Slashdot Mirror
Amazon Just Removed Encryption From the Software Powering Kindles, Smartphones, Tablets (dailydot.com)
Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.
Bezos owns the Washington Post. The Washington Post endorses Clinton for president.
Amazon does away with device encryption by inference.
Maybe if Amazon actually sold any of those devices it would make a difference. I can't imagine the average criminal relying on a Fire phone.
But I guess I'll sleep a little better now knowing that the FBI can more easily find out what books the terrorists are reading.
These authoritarians really need to go. At the same time, the fools who allow it need to go with them. Until that time comes, I'm not going to bend for either side.
I seem to remember this book called "The Republic" which talks about this very thing. I also read a whole lot of history about this Republic which was founded because of the same things.
History is always forgotten, so we continue to repeat it...
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
and though I don't use it much at all, I got an email from amazon saying that an 'important update' is available for my kindle and I should install it.
of course, i don't trust them so I didn't. not sure what it would do but its not likely it would benefit ME, so unless I can see a reason to install it, I won't.
as long as I leave the radio off, I should be good, I guess. and whatever content is on my unit should stay there since its not really cloud-based when the radio is off.
--
"It is now safe to switch off your computer."
Only the Fire OS powered Kindle, which is a full fledged tablet with the Amazon android fork. Old fashioned e-ink kindle doesn't have encryption to start with.
Thats awesome!.....Darn that's not what TFA said at all.
So the rich people get to keep their encryption (DRM) and the rest of us get screwed again.
Minimum threshold fixed. Thanks!
It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"
Amazon removes encryption on their devices, all 3,512 users are confused.
to easily circumvented encryption. Seems more honest that way.
Within the arms of tragedy, there is little comfort in being right.
After I already ordered an Amazon Echo... so now there is nothing stopping the NSA from listening to everything said in my house? Man, they are really going to be bored!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
That's like a car company disabling half the cylinders in your engine after you buy the car.
Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.
What I hate is that Amazon was looking pretty good there for a while.
So if you want FDE on your device, you have to have the latest Android or one of the bulk of iOS devices which support FDE.
Guess that's clear - not buying an Echo or any of it's satellites anytime soon.
Make sure everyone's vote counts: Verified Voting
My family has a few and I couldn't see myself ever tolerating Amazon's take on the interface for more than a couple of minutes...
XML is like violence. If it doesn't solve the problem, use more.
I buy their books on occasion, but I won't be buying any of their hardware.
But clearly the pressure is on. The FBI and other investigative and intelligence agencies worldwide want to make you safer by making your data more vulnerable.
This is what happens when you let idiots and sociopaths into positions of power.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Ah, so you hated Amazon back when they were underground. Nerd-hipsterism is a funny looking beast.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I've been looking through TFA and related material, but I'm still trying to figure out what this actually means in practice. What data, on an e-book reader, is usefully encrypted anyway? This is a genuine question, as I don't have any sort of Kindle. Perhaps there is integration with payment services or personal accounts of some kind? If so, does this mean anyone who installs this "upgrade" and then has their device stolen would have some significant credentials compromised?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
It doesn't just affect the sheeple, it sets a precedant. Now the three-letter agencies can say "look Apple, Amazon got rid of encryption and they're doing fine!"
Perhaps that might work for the average idiot, but someone with half a brain can easily argue that you could remove the locks from your front door and then turn a blind eye to anything bad that might happen. "Look, that citizen got rid of their locks, and they're doing just fine!"
Not for long applies to both idiotic "solutions".
or not.
Amazon wasn't exactly making inroads into the consumer market anyway.
now a stolen device will destroy your life they are worth less than nothing.
Actually, this is a good point. So if you have an Amazon phone (all four of you), you may well want to start shopping for a new one - probably today. No idea who would put sensitive info on their Kindle, though...
Now the fun question is, do they still have DRM/encryption on all their eBooks? I'm betting the answer to that is probably 'yes'.
Quo usque tandem abutere, Nimbus, patientia nostra?
If "doing fine" means being a third class player in the mobile market despite having a huge infrastructure ready to support it then sure...
The Kindle is kind of popular but that's just an eReader. Not something you put personal data on.
Reducing the functionality of a purchased product post-purchase is sleazy and probably should be considered illegal on some level.
I agree, but a more practical question might soon be: if upgrading to firmware that removes this feature is necessary in order to fix some other defect with the original product as purchased (broken functionality, security vulnerability, etc.) then would that already be illegal? Consumer protection laws are quite strong in some places, Europe for example, and even the biggest of tech firms can find themselves called out and penalised if they don't meet the required standards.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
. . . .I've long since known to put any app on one for anything else but reading or other entertainment. And that's the nice thing about the Amazon App Store. By eschewing Google Play. . . . none of my PHONE apps can show up on my Fire reader/pseudo-tablet.
Hint: No lock screen. OF COURSE it's not even close to secure.
http://motherboard.vice.com/re...
https://twitter.com/davidscove...
any hints on how to fill unused disk space with the output of emacs M-X spook ?
I'd rather see someone supporting jollaOS.
jolla.com
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
It seems to me that it is a sort of preventative measure against bad press in the future. Take away any expectation of privacy when you are using a device and they explicitly state this, then you can't really be upset in a year when the police pick up your kindle plug it in and see you've been googling 'best way to cut up a body'.
Look at the Apple situation, there is no way for them to come out clean on this. Either they 1. already had a backdoor, 2. are going to lie about helping them get int 3. left some vulnerability that the FBI will exploit to read the phone anyway..you get the picture. I'm all for the fact that their initial reaction was to push back but the goodwill generated by that will only take them so far.
Now I don't agree with what Amazon did at all--I actually won't be happy until there is a smart-card adapter for every piece of communication/information system equipment in the world--but I can see how the move is beneficial for them. In 1 news cycle no one will care while Apple still has years and years of this tomfoolery to deal with.
OMG facts!
LOL ^^
It makes the devices easier to hack. Time to remove that stupid "special offers" advertising.
Do not look at laser with remaining good eye.
When trump is elected president, morons will rule the world and we all can act the same way.
Do not look at laser with remaining good eye.
When we talk about personal data, we mean the union of private personally identifiable information (name, address, phone number, SSN) and information that users create. A credit card number is neither.
You do enter your name when you buy something with a card, but that's the least private piece of PII, and is likely to be present on any device you own anyway, making that not personal data in any meaningful sense except when combined with other private data, such as browsing habits.
A credit card number is a disposable identifier. It identifies your account, not you, and is valid only until the card number is canceled due to theft or whatever. And your liability in the event of theft is zero. This makes CCN theft a problem for CC companies and vendors, but not really a concern for you as the user.
With that said, I do disagree with the original poster for different reasons. There is a definite privacy impact here. People's reading choices can be very personal, and there is enough PII to at least potentially identify the owner (name plus the location where the device was found/stolen). When you combine that with someone's penchant for reading stories about [insert regionally taboo topic here] and their copy of the Anarchist Cookbook, you suddenly know more than any third party rightfully should know about someone even without having what most people would think of as "personal data".
Check out my sci-fi/humor trilogy at PatriotsBooks.
Gee, it's a good thing Amazon only sells client machines, right? If anyone ran their servers/services on Amazon anything, they'd REALLY have to be worried...
How do you find the pricing/selection on Play Versus the Kindle store?
Also, can you use either of those on an actual eReader (e-paper)? If so, I may be looking to switch after this crap...
It would be awesome to have an opensource os for kindle! I recall reading about gpl3 and tivoization and it seems only the later one has gained more traction. I'm still unable to install Debian on my mobile and doing the same on my notebook got harder thanks to new security technologies such as EFI, that protects only Microsoft.
That implies all 3,512 users knew there was encryption to begin with. I think that's implying a lot.
Or Android?
Or Linux?
Or Windows phone? (oh, wait. Never mind)
Of course they have DRM still. They just made a decision that protecting the publisher's data is more important than protecting the customer's data.
Never going to happen.
The idiots currently in charge of the company are too invested in slobbing the Google knob to actually do something smart with their company.
Chas - The one, the only.
THANK GOD!!!
Customers using an outdated software version on Kindle e-readers require an important software update by March 22, 2016 in order to continue to download Kindle books from the Cloud, access the Kindle Store, and use other Kindle services on their device.
I *was* considering a kindle.
Now I'll either get a Nook or just a regular table (maybe an iPad, given the Apple kerfluffle)
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Aha! An ALGEBRA book! An Arab name for a weapon of math instruction.
Considering that Amazon's business model is centered on destroying your privacy, why are you surprised as they strip your last shreds of protection?
Personal story:
For about 8 months now some troll has been abusing my name and Gmail address with a fake Amazon account. There have been various fake bills and ebook loans and of course reams of troll-related spam directly from Amazon.
I did NOT validate my Gmail address for Amazon's use, and one of their so-called customer reps actually slipped up and admitted that there is a bug in the Android version that allows for validation of email addresses without a confirmation from the actual owner of the email account.
This seems to be a very simple problem to fix.
1. Nuke the fake account.
2. Put a block on the email address to make sure another fake is not created.
3. Profit!
Just joking on Step 3. I will NEVER again buy anything from Amazon, so no profit there.
However, the first two steps seem easy enough. Amazon cannot do them. That's because I cannot provide the physical address associated with the fake account. Once again, one of their people slipped and confirmed that it's in Indiana. I've never been in that state, but there is evidence in some of the spam that points there.
Anyway, in conclusion I was twice an Amazon customer, but NEVER again. Privacy does not exist in Amazon's book.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Corrected Subject: above. Even the Preview is not sufficient...
Maybe I should have said "supremely EVIL", but there is so much competition for that title among various fabulously profitable companies.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Let me fix that for you...
> They just made a decision that protecting the customer's data is more important than protecting consumer's data.
Anyone that uses the word sheeple should be ignored.
Not even in a pissy "how dare you call anyone that" way. But a practical matter. Basically, if you think someone who chooses differently than you must be a sheep, you don't have any idea how to understand someone else's reasoning, you have no skill or interest in modelling them as a human, so therefore you offer nothing to that person.
The difference is Amazon is opt-in.
Opt-in is basically meaningless once a company has market power. It's basically saying you can have privacy rights if you are willing to give up participation in a big chunk of the economy. There may be other ways to participate, but they have cost in terms of time, money, convenience, or marketshare, for example.
For example, it is possible to live without a cell phone, so cell phones are opt in. But tracking data from them still has massive implications for privacy rights, and the fact that you have to opt-in shouldn't necessarily give cell carriers carte blanche to do whatever they want with your data.
Root your own kindle and install your own encryption. Sounds like Amazon just made that process easier...
That would still be better than what Apple did to me. I wrote an integrated, dual-language point-of-sale system for a Chinese restaurant, friends of the family. They had a Mac Mini, perfect for this kind of low-cpu-load app; I designed and built the app on my mac pro, under the exact same level of OS X, got it working 100%, installed it on the mini... and it wouldn't print. Debugged a bit, and found that CUPS was going nipples north every time UTF-8 data (Chinese text, perfectly normal use of UTF-8) got sent to it. Only on the mini. Mac pro continued to print the Chinese text perfectly. Receipts, kitchen order printouts, reports, etc. So, I called Apple.
me: "I found a 100% repeatable bug in the CUPS printing engine that prevents output via the shell of UTF-8 text"
them: "um, yeah, we confirm that, turns out there was a bug in the object generation for Intel core 2 duos."
me: "So, a fix, when?"
them: Oh, already fixed, just upgrade OS X. Was only a bug in the code generator.
me: ok [buys upgrade on USB stick] [tries to upgrade the mini]
quoth the upgrade: "your computer cannot be upgraded, core 2 duo not supported"
me: "Hey, I can't upgrade, core 2 duo here"
them: "time for a new computer!"
me: "computer isn't broken. The OS is broken. Your OS. You told me so. It doesn't do what you said it would."
them: "...time for a new computer"
me: [ATH0] [buys used mini of later vintage for my friends out of my pocket - it certainly wasn't their fault - got all that working.]
Since then, they have tried to push many upgrades of the Apple app store and iTunes to the same machine. So they're definitely still building for the architecture.
Never bought another computer from them. I don't plan to, either. I still use OS X, but I only buy used machines, I don't buy apps or music or anything from the Apple store, and I now have an Android phone and my brand new S7 will be here in 8 days.
Apple isn't to be trusted. Period.
I've fallen off your lawn, and I can't get up.
Of course they have DRM still. They just made a decision that protecting the publisher's data is more important than protecting the customer's data.
That's because Amazon is beholden to the US Government big time. A lot of those AWS servers are Federal servers. It showed when Amazon refused to honor WikiLeak payments. So expect that when the Feds decide something is a "good idea" that Amazon will roll over like a trained dog.
Let's be clear; the encryption has ABSOLUTELY NOTHING to do with protecting your data. The encryption is 100% about protecting the walled garden. That is the only purpose of encryption on an iPhone. That was the only purpose of encryption on a Kindle.
I absolutely agree with this and this is the only thing that makes sense. Why else would Amazon have encrypted publicly available books on the Kindle in the first place? I suspect Amazon largely made the decision because they considered the encryption unnecessary and their DRM that they kept in place was all that they really needed.
Apple is largely insuring that their devices are in no way accessible except through means controlled by Apple. In fact the current FBI case and other cases have nothing to do with encryption and really only deal with normal access to the device (i.e. 4 digit passcodes or fingerprints)
If you actually read the article, what they said was that nobody was using it, so they killed the feature. Now that it's gone, everybody seems to want it back!
I wonder just how many slashdotters actually have a Kindle. My guess is most go for devices attached to the Google Play Store instead.
Sounds like this is a not so subtle red flag from amazon warning everybody that the (weak) encryption on their devices has been compromised and cannot be fixed.
As mentioned previously, most people do not have pass-codes on their Kindles so I'm not sure what possible use encryption could have on such lowly devices. In any case assume you have been warned, encryption is weak and won't keep your data secret on amazon devices.
I've purchased 5 or 6 Kindles over the years, primarily as a result of loss or breakage. I got a couple of spares when they eliminated the last design with buttons.
In all that time, after having read several hundred books on those devices, I have never yet bought an e-book from Amazon. I still buy a ton of p-books from them, but I get my e-books elsewhere and use Calibre to convert and transfer them.
My Kindles are not allowed to know my wifi password. Along with my smart-tv.
Ignorance killed the cat. Curiosity was framed.
You're thinking too much.
Six months later: "The version of your OS is too outdated to continue, click here to upgrade now!".
Your estimate is off by six months. The forced upgrade was announced today. I just got this email:
important update required for your Kindle e-reader
Your Kindle Keyboard (3rd Generation) requires an important software update to continue downloading e-books and using Kindle services. This important update applies to Kindle e-readers released prior to 2014.
***sigh***. Amazon was very convenient. It is not going to be convenient to ditch them, I live in a very rural area. If you don't count Walmart there are not a lot of shopping options in the area. Despite the inconvenience, the encryption announcement followed by the forced upgrade (with no explanation of why the upgrade is needed) leaves me no choice.
On the plus side, I will probably save a lot of money.
We don't see the world as it is, we see it as we are.
-- Anais Nin
Actually, this is a good point. So if you have an Amazon phone (all four of you), you may well want to start shopping for a new one - probably today.
I'm one of those four (it went nicely with my HP tablet). But I won't dump it (or root it) just yet. The current Fire OS version for the phone is 4.6.6 - which still supports encryption.
Credit card numbers are not on the Kindle. However, your Amazon user ID and passcode is. Which is actually worse.
So if you have an Amazon phone (all four of you), you may well want to start shopping for a new one - probably today.
No need to go shopping; the phone currently uses Fire OS 4.6.6 (last updated in January). Full encryption is available.
the fire phone was dumped. it will never see another software update. there is no fire os update for the phone.
'Never' is a long time, but perhaps you're right. But with the last update only two months old (version 4.6.6), we may have to wait a while for another.
Is there a Morocco Mole?