97 comments

[ 3.1 ms ] story [ 164 ms ] thread
Reading this made me grateful that there are still ways to avoid all this surveillance. For example,—and this is just the tip of the iceberg—reading Standard Ebooks on a privacy-respecting ebook reader.
> privacy-respecting ebook reader

Suggestions?

Kobo seems to work readily offline simply out of box. Plug in usb-c to upload books?
A kindle will do the same thing. Everything is privacy-respecting if there's no internet connection.
I really enjoy my Kobo Libra H2O with KOReader installed.
My new Kobo refused to start out of the box, without making an account. Very disappointing.
I created an account, but then installed KOreader on my Libra 2 and just read books through that. It's FOSS, more customizable, and supports OPDS feeds which can do pretty neat things like finding articles from HN[0].

[0] https://github.com/BHSPitMonkey/news2reader

I read that KOreader is unstable on the Libra 2[0], so I haven’t installed it yet even though I would like to. What has been your experience running it?

[0] https://github.com/koreader/koreader/issues/8414

I had it installed for a while, and there were fairly frequent crashes (i.e. about once every 8 hours of reading) requiring a reboot.

But it was _almost_ worth it. It's a really great reader, especially for reading PDFs.

After some software update about 6 months ago it got halfway uninstalled somehow and I did a factory reset and haven't reinstalled it yet. I recall reading that it's not on KOreader's side, and they can'tfix. :(

It's been perfectly stable for me since I got the device a few months ago, but I also don't read for hours at a time like the other commenter. It's possible that it leaks memory after viewing several hundred pages or something like that.
Can confirm you need to log into your Kobo account to get it going.
I keep my kindle in airplane mode.
Do you need to keep it 100% of the time in airplane mode? Couldn't it be queuing stats to upload them once it leaves AP mode?
With a jailbroken kindle you can install the BBB (Block Big Brother) filter on the firewall (it's running linux under the hood after all):

https://www.mobileread.com/forums/showthread.php?p=2425330

Alternatively like me you can just remove the 3g modem in it's entirety:

https://peekread.info/tech/20210120-removing-3g-modem-from-a...

what happens when you buy Kindle in EU, I would think when you first turn it on they would have to ask if you want to be tracked and if not would have to fuck off.
That's a good question I couldn't find anything in my cursory searches. Knowing Amazon because all the focus has been on Web browsers and cookies there might not be much available on the ebook front atm.
Kindle with ads has been observed to, after a couple alerts that it’s been offline for too long, just ignore airplane mode at some point.
I have a wifi only model that has never seen a wifi password, and haven’t noticed this.

What’s the symptom?

Can confirm. Happened with me couple times. It would just go off the airplane more altogether.

Besides, "airplane" mode is just an icon on the screen. If it has WiFi with a known password (or without one) within reach there's really no way of knowing if it's phoning home.

Amazon never denied the fact that they use their devices to collect data. That's why they are (relatively) cheap. Kindle, Echo, Fire TV - they are al presumed to provide data to Amazon on customer's preferences allowing for better ad targeting etc. If this data can be sold to third parties, even better, more revenue. This is not illegal and I'm not even sure it's unethical, as long as the buyers are aware of the deal.

I keep it 100% in airplane mode and use calibre to manage my library. So far it’s been a pleasure, reliable and predictable.
I like the Marvin3 reader on iPhone. Haven't found something I like on the desktop though.
Is it still on app store or just not available in the US?
Oh shit. My bad. I don't know honestly... I got it a couple years ago, and it was everything that Books wasn't.

Apple Books thinks I want to put tiny 1mb epub files in my iCloud, which is full (no idea why) and then it won't save them. So when I reopen, now the book's gone even though I have like 40 gigs free on my phone. Simple interface, simple list of books to choose from, etc. And now the damned thing's gone and I have no idea why.

The underlying problem is obtaining the books. Even if you never register your ereader and never let it go online, you are just shifting the problem to a computer. They loose fine-grained details about what you are reading, but that's about it.

If you understand that and take proper precautions, I would imagine that any ereader that doesn't require registration would be fine. If you never put it online, it cannot accidentally go online. Plus it isn't tied to your name. Personally, I use Kobo. You have to jump through a hoop to bypass registration by modifying an SQLite database. Other than that there are no protections, so you aren't using sketchy software to realize that degree of privacy.

> you are just shifting the problem to a computer.

Libgen works with anonymizers.

Pocketbook https://pocketbook.ch

You can download your books as you want and copy them to the device in many ways, including connecting the thing via USB to your pc and using it as an external storage unit. Sounds trivial but try to do that with a smartphone.

You can buy books from their shop if you make an account, but it is completely optional.

I wasn't aware of Pocketbook, interesting to see a smaller competitor in this market. Unfortunately they might run into the same issues discussed in this article.

They have two privacy policies. The one which seems to cover their web site [1] and one which I assume is for their devices [2].

The latter says the following:

> We collect such non identified information concerning the Application:

> […]

> Usage Data includes information about how you use our Application. By Usage Data we mean: how you use your book library, information concerning which buttons on the Application you click, which you do not, how often do you use buttons, turning on/ off the device, setting font options, changing the interface language, sending archive, changing the library settings, setting the read mode. We collect these information to make our Services better for the end-customers. Understanding of your usage preference give us the opportunity to develop better Application, which will have higher reliability, usability, compressed functionality and extremely easy startup.

The first privacy policy [1] though says they do not collect any "Special Categories of Personal Data about you".

[1] https://pocketbook.ch/en-ch/privacy-policy

[2] https://pocketbook.ch/en-ch/reader-mobile-privacy-notice

Can't you just never connect your device to the internet though?
Are you saying it's hard to get phones recognized as external storage devices? I've not had this issue with any of my android phones or my Boox e-reader which runs android.
Yes, that is what I meant, I always had problems with it. Iirc Android uses the mtp protocol for file transfer, it is not like accessing external storage. Before I can read / write files to the phone's storage I have to perform some steps on the phone's UI (this already rules out doing this while the phone is off); the exact steps changed between android versions. And then if I manage to remember, not all files and directories are visible.

With a pocketbook, you connect it and it is like you attached a USB stick.

Gotcha. Yeah, you get a notification from which you can swap mode. Default being charging only, for security reasons.

Also, android encrypts the filesystem by default these days I believe. So unpowered fs access is a no go without a lot of work for a very niche use case.

Security doesn't really matter on a somewhat dumb e-reader though, so seems like sensible defaults for the respective devices tbh.

Standard Ebooks is a fantastic project. I have been supporting them for years. I love their attention to detail of typography and their approach to building the books in the open, from source code, with open source tools. I wish their project existed in many other languages! The only caveat is that they have to wait for books that are in the public domain.
A year ago, I bought a PocketBook InkPad Lite for this purpose, and keep its WiFi disabled, as an interim solution, until hardware&firmware that guarantees privacy.

I buy non-DRM ebooks (so far, they cost about twice Kindle prices), and `rsync` them to the ereader over USB. More info: https://www.neilvandyke.org/ebooks/

Save money by buying the normal book and pirating the non-restricted version
This assumes that buying the normal book gives you protection from prosecution. I am not sure whether you really can assume this.

Meanwhile in my jurisdiction, as long as I don't share with the public, I am free to download unencumbered ebooks and other media when I find them. No need to buy something for hope of non-prosecution.

You've assumed avoiding prosecution was the aim! I feel it's underwood around the literati that it's trivial to avoid being caught and so anyone who hands over money is doing so for morality or convenience. For most e-books (anything mass-market or academic) the convenience is better for piracy so my suggestion was for someone who didn't want to feel they weren't properly rewarding the author/publisher.
My bad, sorry.

However: We all know that creators don't get the whole money you pay for some works. If I would want to support a creator I would try to find a way to support directly.

In other words I find it a bad idea to buy a book as a way to donate.

Buying a book does much more for an author who isn't already famous than just giving them money does. It raises their visibility, making it more likely that publishers will bite on a second book by them. It also pays the editors, typesetters, etc. - the author isn't the only creative person involved, and every heavy reader can think of examples of authors who have good ideas but desperately need an editor.
Yeah, I read most of my books on an e-reader. I’ve tried to pay for my ebooks but I’ve rapidly stopped. It’s such an horror shitshow. They managed to recreate the same DRM nonsense which didn’t worked for the movie and music industry.

The final straw was that time where I bought an ebook on a popular library website. I tried to open it on my computer, I knew it had DRM so I wasn’t surprised to have to install this Adobe DRM nonsense.

However during the installation, I just clicked on « Skip » when they asked for my Adobe account. Yeah it worked ! I could read my ebook on my computer, now it’s time to transfer it to my Adobe DRM compatible e-reader.

Well, fat chance, Mr book "owner", your book has been linked to your computer and not to your ereader Adobe account, you are stuck.

I said a lot of words kids shouldn’t hear that day.

In fact, I love e-reader, it’s practical, it’s lightweight, you can throw your entire library on a tiny sd card but I can’t stand this arrogance.

Contrary to digital music or movies, books are still superior objects in all aspects. They are sometimes beautiful, you can do what you want with them. You can own them or give them or borrow them or … And still, the industry thinks they can sell you those unpractical DRM files at mostly the same price (when it’s not more) ? That’s arrogant and they can go f themselves.

Now I only buy real books and anything on my ereader comes from Z-Library or a torrent tracker. At least they are files I can own.

Thus rewarding the DRM services with more money. If you’re going to pay when you could’ve gotten it for free, might as well keep alive the service that respects your rights instead of strengthening the one that violates them.
Not the parent, but I read "buying the normal book" as buying actual paperbacks.
Buying a physical copy of a book so you can pirate the digital version isn’t legally sound, plus it is a major impactful hassle.
Could I perhaps buy a digital version for my local library and then borrow it from them for the same duration as I'm using the pirated file?
> I buy non-DRM ebooks (so far, they cost about twice Kindle prices),

Curious about this one. The price is set by the publisher, so it's not like you can just opt to pay for a DRM or a DRM-free copy of the book at checkout.

I assume you mean that the publishers who offer DRM-free books tend to be more expensive? That might track if they're indie publishers, since they can't afford to be loss-leaders on a product.

But FWIW, Tor Books offers all of their stuff DRM free across the major platforms (Amazon, Kobo, Google Play, B&N, Apple Books, etc.) and they go on sale just as often as the major publishers, in my experience.

Example from that link I gave: "For O'Reilly books, they link to eBooks.com for non-DRM copies. So far, these seem to cost about twice what the Kindle versions of the books do, [...]"
What’s a good place to get non-DRM books?
Can you give me an example of a pricacy-respective ebook reader?

I recently bought a Kobo Nia, and then returned it because it required me to create an account before I could use it.

Afterwards I got a PocketBook Basic Lux 4. This I have been using without having had to create an account. I've also never connected it to any wifi. However, I have no way of knowing, without taking significant effort to investigate, whether it's not connecting to free wifi's and relaying back to home my books list etc..

I bought Clara 2e and was very disappointed with the requirement to create an account.

After some googling I found you can start it in "sideloader" mode. To do that I plugged it in as USB device and updated a config file by adding "sideloaderMode=true". After restart it skipped account creation and allowed me to start reading the books.

I use Calibri to manage my books and collections. Haven't found how to add dictionaries as of yet but I think it can be done too.

> I have no way of knowing, without taking significant effort to investigate, whether it's not connecting to free wifi's and relaying back to home my books list etc.

I think this is bordering on the unreasonable to be honest. There is no reason to assume it's doing this, and it would be wildly illegal (in EU at least).

This is mostly about Amazon Kindle, but it also mentions Hoopla, an e-reader app. Presumably this applies to things like Overdrive as well. I'm satisfied with my Kobo, epubs and Calibre.
The scariest part of the article (for me) was about information being packaged and sold. In that regard, the article was not about Amazon, since it is not alleged to have done this. Of course, Amazon is huge enough that they can profitably use reading history to sell you other things. But it would be worse if they were also selling off your private reading history.
> But it would be worse if they were also selling off your private reading history.

Google makes a similar argument, but I am not convinced. They still give information to abusive governments, and their in-house infrastructure for monetizing your data is state of the art.

Plus, data breaches are basically inevitable. Even if they weren’t, some percentage of FAANG will eventually have a few down quarters in a row and sell access to the data to the highest bidder, or be acquired by an oligarch.

at this point, any app, device, service, website that does not actively promote the fact that they do not harvest data, track, spy, etc should just automatically be assumed that they are. The money to be made is too good. The requirements to do it are too easy. The usability impact on the user is negligible if it's even measureable to non-existent.

It's pretty much like this war has been lost, but nobody wants to admit it or even admit it existed.

> It's pretty much like this war has been lost, but nobody wants to admit it or even admit it existed.

i didn’t hear no bell. (bell sound is a subscriber exclusive.)

if the fat lady ain't singing, she's definitely warming up
(comment deleted)
And they wonder why we download books from Z-library with a VPN instead of the, "legitimate" option. It is very similar to using ad blockers. If "legitimate" businesses refuse to let me view and pay for their products without being tracked, loaded with malware and/or having my data sold to third parties, then as far as I'm concerned they have no grounds to complain when I go another route.
I am pretty sure Amazon was giving me ads based on books on my kindle that I did not buy through Amazon, so you also would have to pay attention not to connect to any network even if you acquire books by other means.
I read purchased ebooks with DRM stripped in Calibre on a jailbroken Kindle with KOreader.
koreader is great, I have a (very) hacked up pinenote that runs koreader, and the reading experience is very good. It's also extensible enough that you can easily port/customize it to new devices or hardware.
so you have commited a crime, bc afaik stripping drm is illegal. At this point why not just pirate it? Are you doing this to pay the author for his work?
I have no problem paying for content but I don't want to be restricted in the ways that I can view it.
This may well be a serious issue, but it's hard to tell because this article is atrociously written.
Almost no research, despite implying multiple threads to pull on interesting original research... and yet the article is 100% an appeal to emotion and/or tropes.

Opportunity lost , indeed

> the article is 100% an appeal to emotion and/or tropes.

It has to be, otherwise the author would need to address the issue that they are writing an article about surveillance, for a site that attempts to load almost 40 different trackers when you read the article.

I started rolling my eyes at "reader surveillance is a deeply intersectional threat", and it didn't get any better from there.

A whole lot of platitudes and speculation about how women and minorities are hardest hit, but essentially no actual information on who is doing what with which bits of data.

(comment deleted)
get printed books (or pdfs), distill your own water, grow your own food (if you can)
Is this a concern to EU citizens? Seems to be one of the reasons the GDPR exits.
It should be if you use apps/websites run by companies outside of the EU or small enough to not care.

GDPR doesn’t put the fear of god in to every company on the planet the way many people seem to think it does

It seems to me that you are putting too much faith in GDPR - if particular service kind of flies under the radar then I'm assuming that nobody who operates it cares about GDPR
[flagged]
(comment deleted)
I only buy physical books. Not trying to be sarcastic here, but I have yet to find an E-Reader that gives me the same relaxing feeling that looking at ink on paper does at the end of the day. For the the library-in-one device convenience hasn't outweighed the disconnected simplicity of reading a book.

After spending a work day staring at a screen I have zero interest in looking at at yet another display.

There's reading for pleasure and then there's reading as a requirement.

Carry around dozens of 1000+ page technical reference volumes? Nah, no thanks, I'll take an instantly searchable e-reader I can stick in my pocket, with non-destructive notes, highlights and bookmarks that'll sync between my devices.

Reading for pleasure? Gimme a hardback any day.

> Without laws to stop them, it’s reasonable to expect that popular library apps like Hoopla and Libby are hiding similar behavior behind legal smokescreens.

Whenever I check out (non-audio) books on Libby/OverDrive, it always just sends the books to my Kindle Cloud Library. This presumably means OverDrive doesn't know what passages I actually read, or for how long. And the mere fact of my borrowing seems to be protected by state law (many states, including CA, protect this information). [1]

It would be interesting to know how these surveillance tactics run up against these privacy laws.

1: https://www.ala.org/advocacy/privacy/statelaws

> E-books are becoming told off corporate surveillance

Perhaps it's a small point, but the title is wrong imo. There's no becoming about it, this was a major point all along, from inception. Just like mobiles are spying devices (updated so that batteries are non removable now), like smart meters, like electric cars, etc.

Some of us have known and talked about the level of spouting being baked into hardware for a long time. This sort of intrusion was telegraphed, but missed by most technology fans, who have misplaced their faith with government and corporations.

> Many students are required to use Elsevier’s digital books and learning products in order to complete coursework... By default, Elsevier surveils every page a student visits on the internet—whether it’s related to their education or a google search for nearby abortion clinics. Then... sell[s] this information to data brokers.

Am I missing something where it goes from reading Elsevier's books and using their site to making the leap to internet-wide surveillance?

From skimming through the SPARC report they cite it seems various findings are based on privacy policy language, one of which states that 'browsing history', 'search history' and 'interactions with our and other websites' may be collected, though this reads like it may just involve their own sites' analytics with only the latter involving other sites (which could be just outlinks but is unclear).

While the rest of the report seems to just cover some overviews of their own cookies and open-ended concerns about third-party scripts (which include general CDNs and their own analytics hosted by third-parties).

its one example. then she list 4 others. your company probably gives you safari books and lynda... ALL of those record every single action for DRM purposes. the side effect is that now you reading list, how long, what time you read which line etc is all collected and readily available to anyone as we know what happens to all data (from marketers to gov to law enforcement etc)
Right, Elsevier collects analytics on their own services, which has the possibility of being accessed by others, which itself is one concern, however the claim by Fast Company and Fight for the Future was Elsevier somehow surveils broad internet usage outside the scope of their own products.

For this to be true they'd either need their own trackers on every single website online (or be ingesting from those that do but at which point it's not Elsevier's tracking) or be have software/browser addon installed on the clients' system.

Only a small handful of companies have approached the near-ubiquity of webpage presence of the former that made cross-internet tracking a realistic scenario (see eg. past critique of Google/Facebook embeds) but afaict the only thing being interpreted here is a line in a privacy policy that is very likely being misinterpreted.

Certainly the report doesn't make any claim about ubiquitous internet tracking in its key findings summaries. Contrast that to how Fight for the Future has run with it:

> Elsevier tracks more than what books someone reads—it surveils readers’ search and browsing history across the whole web, collects their locations, and builds profiles based on inferences from this data.

DRM by definition is on the client and opaque.

I'm not sure where you are getting all that misplaced goodwill and hopes of lack of capabilities

DRM isn't magic. It's still bound by the browsers' security policies, and those policies do not allow tracking by one domain of activity on others that aren't opting in somehow. Extraordinary claims require extraordinary evidence, and my pre-existing hatred for Elsevier isn't evidence of them having capabilities that would make the NSA drool.

If students were regularly installing a native app or a browser extension, the tracking claim would make sense, but neither you nor TFA have suggested a valid mechanism for the supposed tracking.

most of those examples don't even have a webapp or website.
Stripping DRM, making "your" books really your own books, and then transferring, storing and reading them however you damn well please are the sequence of simple solutions to the corporate/legal crap that's so common these days and to the parasitic garbage described in the article.

Also, just resorting to plain pirate copy torrenting and download, because if the combination of legal players who make getting your own DIGITAL copy of book so bloody complicated and restricted want to take that route, they deserve a few leaks in revenue.

Pretty sure GDPR/CCPA prohibits them from actually making use of this data. But simply collecting data for temporary use is enough to get the expert journalists another day's worth of copy.
> By default, Elsevier surveils every page a student visits on the internet—whether it’s related to their education or a google search for nearby abortion clinics.

How is this even possible? The article has nothing to back this up.

And it's not even an e-book! Elsevier uses a custom JavaScript "reader". So it's just a web page. But I think someone read their privacy policy and got confused about what they are capable of.

I was thinking the same thing. This article seems remarkably light on the facts. They throw around a handful of scary words, but there is very little evidence to back it up or even specifics of how this surveillance might be happening or what data is being sold.
That is exactly why I have thousands of offline books in my offline library and I use a no internet/wifi Android ebook reader to read them.