practical matter. Basically, if you think someone who chooses differently than you must be a sheep, you don't have any idea how to understand someone else's reasoning, you have no skill or interest in modelling them as a human, so therefore you offer nothing to that person.
FTA::
(captcha: paranoia)
moooooooooo
The difference is Amazon is opt-in.
Opt-in is basically meaningless once a company has market power. It's basically saying you can have privacy rights if you are willing to give up participation in a big chunk of the economy. There may be other ways to participate, but they have cost in terms of time, money, convenience, or marketshare, for example.
For example, it is possible to live without a cell phone, so cell phones are opt in. But tracking data from them still has massive implications for privacy rights, and the fact that you have to opt-in shouldn't necessarily give cell carriers carte blanche to do whatever they want with your data.
Root your own kindle and install your own encryption. Sounds like Amazon just made that process easier...
the fire phone was dumped. it will never see another software update. there is no fire os update for the phone. so you can probably remove the word ' phone ' form your article.. before everyone on amazon labs 126 was shit canned , amazon removed stage fright, and that was the last update we will ever see
That would still be better than what Apple did to me. I wrote an integrated, dual-language point-of-sale system for a Chinese restaurant, friends of the family. They had a Mac Mini, perfect for this kind of low-cpu-load app; I designed and built the app on my mac pro, under the exact same level of OS X, got it working 100%, installed it on the mini... and it wouldn't print. Debugged a bit, and found that CUPS was going nipples north every time UTF-8 data (Chinese text, perfectly normal use of UTF-8) got sent to it. Only on the mini. Mac pro continued to print the Chinese text perfectly. Receipts, kitchen order printouts, reports, etc. So, I called Apple.
me: "I found a 100% repeatable bug in the CUPS printing engine that prevents output via the shell of UTF-8 text"
them: "um, yeah, we confirm that, turns out there was a bug in the object generation for Intel core 2 duos."
me: "So, a fix, when?"
them: Oh, already fixed, just upgrade OS X. Was only a bug in the code generator.
me: ok [buys upgrade on USB stick] [tries to upgrade the mini]
quoth the upgrade: "your computer cannot be upgraded, core 2 duo not supported"
me: "Hey, I can't upgrade, core 2 duo here"
them: "time for a new computer!"
me: "computer isn't broken. The OS is broken. Your OS. You told me so. It doesn't do what you said it would."
them: "...time for a new computer"
me: [ATH0] [buys used mini of later vintage for my friends out of my pocket - it certainly wasn't their fault - got all that working.]
Since then, they have tried to push many upgrades of the Apple app store and iTunes to the same machine. So they're definitely still building for the architecture.
Never bought another computer from them. I don't plan to, either. I still use OS X, but I only buy used machines, I don't buy apps or music or anything from the Apple store, and I now have an Android phone and my brand new S7 will be here in 8 days.
Apple isn't to be trusted. Period.
I've fallen off your lawn, and I can't get up.
If you actually read the article, what they said was that nobody was using it, so they killed the feature. Now that it's gone, everybody seems to want it back!
I wonder just how many slashdotters actually have a Kindle. My guess is most go for devices attached to the Google Play Store instead.
https://tails.bourn.org/download/index.en.html
Sounds like this is a not so subtle red flag from amazon warning everybody that the (weak) encryption on their devices has been compromised and cannot be fixed.
As mentioned previously, most people do not have pass-codes on their Kindles so I'm not sure what possible use encryption could have on such lowly devices. In any case assume you have been warned, encryption is weak and won't keep your data secret on amazon devices.
Decrypt this:
Angus yellow aspen 3/4
hint - msg is only valid between 7:01pm and 7:08pm on even days and odd months.
answer - there is no decryption - it requires prior knowledge.
You're thinking too much.
Six months later: "The version of your OS is too outdated to continue, click here to upgrade now!".
Your estimate is off by six months. The forced upgrade was announced today. I just got this email:
important update required for your Kindle e-reader
Your Kindle Keyboard (3rd Generation) requires an important software update to continue downloading e-books and using Kindle services. This important update applies to Kindle e-readers released prior to 2014.
***sigh***. Amazon was very convenient. It is not going to be convenient to ditch them, I live in a very rural area. If you don't count Walmart there are not a lot of shopping options in the area. Despite the inconvenience, the encryption announcement followed by the forced upgrade (with no explanation of why the upgrade is needed) leaves me no choice.
On the plus side, I will probably save a lot of money.
We don't see the world as it is, we see it as we are.
-- Anais Nin
Look it's a Trump supporter right here....
You can tell by the drool all over the keyboard....
Is there a Morocco Mole?