Wireless Privacy Loss++; Amazon Kindle

Kindle DX

Kindle DX

Fellow hacker and all-around rock-star Sherri Davidoff and I have been chatting lately about a new form of privacy loss from Amazon in the form of the Kindle.

I’m a big Kindle user, and I love having a good deal of my tech library with me on the Kindle DX when I travel. When I’m on-site with a customer and want to reference something from the Database Hacker’s Handbook, for example, I can buy and download it in a minute. The alternative is to find a Border’s, drive there, buy the book, drive somewhere else because the first store didn’t have it, drive back to the customer and waste precious on-site engagement time. With the ability to read full 8.5×11 PDF’s as well (the ZigBee-2007 PDF is keeping me busy at the moment), it’s well worth the cost of the unit.

However, it turns out that the Kindle keeps track of what you read. Presumably, this is just for synchronizing your last-read page across e-readers, but I suspect a company that recognizes the value of customer information such as Amazon wouldn’t let this be the only thing they collect about their e-book users.

Check out Sherri’s post on this topic on philosecurity.com.

Privacy loss often comes in convenient forms; TiVO cataloging each second of TV you watch and skip, the Nike+iPod leaving a RF breadcrumb trail for where you go and who you associate with and many other examples. If anyone knows what Amazon’s policy is on the information they collect about Kindle users, I’d love to hear it.

Also check out my presentation from SANS 2009 titled “Privacy Loss in a Pervasive Wireless World.”