Please note that the modification/patch doesn't work on the K2i. [note added by moderator]

There is some functionality in Kindle firmware which I consider violating user privacy and I intend this thread to provide information on how to disable such stuff.

Regular system log upload to Amazon servers. Kindle firmware is quite chatty even in a normal mode (;debugOn enables much more print outs). Here is a sample syslog output showing what kind of info Amazon regulary receives from your Kindle:

090719:144532 cvm[26415]: I BookletManager:SwitchingBooklets:from=Home,to=Book worm:
090719:144532 cvm[26415]: I Reader:BOOK INFO:title=Kindle DX User's Guide,authors=Amazon.com,ASIN=B0026P3LTE,content type=ebook,publisher=Amazon.com,publication date=4/25/2008,sorted title=Kindle DX User's Guide,display authors=Amazon.com,length=MobiPosition_ 211399,last access=1980-01-01 00.00.00 +0000,last read position=MobiPosition_ 12977,isEncrypted=false,isSample=false,isNew=false ,path=/mnt/us/documents/Kindle_Users_Guide.azw,isTTSMetdataPresent=false,i sTTSMetadataAllowed=true:
090719:144534 cvm[26415]: I ReaderGUI:SWITCH VIEW:name=com.amazon.ebook.booklet.reader.gui.lf:


Here is another interesting piece of info from the logs sent to Amazon:
090719:161519 wand[1661]: I e725:diag: t=4a644ff6,SID=4183,NID=87,
Base ID=744,Network Svc Type=EVDO,Bars=5,
Latitude=37.321441,Longitude=-122.030612,
RSSI dBm=-125,Active Set EC IO dBm=-31.500000,Active Set PN Offsets=264,
HDR Latitude=37.334167,HDR Longitude=-122.031113,
EVDO RSSI dBm=-65,ASET Pilot Energy=-0.53,
HDR Active Set PN Offsets=264,DRC=2,n=1:


If you don't want Amazon to know what you are reading, where you are or know that you are exploring their device, there is a simple way to disable sending anything. Script responsible for packaging this information is /usr/bin/showlog. Here is a simple patch you can use:

--- showlog 2009-05-08 17:22:51.000000000 -0700
+++ showlog_none 2009-07-19 14:44:08.000000000 -0700
@@ -188,8 +188,8 @@
echo $OLDEST | awk '{ printf "%08d", $1 }' > $LASTFILESENT
fi
fi
- print_stream_header $NUMFILES
- print_gzip_files $ALLFILES
+ print_stream_header 0
+ print_gzip_files ""
else
ALLFILES=`ls -1 $ARCHIVE_DIR/${LOG}_*.gz | xargs`
if [ -n "$ALLFILES" ]; then


In other words, just change lines 191/192 to use 0 instead of $NUMFILES and "" instead of $ALLFILES. This will cause this script to send empty payload to Amazon.

I don't have a Kindle, but if I did, I'd definitely be using your update.

Thanks for sharing!

It is really a shame that Amazon is allowing our Kindles to upload this kind of personal information without our permission. Ebs, thank you very much for investigating this and providing a patch.

-robert

Here is some information about "todo" server.

Periodically Kindle connects to a special "todo" web service and downloads list of items it then "executes". These items can be download/upload requests (to get a new book you just bought, upload syslog, etc), there is also a delete request (this is what I think was used in the recent debacle)... Firmware updates are probably also pushed this way.

Default location is https://todo-g7g.amazon.com/FionaTodoListProxy.
Kindle uses "getItems" request to download "todo"list:
https://todo-g7g.amazon.com/FionaTodoListProxy/getItems?software_rev=337560062&device_lto=-420&count=10&prl_rev=402
When all items are processed, "removeItems" request is used to clean-up todo list.

You can completely disable this functionality (although I don't recommend this) by redirecting all requests to some other location. I chose to direct all requests to a fake server running on my host which
emulates (to a some extent) standard Amazon services. To do this, edit /opt/amazon/ebook/config/framework.mario.conf:

These are my changes (CDE_SERVER and uploadServer point to another webservices - metadata sync/download and upload servers).

TODO_SERVER : http://192.168.2.1/FionaTodoListProxy/
CDE_SERVER : http://192.168.2.1/FionaCDEServiceEngine/
uploadServer : http://192.168.2.1/DeviceEventProxy/


Also, edit HTTP_NON_PROXY_HOST, otherwise firmware will go through amazon proxy:
HTTP_NON_PROXY_HOST : *.amazon.com|*.images-amazon.com|192.168.2.1


Now, you can use your fake webservice (I used lighthttpd + simple bash CGI scripts) to feed real data after you reviewed it. To get it, use default URLs with your favorite web browser with client SSL certificate assigned to your Kindle (this is how Amazon authenticates you). You can find that certificate in /var/local/java/prefs/certs. Install it into your browser (use password "pass"). BTW, with this approach you can have a Kindle-like software running on your PC, although Amazon can always disable such access if it wants to.

Somebody can even write a simple http/https proxy running locally on Kindle doing some kind of filtering :).

Personally, I don't really care about Amazon deleting my books (I always make sure I take full control of stuff I buy from them - nothing can compete with good old backups :)), my only worry is unexpected firmware update which can interfere with my hacking.
However, I have proof of concept hack that disables remote ebook removal, I've been running it since last weekend and it doesn't seem to break anything for me. I can post firmware update here if somebody thinks it will be useful.

If you don't want Amazon to know what you are reading, where you are or know that you are exploring their device, there is a simple way to disable sending anything.

You said it, they act like it is their device, and you're just being allowed to use it.

You said it, they act like it is their device, and you're just being allowed to use it.

Well, I'm not a fan of conspiracy theories and I don't think there are any evil intentions. That syslog upload thing is probably a diagnostic feature, however this doesn't change a fact that they do receive this kind of information and I don't really feel like sharing this stuff with some Amazon engineer. I hope it is still a learning process for them, we'll see...

I'm not a conspiracy theorist either, but they really are doing very little to make it seem like it is actually yours.

As I described previously, "todo" server pushes download requests to Kindle, firmware update files are automatically downloaded to the user partition and later applied when Kindle goes to sleep.

If you want to disable automatic update "execution", change /usr/bin/process_update script:

--- process_update~orig 2009-07-25 22:08:55.000000000 -0700
+++ process_update 2009-07-25 22:41:11.000000000 -0700
@@ -39,9 +39,7 @@
exit 0
fi

- # Start updatewait in background and exit
- ${_UPDATE_WAIT} &
- msg "Started ${_UPDATE_WAIT}" I
+ msg "Auto updates are disabled, exiting..." I
exit 0
fi

Note that manual updates are not disabled - you can still apply downloaded updates from UI.

If you want to disable automatic update "execution", change /usr/bin/process_update script:

Thanks again ebs. This seems like a good idea. I've made the change to my unit. I'd hate to lose shell access due to an automatic firmware update.

Many thanks EBS.

Now if you discover the registration info (that confirms the device has been activated once on whispernet) on your firmware travels I will be forever in your debt

Well, registration is done through Amazon webservice, so it's not just some piece of data on Kindle, it's also a record at Amazon. I think you have to go through this process if you really want you Kindle to be registered - no amount of local hacking will do this.

As far as I can tell, there is very little on Kindle which is device specific - serial number written in NOR flash, SSL client certificate signed by Amazon (probably Kindle downloads it during registration process) and some simple text file that tells UI that Kindle is indeed registered.

Ebs,

Can you tell us which file is the COMMS log, the one with the Base ID etc?

How does one apply the patch?

Thanks!

Do the logs only contain information about content you downloaded from Amazon? Does the Kindle also log data (and send said data to Amazon) regarding, for instance, a random text file you put on your Kindle?

Great thread, but answers to the questions asked in the last few posts would be really nice :)

I'm trying to understand the syntax in the Kindle syslog file. From my deciphering, it looks like the sample syslog file identifies both the Kindle location and the cell tower location. It appears that the Kindle has recorded a connection with a cell tower at the "HDR Lat/Long" coordinates -- I used cellreception.com to identify a cell site owned by Nextel, probably leased to Sprint -- and the device coordinates locating the Kindle to a point near 20450 Stevens Blvd., in Cupertino, CA.

Does this makes sense? Can someone capture and post a similar logfile?

090719:161519 wand[1661]: I e725:diag: t=4a644ff6,SID=4183,NID=87,
Base ID=744,Network Svc Type=EVDO,Bars=5,
Latitude=37.321441,Longitude=-122.030612,
RSSI dBm=-125,Active Set EC IO dBm=-31.500000,Active Set PN Offsets=264,
HDR Latitude=37.334167,HDR Longitude=-122.031113,
EVDO RSSI dBm=-65,ASET Pilot Energy=-0.53,
HDR Active Set PN Offsets=264,DRC=2,n=1:

Do you need the Usbnetwork hack to apply these hacks? How does one apply these?

Do the logs only contain information about content you downloaded from Amazon? Does the Kindle also log data (and send said data to Amazon) regarding, for instance, a random text file you put on your Kindle?

I second this question as well.

Do the logs only contain information about content you downloaded from Amazon? Does the Kindle also log data (and send said data to Amazon) regarding, for instance, a random text file you put on your Kindle?

I second this question as well.

From what I can tell as a customer, yes; but with a caveat. If you have highlighted or notated a non-Amazon book, Amazon will retain a copy of those notes and underlinings. Otherwise, when you delete a non-Amazon book, it disappears altogether.

I am speaking here of what is available for me as a customer to see when I log into my Amazon account. Now, whether Amazon maintains secret records on its customers, I can't say.

Thanks for the information guys and for trying to answer those questions.

This hack doesn't work on the K2i, it needs to be re-evaluated.

any way to update this hack for the recent 2.3 update. I tried following all the scripting and stuff and gave up after a while.

I figured chmodding the showlog script to 0 would probably break things and probably be pointless given the framework account so....yeah.

what I want to do right now is set the print_stream*/print_gzip* functions to return something wacky and forget about it, but since the framework account has a login im not sure how useful that would be.

I am assuming the default account is... whats used to read books but im probably wrong about that.

now short of trying to port ipchains or ipfw or something and just denying inbound im not sure how to actually feel warm and fuzzy about all this :/

bleh. im tired, someone make this make sense :/

We need to get something similar going for DX. I think mine is in order, but I'm not savvy enough to do all of the similar tasks on my own.

Is this currently nonfunctioning on the K2(i)/DX(i)?

Is this currently nonfunctioning on the K2(i)/DX(i)?

Nope, it needs to be updated. Im working on it.

Any update on this?

The original writer disappeared, so somebody else needs to do it. I really just dont have time.

For 2.3, on my Kindle DX, I made this change right near the end of /usr/bin/showlog:

else # Sending full logs
print_stream_header `ls $ARCHIVE_DIR/${LOG}_*.gz | wc -l ` >> $OUTFILE
$GZIP_HEADER_TYPE `ls $ARCHIVE_DIR/${LOG}_*.gz | xargs ` >> $OUTFILE
fi
echo "" > $OUTFILE # GeekRaver's hax

Just the last line is mine; the rest is to show the context. That just replaces the logs with an empty string.

Earlier in the file there is a line:

OUTFILE=/dev/stdout

which I changed to:

OUTFILE=/dev/null