02-02-2012, 02:52 PM | #1 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Chatty Kathy vs Linux (p1)
Concerned about what is being sent to Amazon but not quite ready to take measures such as those in the "Big Brother" threads?
Such as: https://www.mobileread.com/forums/sho...t=51371&nojs=1 Being a newcomer to the Amazon Kindle I wanted to do some exploring before doing any modifications to my new Keyboard+3g reader. My new toy is nicknamed: Chatty Kathy for well known reasons. First step was to disable her 3G connectivity to cell phone services. The quick and easy way - unplug her 3G modem/radio (its a mini-PCIe card). Yes, if your careful, the card can be removed without removing the antenna assemble. Whoot! Now I have a Kindle Keyboard - Wifi only model. The Wifi access I can control since the only access points in-range are my own. After a few hours of packet capture from initial power-on, and a bit of study... I decided to brute force the matter in my gateway/router using source based, policy routing rules. Your gateway/router does run Linux, doesn't it? If not, adapt the following: Day 2: Based on the Day one activity, you want to give these ranges special routing treatment before Chatty Kathy can talk to them: Code:
CIDR: 23.0.0.0/12 CIDR: 50.16.0.0/14 (the log collector) CIDR: 72.21.192.0/19 CIDR: 107.20.0.0/14 CIDR: 184.72.0.0/15 CIDR: 204.246.160.0/19 CIDR: 205.251.192.0/18 CIDR: 207.171.160.0/19 Where 169.254.0.225/27 is the range you assigned to your wireless devices; Then in your Linux based, gateway router, do: Code:
$ sudo ip rule add from 169.254.0.225/27 to 23.0.0.0/12 prohibit $ sudo ip rule add from 169.254.0.225/27 to 50.16.0.0/14 prohibit $ sudo ip rule add from 169.254.0.225/27 to 72.21.192.0/19 prohibit $ sudo ip rule add from 169.254.0.225/27 to 107.20.0.0/14 prohibit $ sudo ip rule add from 169.254.0.225/27 to 184.72.0.0/15 prohibit $ sudo ip rule add from 169.254.0.225/27 to 204.246.160.0/19 prohibit $ sudo ip rule add from 169.254.0.225/27 to 205.251.192.0/18 prohibit $ sudo ip rule add from 169.254.0.225/27 to 207.171.160.0/19 prohibit Code:
$ ip rule show 0: from all lookup local 32758: from 169.254.0.225/27 to 205.251.192.0/18 prohibit 32759: from 169.254.0.225/27 to 207.171.160.0/19 prohibit 32760: from 169.254.0.225/27 to 50.16.0.0/14 prohibit 32761: from 169.254.0.225/27 to 204.246.160.0/19 prohibit 32762: from 169.254.0.225/27 to 184.72.0.0/15 prohibit 32763: from 169.254.0.225/27 to 107.20.0.0/14 prohibit 32764: from 169.254.0.225/27 to 72.21.192.0/19 prohibit 32765: from 169.254.0.225/27 to 23.0.0.0/12 prohibit 32766: from all lookup main 32767: from all lookup default The above has been tested in a controlled packet capture environment for: Wifi-On Wifi-Off Wakeup-Wifi-On Wakeup-Wifi-Off Adding bookmarks and highlights Doing web searchs Chatty Kathy asks for domain addresses in those ranges for each of the above cases, but of course can't get out to them. I will get all of the related reference materials and packet captures up on my homesite RSN, you all know how that goes. Last edited by knc1; 02-02-2012 at 03:26 PM. Reason: typo - think I got all of them this time. |
02-02-2012, 05:13 PM | #2 |
Groupie
Posts: 153
Karma: 113
Join Date: Jan 2012
Location: Russia
Device: Kindle Touch
|
Hmm... This could be almost easily written to /etc/hosts of Kindle itself.
I mean make DNS records that resolve to those IPs point to 127.0.0.1 instead. And you could plug 3G back then BTW, did you identify which of addresses was used by KT for what? |
02-02-2012, 07:20 PM | #3 | ||
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
And what sort of maintenance you want to put up with. Any change you make on the Kindle itself requires access (called here: Jailbreak) and may be wiped out at any time. Either by an update or remotely. Doing it external to the Kindle keeps things under your control. Note: (p1) means "part 1". I am not ready to take a position on that (yet). My feeling is that GSM uses its own device addressing/naming conventions, not the Internet DNS. That feeling is based on going over how OpenBTS works (a 'provider side' GSM system): OpenBTS Quote:
Some will take a bit more digging. I have found my Chatty Kathy holding open, and using, two TCP/TLSv1 connections at the same time. In my first post, I just brute forced the situation without taking the time to do something a lot more elegant. The reference materials, raw packet captures, and decoded packet capture summaries will be publicly available on my home web-site, KnetConnect.com someday, RSN. Readers will be able to invent a solution that suits them based on the raw data. |
||
02-03-2012, 05:22 PM | #4 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Update - Yes Chatty Kathy tries IPv6 also
My first post only covered IPv4 because that is all I have seen.
But I just today recorded Chatty Kathy querying the name servers at ultraDNS for IPv6 address(es). In my case, it didn't do her any good, I don't have public IPv6 enabled while testing. But those readers who do have IPv6 enabled... You will probably want to block her use of IPv6 in addition to the IPv4 rules above. Just limit her to 20th Century networking and then the IPv4 rules above should be enough. Last edited by knc1; 02-08-2012 at 12:37 PM. |
02-03-2012, 07:03 PM | #5 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Sorry, I may be ignorant, but what's the problem of amazon's device trying to connect to amazon? I mean, how else are you going to get auto-book downloads, page syncing, kindle store, etc. If you don't want that, just turn off wireless.
|
02-03-2012, 07:29 PM | #6 | |
Grand Sorcerer
Posts: 27,549
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
Last edited by DiapDealer; 02-03-2012 at 07:31 PM. |
|
02-04-2012, 12:32 PM | #7 | |
Addict
Posts: 256
Karma: 112042
Join Date: Oct 2010
Location: Maryland, USA
Device: Sony PRS-650
|
Quote:
Also, any information or control that any company has is available for an overreaching government to grab. And we KNOW the government doesn't have our best interest at heart. |
|
02-04-2012, 02:47 PM | #8 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
If you just want to read books, start with this one: George Orwell, 1984 Beyond that, I will only say I believe it should be the owner's choice of if/when/what activity of theirs gets reported to someone else. My own personal opinion and may not be shared by every reader here. Last edited by knc1; 02-04-2012 at 02:53 PM. Reason: Wrong quote |
|
02-04-2012, 02:50 PM | #9 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Some of the things Chatty Kathy talks about use a secure (TLSv1) transport link. Those exchanges will take a bit more work. Last edited by knc1; 02-08-2012 at 12:33 PM. |
|
02-04-2012, 03:02 PM | #10 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
The summary info of her attempts to tell someone about your just having done an update: At start of the update: Code:
Standard query A dogvgb9ujhybx.cloudfront.net Standard query response CNAME dogvgb9ujhybx.lax3.cloudfront.net A 205.251.203.152 A 205.251.203.189 A 205.251.203.206 A 205.251.203.235 A 205.251.203.248 A 205.251.203.14 A 205.251.203.114 A 205.251.203.123 Standard query A dogvgb9ujhybx.lax3.cloudfront.net Standard query response A 205.251.203.208 A 205.251.203.221 A 205.251.203.250 A 205.251.203.9 A 205.251.203.10 A 205.251.203.52 A 205.251.203.163 A 205.251.203.190 Standard query A dns.kindle.com Standard query response A 207.171.179.1 A 207.171.170.1 Standard query A pins.amazon.com Standard query A pdns1.ultradns.net Standard query AAAA pdns1.ultradns.net Standard query A pdns2.ultradns.net Standard query AAAA pdns2.ultradns.net Standard query A pdns3.ultradns.org Standard query AAAA pdns3.ultradns.org Standard query A pdns4.ultradns.org Standard query AAAA pdns4.ultradns.org Standard query A pdns5.ultradns.info Standard query AAAA pdns5.ultradns.info Standard query A pdns6.ultradns.co.uk Standard query AAAA pdns6.ultradns.co.uk Standard query response A 204.74.108.1 Standard query response AAAA 2001:502:f3ff::1 Standard query response A 204.74.109.1 Standard query response A 199.7.68.1 Standard query response Standard query response A 199.7.69.1 Standard query response AAAA 2001:502:4612::1 Standard query response A 204.74.114.1 Standard query response Standard query response A 204.74.115.1 Standard query response Standard query response Standard query response A 107.22.160.18 Standard query A firs-ta-g7g.amazon.com Standard query response A 72.21.203.200 Code:
Standard query A dogvgb9ujhybx.cloudfront.net Standard query response A 205.251.203.208 A 205.251.203.9 A 205.251.203.10 A 205.251.203.108 A 205.251.203.135 A 205.251.203.159 A 205.251.203.167 A 205.251.203.190 Standard query A pins.amazon.com Standard query response A 107.22.160.70 Standard query A firs-ta-g7g.amazon.com Standard query response A 72.21.203.200 Code:
Standard query A dogvgb9ujhybx.cloudfront.net Standard query response A 205.251.203.175 A 205.251.203.182 A 205.251.203.53 A 205.251.203.104 A 205.251.203.111 A 205.251.203.128 A 205.251.203.147 A 205.251.203.174 |
|
02-05-2012, 04:57 AM | #11 |
Groupie
Posts: 153
Karma: 113
Join Date: Jan 2012
Location: Russia
Device: Kindle Touch
|
Hmm, mine KT (non-3G) has almost always WiFi off So no problem here, right?
|
02-05-2012, 08:15 AM | #12 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Much of this information could (can not yet say if it is) be saved and sent in a batch the next time the machine connects. The information gathering system would almost have to be designed that way, since Wifi connections are not always available where the machine is being used. In this first part, I am only doing 'discovery' of what/where the machine is trying to connect to. In the next part, I will try to learn just what it is trying to share with Amazon. The point I had in starting this thread was to have 'Informed Users' that could make their own decisions on what to share, once it becomes an owner's choice. The 'Free Wifi' and the 'Free (portion of) 3G' are not being provided by Amazon without the expectations of something being received in return. Amazon does fully disclose that the machine is designed to be "Always Connected". They do include features that make use of that connectivity for the user and describe how having those features are a benefit to the user (mostly Amazon Cloud based things). They forgot to mention in bold print the advantages to Amazon. The best description I can give is by analogy. In the USA, the largest, oldest, consumer research organization was originated to study the (new at the time) users of Television. They are still in that business, along with others, and make no secret of what they do: Nielsen Ratings These ratings and the consumer research these people provide to the television industry are a major factor in the decisions made by the producers and marketers of those viewing products. Now consider that you are a publisher / distributor / seller of books. Wouldn't your department of Corporate Strategic Planning just love to have the sort of consumer studies and research that the television industry has? So why not just put a 'consumer interest' data gathering device into every consumer's hands? Report their reading habits, down to the detail of bookmarks and highlighted quotations? Where is the difference between Nielsen and Amazon? With Nielsen, the viewers who report know they are reporting their viewing habits. With Amazon, the readers do not know they are reporting their reading habits. With Nielsen, the company provides an electronic reporting device for the purpose. With Amazon, the company provides an electronic reporting device for the purpose. With the Nielsen device, the viewers know they have it. With Amazon... Oh, gee, we forgot to mention that. With Nielsen, the viewers have a choice of what and when they report on their viewing. With Amazon, the readers do not have a choice. They don't even know they are reporting. If the reader of this is a believer in: "Ignorance is Strength" (George Orwell, 1984, page 2) then they will have no complaint about this situation. Other readers might want an 'Advanced Settings' panel on their Kindle where they can choose what sort of information about their reading habits they share with Amazon. Such as: Share my titles: Share my bookmarks: Share my quotations: Share my reading time per title: Share my .... And whatever other things that are being reported for which the machine's owner might have an opinion about sharing with the customer research database in the Amazon Cloud. |
|
02-05-2012, 08:18 AM | #13 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
|
02-05-2012, 08:31 AM | #14 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
I am only posting the information for an owner to use in arriving at their own decision. |
|
02-05-2012, 09:32 AM | #15 | |||
Grand Sorcerer
Posts: 27,549
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
Quote:
Quote:
The fact that they have the ability to collect that log-file doesn't really interest me at all... but I'd definitely be curious to know if you find evidence contrary to the previous packet-sniffing experiments (that say nothing big enough to represent a log file is being sent)—but only if that evidence doesn't contain any supposition. Last edited by DiapDealer; 02-05-2012 at 09:41 AM. |
|||
Tags |
big brother, knetconnect, privacy |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Free (B&N) First, There Is a River by Kathy Steffen | Little_bear | Deals and Resources (No Self-Promotion or Affiliate Links) | 0 | 08-19-2011 08:16 AM |
Free PDF: All Steamed Up by Kathy Lette | greencat | Deals and Resources (No Self-Promotion or Affiliate Links) | 2 | 04-18-2011 07:29 AM |
Hello from Kathy in KS | Kathy_818 | Introduce Yourself | 9 | 01-14-2011 12:04 PM |
Patricia Cornwell, Kathy Reichs then . . . ? | mediax | Reading Recommendations | 16 | 10-25-2010 09:53 PM |
$3.99 in Kindle store: Regression by Kathy Bell | Xia | Deals and Resources (No Self-Promotion or Affiliate Links) | 0 | 11-04-2009 11:58 PM |