As an avid reader, I've owned several generations of Kindle devices, from the original to the Paperwhite, and loved each of them.
However, I have also kept a watchful eye on the abuse potential of the new format. Because Amazon technically owns the content you view, they may revoke it at any time. There have been cases of Amazon removing specific books from customer accounts (and kindles). Considerably worse, there are also cases of Amazon revoking user accounts and removing all access to purchased books.
Kindle services leverage reading data to offer some nice features that traditional books can't offer: maintaining bookmarks and notes between devices, keeping all devices synced with the last read page, and more. It also shows ads and recommendations for next books to read on the kindle.
I was curious to know if the Kindle was only sending the data required for these services, or if other data about me was being sent.
Turns out, Kindle Collects a Ton of Data
The Kindle sends device information, usage metadata, and details about every interaction with the device (or app) while it's being used. All of this is linked directly to the reader account.
Opening the app, reading a book, flipping through a few pages, then closing the book sends over 100 requests to Amazon servers.
The Invasive Behavioral Information
Essentially, the Kindle tracks every tap and interaction someone makes while reading.
Every page that is read sends the following information:
- Time a page was opened (when you turn to a new page, a timestamp is generated)
- The first character on the page (This might be something like character 7705 in the book, which is the exact location)
- The last character on the page
- If the page is images or text
Here's a sample record that is sent with every page read:
{
"created_timestamp": 1597743233808,
"payload": {
"context": "Reading",
"continuous_scroll_state": "disabled",
"end_position": 4708,
"is_scrolled_over_span": false,
"span_type": "Text",
"start_position": 4193
},
"schema_name": "kindle_positions_consumed_v2",
"schema_version": 0,
"sent_timestamp": 1597743233855,
"sequence_number": 26
}
Every reading session will also generate a summary of how many pages were read in different modes:
{
"created_timestamp": 1597743255324,
"payload": {
"action_type": "PageTurn",
"book_length": 2003478,
"context": "Reading",
"count": 10,
"navigation_end_location": 7884,
"navigation_mode": "Horizontal",
"navigation_start_location": 3599
},
"schema_name": "reader_in_book_navigation_v2",
"schema_version": 0,
"sent_timestamp": 1597743265854,
"sequence_number": 36
}
Similar data sets are sent for opening the app, whether it is in the background when opened, when a book is opened or closed, and when settings like font size are changed. Highlighting or tapping any word will send the requests with the text to Bing Translate and Wikipedia, as well as back to Amazon.
None of these requests appear to be used for customer features like last read location. Instead, the highlights, last read location, and other information is sent a second time, to a different endpoint, on a periodic basis, with much less granular information.
Each request also isn't sent as soon as it's generated. A number of these records are created and stored locally, then uploaded (note the sequence_number field). Even if a person is offline while reading, this data is stored and sent when reconnected.
Device Information
The Kindle also includes a few more bits of personal information I would rather it didn't:
- Country of residence
- Attempt to get the IP address on the local network (a 10. address, which was incorrect for me)
- device information and version (screen sizes, make and model (iphone vs. Android vs. Kindle), software version
- Good Reads account details
- Device orientation (portrait vs. landscape)
Some of this is likely to help Amazon understand how users use the app, so they can improve it for those use cases. The local IP is the only item on here that bothers me, though I couldn't find any other local network information that would be problematic.
Conclusions
The Kindle is far from the most invasive privacy app I have seen, but it records a lot of behavioral reading information I don't like. I've been trying to get away from the the Kindle ecosystem for the past year or so, and now use Marvin for reading on my iPhone. I no longer use the Kindle device, though I dearly miss e-Ink.
Unfortunately, in order to use a non-Kindle application, I have to buy DRM-Free books. It isn't always easy to find them, though the Kobo bookstore and small niche providers often offer them, and some can even be found on Amazon.