
Amazon removes encryption from the software for Kindles, phones, and tablets - tshtf
http://www.dailydot.com/politics/amazon-encryption-kindle-fire-operating-system/
======
zokier
I can see how this happened. They removed their own custom encryption system
in preparation for the native encryption offered by lollipop. For some strange
reason they couldn't actually finish making that native encryption feature
shippable (some last minute show-stopper bug maybe?). But the old encryption
code was not ported to lollipop either, so essentially they ended up with
having two unusable encryption systems on their hands and deadlines looming.
The end result can be seen here.

Of course this is purely speculation, but I see this sort of thing far more
likely explanation than some nebulous collusion with NSA (Hanlon's razor etc)

~~~
falcolas
To be fair, Hanlon's razor would also point to "encryption is hard and creates
a negative user experience (and more work for us), so don't implement it."

~~~
serge2k
Also "we don't want to spend the money to do this."

------
zipwitch
Don't buy an Amazon device while planning on rooting it and installing
CyanogenMod or the equivalent, either. Starting with Fire OS 5.1.1 in December
2015, Amazon locked down the bootloader making such hacks considerably
trickier. Here's a relevant thread at XDA forums: [http://forum.xda-
developers.com/amazon-fire/development/amaz...](http://forum.xda-
developers.com/amazon-fire/development/amazon-fire-5th-gen-supertool-
root-t3272695)

With moves like this, I'd guess it likely that Amazon continue to move in a
direction unfriendly to users wanting full control over the devices they own.

~~~
imglorp
I think devices to Amazon are merely marketing budget, enabling further sales
of media. I think they're selling them at a loss per device but a net gain
with sales included.

If you put CM on your Fire, they would view that as if you defaced a billboard
they paid for.

------
ewindisch
While data isn't encrypted-by-default on AWS, this plants a flag in the ground
on where Amazon stands in a way that does not sit well with me.

Given Amazon's stance here, I am disinclined to running infrastructure on
their cloud. The USA is becoming less and less friendly as a place to operate
a business.

~~~
CobrastanJorji
THIS is the thing that makes you worry about where Amazon stands in relation
to government interests? Amazon has a rich history of rolling over to
government interests whenever their profits may be at risk.

A great example is the Wikileaks case. Wikileaks was running on EC2, but Joe
Lieberman called Jeff Bezos and said "Hey, you want more of those sweet, sweet
government contracts? Take Wikileaks offline." And Amazon immediately
complied. [http://www.theguardian.com/media/2010/dec/01/wikileaks-
websi...](http://www.theguardian.com/media/2010/dec/01/wikileaks-website-
cables-servers-amazon)

~~~
Houshalter
Well in fairness not hosting Wikileaks wasn't violating any user's rights or
privacy.

~~~
rosser
You don't think that Amazon's pulling Wikileaks' hosting at the urging of a
sitting Senator might have any First Amendment implications?

I mean, obviously, no _law_ was passed, so it doesn't violate the letter of
the law, but the _spirit_?

~~~
Houshalter
Perhaps, but blame the government, not Amazon. I'm not sure there's even any
evidence they really threatened to do anything. And as I said, they didn't
leak users private information. In fact it didn't even succeed at shutting
down Wikileaks, so it didn't really hurt anyone.

------
dmitrygr
I would buy the argument that this is a performance change, had they not
already shipped with it on before. Encryption on android is not usually a
large bottleneck (measurable but not great) on such devices. I call BS on any
claims of this being perf-motivated.

~~~
soccerdave
Have you used one of their new products launched last quarter? They are
horribly slow.

~~~
dmitrygr
Not due to encryption

~~~
soccerdave
Your comment said "is not usually a large bottleneck (but it is measurable)"
which implies that there is a performance impact. If they are trying to eek
out as much performance as they can from an already terribly slow device then
it stands that it could be for performance reasons.

------
soccerdave
Amazon's most recent line of Kindle Fire tablets are horribly slow products.
They sacrificed their hardware in order to make a super cheap tablet (which in
my opinion is a mistake because it leads to poor user experience). I'm sure
this is an attempt to get a little extra performance from these products.

~~~
freehunter
I actually have one of the $50 Fire tablets. Super slow for a tablet, yes, but
fast enough to read Kindle books, watch Amazon Prime shows, or listen to music
from Amazon. It's slow hardware, but it's just fast enough for its intended
purpose.

~~~
ewindisch
I haven't poked at the underlying system at all, but I have noticed that
giving these cheap tablets a fast SD card considerably improves the
performance. It might be memory contention and the tablet using the card for
swap, or simply putting applications onto the card is faster than the internal
storage. I'm not sure, but it Works For Me.

------
ikeboy
> the operating system that powers its Kindle e-reader, Fire Phone, Fire
> Tablet, and Fire TV devices.

Fire OS doesn't run on Kindle e-readers.

------
sigmar
>Amazon is among several tech companies filing or joining amicus briefs in the
Apple case.

I bet the wording in Amazon's amicus brief will be much weaker than that of
Google and Facebook's.

~~~
niels_olson
I'm in. $1.

------
AdmiralAsshat
People unfamiliar with full-device encryption on Android devices need to be
aware of the following: until Marshmallow, it was _SLOW_. It was so bad that
while Google recommended turning on encryption by default on Lollipop, they
had to _back off_ of the recommendation because full-disk encryption made the
devices run like crap. [0] The reason suspected for this is that up to and
including Lollipop, Android handsets did not support hardware-backed
encryption/decryption, which meant it all had to be done in software.[1] This
had the end result of putting huge overhead onto the device once FDE was
turned on, and over time it would get slower and slower. Anecdotally, I tried
encrypting my HTC One M7 a few years ago for security, and I eventually I had
to factory wipe the damn thing because the overhead got _so_ bad that I would
periodically turn on the screen and it would take so long for the phone to
respond that the auto-idle would turn the screen back off before I I was even
presented with a lockscreen!

The M7's specs were nothing to scoff at in 2013. Given the incredibly limited
specs of Amazon's tablets, however, I would not be surprised if encrypting
them could slow them down further to the point of being unusable.

[0] [http://arstechnica.com/gadgets/2015/03/google-quietly-
backs-...](http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-
from-encrypting-new-lollipop-devices-by-default/) [1]
[http://www.androidpolice.com/2014/11/20/anandtech-posts-
side...](http://www.androidpolice.com/2014/11/20/anandtech-posts-side-by-side-
nand-performance-for-nexus-6-encrypted-vs-unencrypted-its-not-pretty/)

~~~
rpdillon
I discovered this a few days ago
([https://news.ycombinator.com/item?id=11152640](https://news.ycombinator.com/item?id=11152640))
on my Kindle Fire HD 6. I ran it quite happily with encryption under Fire OS
4, and upgrading actually required that I wipe the device. Amazingly, Fire OS
5 (without encryption) appears to run about the same, or maybe even a bit more
slowly. The HD 6 actually has decent specs, so I'm speculating that this is
mainly to improve performance on the newer $50 tablets that don't have the
computational power of the older models.

~~~
JustSomeNobody
> Amazingly, Fire OS 5 (without encryption) appears to run about the same, or
> maybe even a bit more slowly.

And this is the real reason they killed encryption. Instead of optimizing FOS
5, they made it less secure.

------
osipovas
A lot of these devices are low-end so I can see that removing it is two-fold
benefit:

1.) Making friends with the NSA. 2.) Improving performance on their devices.

~~~
sigmar
Number 2, while conceivable, is probably not the reason given Qualcomm (and
other chip makers) include hardware encryption support. Furthermore, this
article indicates that encryption is "no longer supported," not that it is
just turned off by default (which would be reasonable if performance was the
issue).

~~~
tehwebguy
Yeah, I can't believe someone held some of the Fire tablets in their hands and
said out loud with a straight face, "Someone will not think this is trash."

Slow interface at a device or OS level is insta-garbage to me as a user.

~~~
soccerdave
Can't agree with you enough! I thought they would have learned their lesson
with the Fire phone. As a owner of a company that makes games for tablets, the
performance on the new line of devices was noticeably worse than the previous
generation.

------
thrillgore
Amazon has just made it easier to pick what devices to purchase: None of
theirs.

~~~
freehunter
It makes it harder to know what other devices and software to buy, though. If
you (like some comments in here imply they do) assume that the entirety of
Amazon is compromised, you'll have to stop using Netflix, since they're hosted
at Amazon. You'll have to stop using Reddit, since they're at Amazon. You'll
have to stop using almost all the popular apps, since they're most likely on
Amazon. And if Amazon is compromised by an external attacker, you have to
assume AWS is compromised as well.

It's more difficult to drop Amazon than you might think.

~~~
zokier
OP was talking about devices, not services.

~~~
freehunter
Obviously. But where is the difference? If the NSA is reading your texts
through the physical phone hardware or reading them off the wire, it's the
same thing. In fact it's scarier if there is an encryption backdoor on their
software, since it could be read remotely much easier.

If Amazon hardware is compromised, there's no reason to assume their AWS
platform isn't compromised. And that puts a backdoor in a lot of web
applications.

------
joesmo
Considering Amazon's reputation and practices, I wouldn't be surprised if
their system was broken or compromised, probably on purpose. Still, they're
also forcing Kindle Keyboard users to upgrade their devices for them to keep
functioning while giving them only weeks in which to do, something which this
wouldn't explain. I own almost a dozen Amazon devices and I can honestly say,
every single one was a waste of money. It's not that I didn't read books and
use the tablets, but the way Amazon treats its customers is only slightly
better than guards treat inmates in jail (and in some cases, worse). And now,
it looks like they're pretty much going to stop working altogether. If Amazon
wants to keep its customers, it should probably stop threatening them and
closing their accounts over made up policies as well as stop bricking their
devices (which is now imminent). But they simply just don't care.

------
facepalm
I must admit, I am unsure how to properly encrypt phones anyway. Currently I
am using a 4 digit PIN on my phone. Surely if an attacker had access to my
phone, that would be trivial to crack. It seems unrealistic to use a lengthy
PIN (10 digits or more?) to unlock my phone, because I have to do it so often.

What is a good solution? Perhaps sensitive applications have to encrypt their
own data, so that I can access most of the phone functionality with the short
PIN, but need a longer password to access certain data. No dice with the
address book, though :-(

(I don't trust finger prints, because they seem tricky to keep secret - my
latest phone also says that fingerprints may be less secure than a good PIN).

~~~
JustSomeNobody
If you are using Android, look into trusted places, etc.

~~~
facepalm
Interesting idea, although I am not sure which places I would trust enough.
Even my home can be broken into. I'm actually working on getting all my data
encrypted, even at home, because of the nightmare scenario of a thief getting
all my data.

~~~
JustSomeNobody
There's trusted devices as well. Maybe you could pick up a cheap bluetooth
thing and only turn it on when you don't want to be bothered with passcodes.

Another alternative might be to look into Tasker. You might be able to write a
script that will turn off the lock when you're at home and it's during this
time range, for example.

------
awinter-py
but don't worry about storing your customers' data on EBS, that's still
totally cool.

------
gwbas1c
It's an interesting approach if encryption is available as a 3rd party option.
It means that they deflect liability; especially if the 3rd party is an easily
installed app provided by a shell company.

------
LeoPanthera
> The company did not respond to a request for comment about its Fire OS
> encryption change.

It's clear these comments are going to be a wave of negative speculation but I
find it hard to believe that Amazon has done this to make their devices easier
to hack by the three letter agencies.

I would love to hear some kind of comment from anyone at Amazon who knows why
they did this.

------
bedros
Amazon has big CIA contracts unlike Apple.

------
daveloyall
Does this have anything to do with it? [https://aws.amazon.com/govcloud-
us/](https://aws.amazon.com/govcloud-us/)

~~~
jmiserez
No. GovCloud is just a way for Amazon to sell cloud services to the US
government. The US government would not be able to put services in the
"public" clouds due to the massive amount of regulations involved, so Amazon
offers them a private space that is separated from the rest. If the customer
(in this case the US gov) is big enough, the overhead of complying with all
the regulations/requirements imposed by the customer is worth it.

