Amazon Kindle

Warning: *privacy not included with this product

Amazon Kindle

Amazon
Wi-Fi Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

Remember when you actually read books? Back before the days of Twitter and Netflix and your 17-second attention span. The Kindle -- Amazon now offers the Kindle, Kindle Paperwhite, Kindle Oasis, Kindle Scribe, and Kindle Kids -- could be just the thing to get your brain back into book-reading shape. Because that's really all the Kindle does--books. No videos or apps or web surfing. Just books. What a novel idea!

What could happen if something goes wrong?

Amazon proudly states they are "not in the business of selling your personal information to others." True. But, Amazon doesn’t need to sell your personal information to others when they have their own retail and advertising juggernaut to use your data to sell you more stuff. Because Amazon is in the business of selling you more stuff. And it’s not just Amazon hoping to sell you stuff. Amazon has a whole program for others to sell you stuff on on their sites too. And those sellers get to use that data Amazon collects on you to target you with the stuff they want to sell. So, while Amazon might not be in the business of selling your personal information, they are in the business of collecting as much of your personal information as they can, then selling access to that personal information to others to target you with ads to sell you more stuff.

And to do this, Amazon likes to collect an enormous amount of data on you. Things like: records of your shopping habits, Alexa search requests, the books you read, the TV shows you watch and when you watch them, the music you stream, the podcasts you listen to, when you turn your lights on and off, when you lock your doors, identifiers such as your name, address, phone numbers, or IP address, your age, gender, your location, audio and visual information like those Alexa-requests or photos you take, the names and numbers of people listed in your contacts. The list goes on and on and on. And Amazon's Fire TV can collect a whole lot of data on your device usage, app usage, and over-the-air viewing data.

And what do they do with all that personal information they collect on you? Well, they use it to target you with advertising, of course. Lots and lots of advertising. They do say they don’t use information that personally identifies you to display interest-based ads (of course, we have to trust them on this, which, given their track record, might not be a wise thing to do). They also use your personal information to identify your preferences and personalize products and services to keep you using those products and services as much as possible. And they say they can share that personal information with a number of third parties.

And when we say a number, we don’t exactly know how many third parties because Amazon doesn’t share that information. We must assume it’s a lot of third parties because they say they can share your data with everyone from all the companies they use to provide third party services. That means the companies that do things like help them with marketing, manage credit risk, analyze data, send mail and email, and more. Then there’s the third parties that offer services, products, apps, and Alexa skills through Amazon Services. And then there’s the business affiliates and other companies Amazon buys that could get access to your data too. Given that Amazon is a vast empire -- think Ring, Blink, Eero, Whole Foods, and beyond -- that’s potentially a lot of places your data could end up.

Let’s talk for a minute about Alexa itself. While your Kindle doesn't come with Alexa built-in (yay!), nearly everything else Amazon sells comes with their AI as part of the package -- including everything from your Echo Dot smart speaker to your headphones to your remote control. And Alexa comes with its own set of questions and concerns. Amazon does make it possible to automatically delete voice recordings immediately after they are processed. That's a nice feature after the controversy around human reviewers listening in to Alexa voice recordings. However, Amazon says when you delete your voice recordings, they still can keep data of the interactions those recordings triggered. So, if you buy a pregnancy test through Amazon Alexa, Amazon won't forget you bought that pregnancy test just because you ask them to delete the voice recording of that purchase. That record of the purchase is data they have on you going forward and may use to target you with ads for more stuff.

And then there are Alexa Skills, those little apps you use to interact with Alexa. These Skills can be developed by just about anyone with the, uhm, skill. And with too many of the Skills, third-party privacy policies are misleading, incomplete, or simply nonexistent, according to one recent study. When your data is processed by an Alexa Skill, deleting your voice recordings doesn’t delete the data the developer of that Skill collects on you. With over 100,000 Alexa Skills out there, many of them developed by third parties, now your data is floating around in places you might never have imagined.

Oh, let’s not forget Amazon’s terrible, awful, no-good track record at protecting and respecting their customers' data. So far in 2023 alone, Amazon has been been charged by the FTC in the US for violating children's privacy laws by keeping kids voice recordings and location data for years and undermining parent's deletion requests of their kids data. This resulted in Amazon agreeing to pay a $25 million penalty. Then Amazon got sued by the FTC for enrolling people in Amazon Prime without their consent and then making it way too hard to cancel the subscription. Amazon also had to settle with the FTC again for $5,8 million for poor privacy and security in their Ring cameras that let employees spy on customers through the cameras. Shoot, last year we here at *Privacy Not Included found a security vulnerability in Ring cameras and reported to Amazon to fix. They, so far as we can tell, have done nothing to fix this security issue. All this and then in September, 2023 the FTC and 17 US state Attorneys General sued Amazon for "illegally maintaining monopoly power."

That's all just in 2023 alone. If you look back further, you'll find more Amazon issues. There’s the Amazon employee who was caught stealing the personal information of over 100 million CapitolOne customers. And that’s not the only time Amazon employees with access to lots of customer data were caught leaking customers personal information. It’s happened quite a few times, actually. And then there’s the Alexa security bug that opened the door for hackers to potentially access users personal information and even their conversation history. These are some of the known privacy and security issues Amazon has had (there could be more unknown ones as well). And we get it, Amazon is a huge company with many products and employees and it’s impossible to secure everything 100% of the time. But that’s the point. When you collect such a vast amount of personal information on people, you’ve got to be super, duper, extra careful to secure it everywhere, all the time. Amazon has shown they can’t always do that.

So, what’s the worst that could happen? The Kindle eReader actually feels like a fairly safe product -- unfortunately, it's also an Amazon product and Amazon is just plain bad at privacy. There's no Alexa built in, so you don't need to worry about voice requests being tracked or Alexa skills snooping on you. You can read with both WiFi and Bluetooth turned off. Just be sure you set up a passcode if you travel with this device to protect it from getting stolen and someone buying lots of books on your Amazon account. We do suppose it's possible Amazon could learn all about what books you like to read, only show you romance novels in your shopping recommendations, you read way too many romance novels, develop an unrealistic world view on romantic relationships, nothing ever lives up to those unrealistic expectations, so you live your whole life alone. OK, that's not likely to happen (we hope!). And if you want Amazon to stop trying to sell you more stuff like more romance novels, you can (and should!) opt-out of some data collection and processing. So yeah, while Amazon doesn't sell your personal information, they sure do use the heck out of it to target you with more stuff to buy.

One more note on Amazon from a privacy researcher’s point of view. Trying to read through Amazon’s crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and privacy documentation for their vast empire is a nightmare. There’s so many documents that link to other documents that link back even more documents that understanding and making sense of Amazon’s actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Amazon’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Amazon do better when it comes to making their privacy policies accessible to the consumers they impact.

Tips to protect yourself

  • Chose a strong password!
  • Use your device privacy controls to limit access to your personal information
  • Keep your Kindle regularly updated
  • Request that your data be deleted
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: N/A

Microphone

Device: No

App: N/A

Tracks location

Device: Yes

App: N/A

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product for sharing personal data including geolocation, age, race, gender, sexual orientation, or other protected classifications; and combining data about you with data it receives from third parties.

Amazon.com Privacy Notice

"Examples of information we receive from other sources include:
<...>
- account information, purchase or redemption information, and page-view information from some merchants with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising, or other services;
- information about your interactions with products and services offered by our subsidiaries;
- search results and links, including paid listings (such as Sponsored Links);
- information about internet-connected devices and services linked with Alexa; and
- credit history information from credit bureaus, which we use to help prevent and detect fraud and to offer certain credit or financial services to some customers."

"Advertising. We use your personal information to display interest-based ads for features, products, and services that might be of interest to you. We do not use information that personally identifies you to display interest-based ads. To learn more, please read our Interest-Based Ads notice."

"Third-Party Advertisers and Links to Other Websites: Amazon Services may include third-party advertising and links to other websites and apps. Third-party advertising partners may collect information about you when you interact with their content, advertising, and services. For more information about third-party advertising at Amazon, including interest-based ads, please read our Interest-Based Ads notice."

"Use of Third-Party Advertising Services: We provide ad companies with information that allows them to serve you with more useful and relevant Amazon ads and to measure their effectiveness. We never share your name or other information that directly identifies you when we do this. Instead, we use an advertising identifier like a cookie, a device identifier, or a code derived from applying irreversible cryptography to other information like an email address."

"We provide ad companies with information that allows them to serve you with more useful and relevant Amazon ads and to measure their effectiveness. We never share your name or other information that directly identifies you when we do this. Instead, we use an advertising identifier like a cookie, a device identifier, or a code derived from applying irreversible cryptography to other information like an email address. "

"Examples of information we receive from other sources include:
updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily;
account information, purchase or redemption information, and page-view information from some merchants with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising, or other services;
information about your interactions with products and services offered by our subsidiaries;
search results and links, including paid listings (such as Sponsored Links);
information about internet-connected devices and services linked with Alexa; and
credit history information from credit bureaus, which we use to help prevent and detect fraud and to offer certain credit or financial services to some customers."

Additional State-Specific Privacy Disclosures

"In the twelve months prior to the effective date of this Disclosure, Amazon has not sold any personal information of consumers, as those terms are defined under the California Privacy Rights Act."

"The personal information that Amazon disclosed to the third parties <...> in the twelve months prior to the effective date of this Disclosure falls into the following categories <...>:
- identifiers such as your name, address, phone numbers, IP address, or a government identifier <...>;
- personal information, such as a credit card number or other payment information <...>;
- information that may reveal age, gender, race, sexual orientation, or other protected classifications <...>;
- commercial information <...>;
- internet or other electronic network activity information, <...>;
- geolocation data, which may constitute precise geolocation data <...>;
- audio or visual information <...>;
- education information <...>;
- professional information <...>; and
- inference data <...>"

"Any personal information Amazon may have shared for the purpose of cross-context behavioral advertising <...> in the twelve months prior to the effective date of this Disclosure falls into the following categories:
- identifiers such as a cookie, a device identifier, or a code derived from applying irreversible cryptography to other information like an email address; we never share your name or other information that directly identifies you.
- internet or other electronic network activity information <...>.
- inference data; <...>, we may share an advertising identifier and an estimate of the value of the ads they show you on our behalf so they can serve you with more effective Amazon ads."

Alexa and Alexa Device FAQs

While voice recordings won't be used for ad personalization, the transcripts of recordings, and the list of actions that Alexa did in response to your voice commands, may be.

"We may still retain other records of your Alexa interactions, including records of actions Alexa took in response to your request. This allows us, for instance, to continue to provide your reminders, timers, and alarms, process your orders, remember the things you've taught Alexa, and show your shopping and to-do lists and messages sent through Alexa Communications."

"Alexa uses your voice recordings and other information, including from third-party services, to answer your questions, fulfill your requests, and improve your experience and our services. We associate your requests with your Amazon account to allow you to review your voice recordings, access other Amazon services (e.g. so you can ask Alexa to read your Kindle books and play audiobooks from Audible), and to provide you with a more personalized experience. For example, keeping track of the songs you have listened to helps Alexa choose what songs to play when you say, "Alexa, play music." At times, Alexa can provide you with recommendations based on your requests. For example, Alexa may recommend Alexa skills you might like based on the Alexa skills you use."

How can you control your data?

We ding this product as it is unclear if all users regardless of location can get their data deleted. Also, interest-based ads are delivered in an opt-out fashion.

"In addition, to the extent required by applicable law, you may have the right to request access to or delete your personal information."

"We keep your personal information to enable your continued use of Amazon Services, for as long as it is required in order to fulfill the relevant purposes described in the Amazon Privacy Notice, as permitted or as may be required by law, or as otherwise communicated to you. For example, we retain your transaction history so that you can review past purchases (and repeat orders if desired) and what addresses you have shipped orders to, and to improve the relevance of products and content we recommend."

"To manage your preferences for third parties and reset your Alexa Advertising IDs, visit Settings > Alexa Privacy > Manage Skill Permissions and Ad Preferences in the Alexa app and Echo Show devices or https://www.amazon.com/alexaprivacysettings. Even if you turn this setting off, developers and content providers will still receive Alexa Advertising IDs for other purposes, such as reducing ad repetition and fraud detection, but you can reset your Alexa Advertising IDs at any time."

"You can also choose whether to receive interest-based ads delivered by Amazon on Alexa. If you choose not to receive interest-based ads from Amazon, you may still receive personalized recommendations and other similar features. You will still receive ads provided by Amazon, but they will not be based on your interests. You can manage this setting at Settings > Alexa Privacy > Manage Your Alexa Data in the Alexa app and Echo Show devices or https://www.amazon.com/alexaprivacysettings."

What is the company’s known track record of protecting users’ data?

Bad

In September 2023, FTC filed a lawsuit against Amazon for illegally maintaining monopoly power.

In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.

In June 2023. the FTC took action against Amazon for "for its years-long effort to enroll consumers into its Prime program without their consent while knowingly making it difficult for consumers to cancel their subscriptions to Prime."

In June 2023, Mozilla published a major security vulnerability in the Amazon Ring Video Doorbell. Amazon has still not fixed this security vulnerability.

In March 2023, FTC and DOJ charged Amazon with violating Children’s Privacy Law by keeping kids’ Alexa voice recordings forever and undermining parents’ deletion requests.

In 2023, the company also agreed to pay $5.8 million in customer refunds for alleged privacy violations involving its doorbell camera Amazon Ring.

In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.

In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).

In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.

In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.

In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorythm.

In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.

Child Privacy Information

"Amazon does not sell products for purchase by children. We sell children's products for purchase by adults. If you are under 18, you may use Amazon Services only with the involvement of a parent or guardian. We do not knowingly collect personal information from children under the age of 13 without the consent of the child's parent or guardian. For more information, please see our Children's Privacy Disclosure."

Can this product be used offline?

No

User-friendly privacy information?

No

Amazon has a complicated mess of various privacy policies, privacy hubs, FAQs, and Advertising Preference pages, and more that is difficult to find, navigate, read, and understand.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

Password-protected Amazon account is needed to set up a Kindle

Security updates

Yes

Manages vulnerabilities

Yes

Amazon has a bug bounty program.

Privacy policy

Yes

Does the product use AI? information

Yes

Alexa provides some information about its AI at the Alexa FAQ and the Amazon Science webpages: https://www.amazon.com/gp/help/customer/display.html?nodeId=201602230 https://www.amazon.science/tag/alexa

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Amazon Alexa uses natural language processing to understand you and to generate answers to your requests.

Is the company transparent about how the AI works?

Yes

Does the user have control over the AI features?

Yes

*privacy not included

Dive Deeper

  • Mozilla Publishes Ring Doorbell Vulnerability Following Amazon’s Apathy
    Mozilla Foundation Link opens in a new tab
  • Hey, Alexa! What are you doing with my data?
    Federal Trade Commission Link opens in a new tab
  • FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion Requests
    Federal Trade Commission Link opens in a new tab
  • Amazon settlements highlight concerns about digital privacy protections
    Yahoo! News Link opens in a new tab
  • FTC Takes Action Against Amazon for Enrolling Consumers in Amazon Prime Without Consent and Sabotaging Their Attempts to Cancel
    Federal Trade Commission Link opens in a new tab
  • Amazon to Pay $25 Million to Settle Children’s Privacy Charges
    NY Ties Link opens in a new tab
  • FTC Sues Amazon for Illegally Maintaining Monopoly Power
    Federal Trade Commission Link opens in a new tab
  • Amazon to Pay $30M for Ring and Alexa Privacy Violations: Tips for Protecting Your Smart Home Data
    CNet Link opens in a new tab
  • Tour Amazon’s dream home, where every appliance is also a spy
    The Washington Post Link opens in a new tab
  • I Want You Back: Getting My Personal Data From Amazon Was Weeks of Confusion and Tedium
    The Intercept Link opens in a new tab
  • Here’s How Amazon Tracks You in 2022 (and how to stop them)
    All Things Secured Link opens in a new tab
  • Amazon Alexa Voice Data Tracking Might Lead To Privacy Issues; How To Prevent It?
    Tech Times Link opens in a new tab
  • Amazon demonstrates Alexa mimicking the voice of a deceased relative
    CNBC Link opens in a new tab
  • Does Amazon Sell Your Personal Information?
    DeleteMe Link opens in a new tab
  • Column: Do you really want Amazon’s new drugstore knowing your medical condition?
    Los Angeles Times Link opens in a new tab
  • Amazon Data Breaches: Full Timeline Through 2022
    Firewall Times Link opens in a new tab
  • Alexa records you more often than you think
    Vox Link opens in a new tab
  • Why Amazon is tracking every time you tap your Kindle
    The Verge Link opens in a new tab
  • What type of data does Amazon collect from Kindles?
    Good E-Reader Link opens in a new tab
  • Privacy Settings FAQs for Fire TV streaming media players, Fire TV Edition devices, Fire tablets and Kindle e-readers
    Amazon Link opens in a new tab

Comments

Got a comment? Let us hear it.