dennisjudd.com

What? Doesn’t everybody cool down their coffee this way?

Yesterday I saw an article on the Wall Street Journal that was titled “Your E-Book Is Reading You“. Now let’s not say I doubted it at all. With the way technology is moving and being shaped by big business we all know how desperate they are to get us on the cloud so they can analyze us to sell us more (or sell that data to other companies for profit). I decided I wanted to find out how often and also figure out a way to capture this traffic so after playing around a bit I managed to do it using this method.

1. Test computer running Vista Ultimate (XP would have worked, just happened to have Vista)
2. Installed a second network card
3. Plug spare wireless AP into second network card
4. Turn on Internet Connection Sharing on the first network card.

That’s it. Then all you have to do is run wire shark on the second card interface and you’ll only see the traffic coming off the wireless AP. Honestly it works pretty well and I can see myself using that setup again in the future for other stuff like Android apps to see what they are doing in the background or even my iPod but for now let’s get back to the Kindle. I fired mine up, set it to use the AP and opened a book…..nothing happened though until I quit the book. The minute I hit the home button I saw a burst of traffic go out to cloudfront.net which is owned by Amazon. It’s encrypted of course so I can’t see what is in it but the point here is at least every time you exit a book a report goes back to Amazon.

I wanted to test something so I loaded up Calibre and created my own *.mobi file from scratch. So what we have here is a non Amazon sourced ebook. I didn’t buy it from them nor did I download it from them. I created it myself to put on a device I purchased not leased. I then put LoremIpsum.mobi on my kindle and repeated the above test. Sure as hell it phone home to Amazon again when I exited it. So now not only is Amazon collecting lord knows what data (it’s encrypted so I can’t read it) they are also getting it on any book I read regardless if I got it from them or not. And they are getting it for free off a device I personally own that they sold me.

Now you can put the device in airplane mode and it does block it but the minute you take it out it not only dumps it there is also a bunch of other traffic which i’m assuming is a firmware check, ad download, etc. A list of the domains is:

cde-g7g.amazon.com
todo-g7g.amazon.com
dogvgb9ujhybx.cloudfront.net (saw this on the first pcap)
device-messaging-na.amazon.com
pins.amazon.com

Now I’m not going to snap my kindle in half or move into a Faraday cage (although that’s not a bad idea) but to actually see how persistent the Kindle is about getting this data to Amazon is a little unsettling. I can appreciate the benefit to Amazon and publishers but this should be an “opt-in” option and not an automatic one. Plus I don’t know what the heck they are even getting. Is it just the book name or is more granular than that…..I dunno cause they don’t even talk about it in the at all. And on top of that it doesn’t limit itself to books purchased from Amazon as proven by my LoremIpsum.mobi test because I created that myself from scratch! It’s a brave new world indeed.

Here are the pcaps:
kindle_wifi_airplane_mode_off

kindle_wifi_normal_mode