View Single Post
Old 04-30-2012, 12:15 AM   #1
Poetcop
Connoisseur
Poetcop began at the beginning.
 
Posts: 55
Karma: 46
Join Date: Feb 2012
Device: Kindle
How to safely stop Kindle Touch logging

The Kindle Touch logs information about your second-by-second actions while using it, and it has a script on it that has the capability of sending those logs to Amazon. Some people aren't bothered by that, and if that's the case for you, you don't need to read any further. It bothers me, because though I'm a little resigned to my activities being monitored and analyzed when I use the web, I hate the feeling that a company is looking over my shoulder while I'm turning the pages of a favourite book. If you store your highlights and last page viewed in the cloud, then you face the same privacy tradeoff as all cloud computing - essentially, it's fair game for data mining and profiling. But if you have opted out, then you shouldn't have to worry about your private reading time being observed.

So I have done a close examination of logging on the Kindle Touch, and I have answers to the two questions that first motivated me to start learning on this forum: first, how serious is the privacy threat of these logs? And second, how can the logging be stopped? And I mean stopped, since although sabotaging the showlog script, as some past approaches have, would probably stop most automated attempts to transmit the logs, as long as it is accumulating on your device it is still a privacy threat. My method prevents any log information more than 15 minutes old from being stored, and I believe it to be safe. But first, some information about these logs.

WHAT IS LOGGED, AND WHAT IS NOT LOGGED?


There are two continuously updated log files on the Kindle Touch 5.1.0, stored in /var/log, one called "messages" and one called "odotlite". In 5.0.4 there are two others in the same directory, "netlog" and "wpa_supplicant", but those seem to have gone away with the update. Of the four, only "messages" seems to hold information that could be desirable to keep private - of course depending on your personal comfort level. To help you decide, here are things that are logged that are potentially a concern:
  • The time, down to the millisecond, of every touch on the device's screen, as well as the type of touch (e.g. tap, swipe).
  • Time of opening a book, down to the second, including the book's ASIN (catalogue identifier), if Amazon book, or unique identifier (probably assigned by the device) if not.
  • When closing the book, the location you were reading in the book, and the text display settings.
  • Activation times of many other little features, such as text-to-speech, turning on wireless, going to sleep etc.
Things that I can confirm are not logged, at least not in /var/log files:
  • Not that much metadata about the book that is opened, compared to K3s apparently - not the title, the publisher, or publication date.
  • Typing (i.e. passwords) - coordinates of touches are not stored.
  • Search queries.
  • Text that is highlighted or notes that are added.
  • Web browsing (although this is of course stored as application data for the browser, and on Amazon's servers if the web browser goes through a proxy - not sure about that)
My Kindle is not the 3G model, so I was not able to test whether cellphone tower information is logged, as was suggested in an older post. If it is, this is quite a serious privacy threat (since it could be used to determine location, as in the iPhone debacle), and it would be very valuable if someone can confirm this either way. My method should however provide protection against that.

HOW LONG ARE LOG MESSAGES KEPT?


The oldest messages on the device are probably no more than 6 days old. I arrived at this figure by tracking the growth of the log over 24 hours of typical activity, which took up about 41 Kb compressed. Given that the maximum log archive size is 256 Kb (as I'll discuss later), this gives us about 6 days. I got the same estimate a different way, by looking at the snapshot of log archive I took before I started messing around with the logging, and it had almost exactly 6 days worth on it. Yet another way is the serial numbers on the log archives, which also serve as a kind of clock and confirms the 6 days figure. This applies if you use your Kindle like I do, about 15 minutes a day (reading that is, I seem to spend more time lately hacking it!) If you use it more, the logs will cover an even shorter period of time.

Are the logs routinely sent to Amazon? Two reasons to think not: first, people who have captured the packets sent from the Kindle to Amazon have not found any evidence of a file big enough to be a log being transmitted, as in for example this 10 hour capture by PoP:
https://www.mobileread.com/forums/sho...6&postcount=37
Second, a recursive grep did not turn up any scripts that call showlog, which is the script that assembles and transmits the log, except for dm.sh, which corresponds to the dump messages shortcut (which was also yifanlu's finding from the decompiled source). But we can't be 100% sure. One thing is certain: if wireless is kept turned off most of the time, even if all the logs are grabbed as soon as it is turned on there will be no more than 256 Kb (compressed), that is, 6 days worth, that could be transmitted.

In light of these facts, it seems to me that the logging is not designed the way it would be if it was intended to collect information on reading behaviour. My best guess would be that it is mostly there as a developer tool for debugging, and possibly for extreme tech support. Of course, this could easily change with the next update, if Amazon decides that stream of data is worth collecting.

If the 6 days of logging that type of information is more exposure than you want, here's:

HOW TO STOP LOGGING


1. Edit /etc/tinyrot-files.conf, for instance using vi. You may need to run mntroot rw first to be able to save changes.
2. Find the lines that say

Code:
/var/log/messages	256	-
/var/log/odotlite	2048	25
and change the first number in the line to be 0:

Code:
/var/log/messages	0	-
/var/log/odotlite	0	25
If you are still using 5.0.4 then change the other similar lines too (be careful not to change the type of whitespace, and the returns must be Linux returns, not mac or pc returns. Best to only change the number). Save and quit.

3. If you want to see the results immediately, run the script /usr/sbin/tinyrot. Otherwise tinyrot will run automatically within 15 minutes. Now when you type ;dm into the search box, the oldest log messages should be no more than 15 minutes old.

What this does is to change the maximum archive size (in Kb) of the log files, so that the tinyrot process, which runs every 15 minutes and deletes the logs in /var/log after first archiving them in /var/local/logs, does the work for you. My hope is that the fact that my method only changes the configuration file makes it somewhat more robust both to future updates and to other hacks. More details of how it works, if you're interested, in the appendix, "the life cycle of a log message".


The word "safe" in the post title is of course provisional, since it will take other people's scrutiny and testing to be positive that it's safe, but I feel some confidence, based on two things: first, my careful mapping of the log archiving process, as I describe at the end, and second, that I have had it installed on my own Kindle Touch for 4 weeks now, including 1 week after updating to 5.1.0 (so I can confirm that it survives the update). During that time I haven't experienced any problems, and partition 3 (/var/local) has not grown.

Please let me know if you have any corrections or new information, especially about potential issues it could cause, and I'll keep this updated. The safety is something I'm taking very seriously, with the eventual goal of a "parent-and-partner-safe" fix - privacy shouldn't be a privilege only for the people with technical skills (and our girlfriends and boyfriends don't deserve to have their Kindles bricked because of our well-meaning mods!). I hope that we'll soon have an equivalent of geekmaster's awesome data.tar.gz/RUNME.sh combo for 5.1.0, so that I can make a one-time magic bullet that will even work on unjailbroken KTs. But a little of my motivation is gone now that I think there isn't that much sensitive information being stored, let alone transmitted - for now.

THE LIFECYCLE OF A LOG MESSAGE

  1. Log messages are appended to files in /var/log, only "messages" and "odotlite" as of 5.1.0.
  2. Every 15 minutes, tinyrot runs, which clears all the log files.
  3. However, first the log contents are appended to the end of a gzip file in /var/local/logs, with a filename like messages_00000005_20120319043003.gz. The last part of the name is updated to the current system time.
  4. A new log archive file is started after a while, which for most of the log types is measured by the number of times tinyrot has run since starting the last archive file, AGGR_COUNT in tinyrot.conf, which is set to 20. So each log archive file contains log messages collected at 20 15 minute intervals, covering 5 hours if the Kindle was on the whole time.
  5. If the total contents of the archives for a log type exceed a certain max size, in the case of "messages" 256 Kb, then the oldest archive file is deleted, repeatedly, until we're back under the max size.

So when the max log archive size is 0, tinyrot will go through and delete all the archive files for that type of log every time it runs, as well as emptying the current log file. It will alternate between the log message "Cleaning up any old logs matching X" and "Removing X to save storage space", but this is harmless, as is the incrementing of the counter files in /var/local/logs at the normal pace.

Thanks to yifanlu, knc1, ebs, and PoP among others! Special thanks to geekmaster, without whom I wouldn't have a Kindle to hack!

Last edited by Poetcop; 04-30-2012 at 08:38 PM.
Poetcop is offline   Reply With Quote