-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<!-- 2009-07-08 --><a href="http://www.willhackforsushi.com/">Josh Wright</a> recently purchased a new Kindle. Surprisingly, when he downloaded one of his books onto the new Kindle, it offered to <em>open it to the page where he had left off on his old Kindle.</em>  In other words, Amazon tracked not just the books he was reading, but specifically which sections of the book he was looking at.

Josh (author of SANS' excellent <a href="http://www.sans.org/training/description.php?tid=2397">Wireless Ethical Hacking</a> class) eloquently describes his encounter and privacy concerns below:

<a href="http://philosecurity.org/wp-content/uploads/2009/07/photo.jpg"><img src="http://philosecurity.org/wp-content/uploads/2009/07/photo-200x300.jpg" alt="kindle" title="kindle" width="200" height="300" class="right size-medium wp-image-1927" /></a><em>"When I started my DX for the first time, I saw an entry "Archived Items", which was all the books I had previously purchased.  When I downloaded my copy of "ZigBee Wireless Networks and Transceivers" on the DX, I was surprised to see it open on the page where I had left off on my previous Kindle.

"Thinking it through, it makes sense: Amazon knew the e-book market would expand to multiple readers, and they added the functionality to synchronize to the last page read, apparently with a firmware update to the Kindle 1st gen right before the 2nd gen was released.  I recently grabbed the Kindle app from the Apple iPhone store, and it prompted me to sync to the last page read on the identified device (see <a href="http://philosecurity.org/wp-content/uploads/2009/07/photo.jpg">screenshot</a>).

"My problem with this situation is this: how is Amazon using this information?  Knowing what page I'm currently reading on my e-book could be useful marketing for them, but a significant privacy concern for me.  Amazon is able to determine what pages I've read and which I've skipped (useful feedback for a publisher, should Amazon decide to sell to that market).  They can determine the pages I've re-read (such as the hacking U3 drives section in my Kindle copy of Hacking Exposed), which could potentially be used against me as evidence in a court of law, for example.  They could even monitor how much time I spend reading, and when (useful information for an employer who might want to know when their employees are slacking off and not working).

"I'd like to find out what Amazon's privacy policy is about this data, and what they are retaining long-term.  Do they record only the last page read for each of my books, purging this information after a period of time, or is it more nefarious?"</em>
<br>
Josh Wright is the author of SANS 617 - <a href="http://www.sans.org/training/description.php?tid=2397"><em>Wireless Ethical Hacking</em>.</a>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.5)

iEYEARECAAYFAkpU6iIACgkQSAUOoW73R4yrqgCffzWOYHg1f3S0OyTJCUvETctO
1GwAoIX8QwooOq/xr9CEC0+cOXRtJc4d
=a7IY
-----END PGP SIGNATURE-----