Warning: *privacy not included with this product
Review date: Nov. 9, 2022
Remember when you actually read books? Back before the days of Twitter and Netflix and your 17-second attention span. The Kindle -- Amazon now offers the Kindle, Kindle Paperwhite, Kindle Oasis, and Kindle Kids -- could be just the thing to get your brain back into book-reading shape. Because that's really all the Kindle does--books. No videos or apps or web surfing. Just books. What a novel idea!
What could happen if something goes wrong?
Amazon proudly states they are not in the business of selling your personal information to others. True. But, Amazon doesn’t need to sell your data to others when they have their own advertising and retail juggernaut to use your data to sell you more stuff. Because Amazon is in the business of selling you more stuff. And it’s not just Amazon hoping to sell you stuff. Amazon has a whole program for others to sell you stuff on on their sites too. And those sellers get to use that data Amazon collects on you to target you with the stuff they want to sell. So, while Amazon might not be in the business of selling your personal information, they are in the business of selling access to your information to others to target ads to sell you more stuff.
And to do this, Amazon likes to collect an enormous amount of data on you. Things like: records of your shopping habits, the books you read, the TV shows you watch and when you watch them, the music you stream, the podcasts you listen to, you Alexa search requests, when you turn your lights on and off, when you lock your doors, identifiers such as your name, address, phone numbers, or IP address, your age, gender, your location, audio and visual information like those Alexa-requests or photos you take, the names and numbers of people listed in your contacts. The list goes on and on and on.
And what do they do with all that personal information they collect on you? Well, they use it to target you advertising, of course. Lots and lots of advertising. They do say they don’t use information that personally identifies you to display interest-based ads (of course, we have to trust them on this). They also use your personal information to identify your preferences and personalize products and services to keep you using those products and services as much as possible. And they say they can share that personal information with a number of third parties.
And when we say a number, we don’t exactly know how many third parties because Amazon doesn’t share that information. We must assume it’s a lot of third parties because they say they can share your data with everyone from all the companies they use to provide third party services. That means the companies that do things like help them with marketing, manage credit risk, analyze data, send mail and email, and more. Then there’s the third parties that offer services, products, apps, and Alexa skills through Amazon Services. And then there’s the business affiliates and other companies Amazon buys that could get access to your data too. Given that Amazon is a vast empire -- think Ring, Blink, Eero, Whole Foods, and beyond -- that’s potentially a lot of places your data could end up.
Let’s talk for a minute about Alexa itself. While your Kindle doesn't come with Alexa built-in (yay!), nearly everything else Amazon sells comes with their helpful artificial intelligence as part of the package -- including everything from your Echo Dot smart speaker to your headphones to your thermostat. And Alexa comes with its own set of questions and concerns. Amazon does make it possible to automatically delete voice recordings immediately after they are processed. That's a nice feature after the controversy around human reviewers listening in to Alexa voice recordings. However, Amazon says when you delete your voice recordings, they still can keep data of the interactions those recordings triggered. So, if you buy a pregnancy test through Amazon Alexa, Amazon won't forget you bought that pregnancy test just because you ask them to delete the voice recording of that purchase. That record of the purchase is data they have on you going forward and may use to target you with ads for more stuff.
And then there are Alexa Skills, those little apps you use to interact with Alexa. These Skills can be developed by just about anyone with the, uhm, skill. And with too many of the Skills, third-party privacy policies are misleading, incomplete, or simply nonexistent, according to one recent study. When your data is processed by an Alexa Skill, deleting your voice recordings doesn’t delete the data the developer of that Skill collects on you. With over 100,000 Alexa Skills out there, many of them developed by third parties, now your data is floating around in places you might never have imagined.
Oh, let’s not forget Amazon’s track record at protecting and respecting their customers' data. That raises some red flags too. Here are a few of the problems we’ve seen over the last few years. There’s the Amazon employee who was caught stealing the personal information of over 100 million CapitolOne customers. And that’s not the only time Amazon employees with access to lots of customer data were caught leaking customers personal information. It’s happened quite a few times, actually. And then there’s the Alexa security bug that opened the door for hackers to potentially access users personal information and even their conversation history. These are some of the known privacy and security issues Amazon has had (there could be more unknown ones as well). And we get it, Amazon is a huge company with many products and employees and it’s impossible to secure everything's 100% of the time. But that’s the point. When you collect such a vast amount of personal information on people, you’ve got to be super, duper, extra careful to secure it everywhere, all the time. Amazon has shown they can’t always do that.
So, what’s the worst that could happen? The Kindle eReader actually feels like a fairly safe product. There's no Alexa built in, so you don't need to worry about voice requests being tracked or Alexa skills snooping on you. You can read with both WiFi and Bluetooth turned off. Just be sure you set up a passcode if you travel with this device to protect it from getting stolen and someone buying lots of books on your Amazon account. We do suppose it's possible Amazon could learn all about what books you like to read, only show you romance novels in your shopping recommendations, you read way too many romance novels, develop an unrealistic world view on romantic relationships, nothing ever lives up to those unrealistic expectations, so you live your whole life alone. OK, that's not likely to happen (we hope!). And if you want Amazon to stop trying to sell you more stuff like more romance novels, you can (and should!) opt-out of data collection and processing. Because while Amazon doesn't sell your personal information, they sure do use the heck out of it to target you with more stuff to buy.
One more note on Amazon from a privacy researcher’s point of view. Trying to read through Amazon’s crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and privacy documentation for their vast empire is a nightmare. There are so many documents that link to other documents that link back even more documents that understanding and making sense of Amazon’s actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Amazon’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Amazon do better when it comes to making their privacy policies accessible to the consumers they impact.
Tips to protect yourself
- Review your privacy setting and opt out of as much data collection and processing as you feel comfortable with.
- Remember that Amazon privacy preferences are device specific, so you need to set your privacy preferences on all your Amazon devices individually. What, you had nothing better to do this weekend, right?
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
Can it snoop on me?
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.
In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.
In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.
In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorythm.
In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Amazon has a complicated and difficult to navigate mess of privacy policies, privacy notices, privacy FAQs, and other privacy information.
Links to privacy information
Does this product meet our Minimum Security Standards?
Uses encryption in transit and at rest.
Password-protected Amazon account is needed to set up a Kindle
Amazon has a bug bounty program.
Tour Amazon’s dream home, where every appliance is also a spyThe Washington Post
I Want You Back: Getting My Personal Data From Amazon Was Weeks of Confusion and TediumThe Intercept
Here’s How Amazon Tracks You in 2022 (and how to stop them)All Things Secured
Amazon Alexa Voice Data Tracking Might Lead To Privacy Issues; How To Prevent It?Tech Times
Amazon demonstrates Alexa mimicking the voice of a deceased relativeCNBC
Does Amazon Sell Your Personal Information?DeleteMe
Column: Do you really want Amazon’s new drugstore knowing your medical condition?Los Angeles Times
Amazon Data Breaches: Full Timeline Through 2022Firewall Times
Alexa records you more often than you thinkVox
Why Amazon is tracking every time you tap your KindleThe Verge
What type of data does Amazon collect from Kindles?Good E-Reader
Privacy Settings FAQs for Fire TV streaming media players, Fire TV Edition devices, Fire tablets and Kindle e-readersAmazon
Got a comment? Let us hear it.