I can see how this happened. They removed their own custom encryption system in preparation for the native encryption offered by lollipop. For some strange reason they couldn't actually finish making that native encryption feature shippable (some last minute show-stopper bug maybe?). But the old encryption code was not ported to lollipop either, so essentially they ended up with having two unusable encryption systems on their hands and deadlines looming. The end result can be seen here.
Of course this is purely speculation, but I see this sort of thing far more likely explanation than some nebulous collusion with NSA (Hanlon's razor etc)
To be fair, Hanlon's razor would also point to "encryption is hard and creates a negative user experience (and more work for us), so don't implement it."
Ars Technica followed up with Amazon and got this response:
"In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using," Amazon told Ars. "All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption."
>Of course this is purely speculation, but I see this sort of thing far more likely explanation than some nebulous collusion with NSA (Hanlon's razor etc)
I doubt collusion is occurring. More likely- Amazon sees Apple getting legally compelled in NY and CA to develop ways to bypass full disk encryption, and Amazon decided to avoid this battle altogether. I would be happy to be proven wrong though.
I don't think the timeline meshes for that. Two weeks from Apples Customer Letter to Amazon making changes to major new release seems way too quick to be a reaction.
Don't buy an Amazon device while planning on rooting it and installing CyanogenMod or the equivalent, either. Starting with Fire OS 5.1.1 in December 2015, Amazon locked down the bootloader making such hacks considerably trickier. Here's a relevant thread at XDA forums:
http://forum.xda-developers.com/amazon-fire/development/amaz...
With moves like this, I'd guess it likely that Amazon continue to move in a direction unfriendly to users wanting full control over the devices they own.
I think devices to Amazon are merely marketing budget, enabling further sales of media. I think they're selling them at a loss per device but a net gain with sales included.
If you put CM on your Fire, they would view that as if you defaced a billboard they paid for.
I'm glad I bought a few in November 2015 for $35 each then... I was able to install CyanogenMod without too much trouble and I got rid of ads and increased performance in the process.
> users wanting full control over the devices they own
I would have to disagree. Users buying an Amazon device do not want full control, otherwise they would have bought something else. That's the implication Amazon is working under in order to be able to sell these products at the prices they're selling them. You're talking like Amazon and Apple are committing the same 'sin'
While data isn't encrypted-by-default on AWS, this plants a flag in the ground on where Amazon stands in a way that does not sit well with me.
Given Amazon's stance here, I am disinclined to running infrastructure on their cloud. The USA is becoming less and less friendly as a place to operate a business.
THIS is the thing that makes you worry about where Amazon stands in relation to government interests? Amazon has a rich history of rolling over to government interests whenever their profits may be at risk.
A great example is the Wikileaks case. Wikileaks was running on EC2, but Joe Lieberman called Jeff Bezos and said "Hey, you want more of those sweet, sweet government contracts? Take Wikileaks offline." And Amazon immediately complied. http://www.theguardian.com/media/2010/dec/01/wikileaks-websi...
Perhaps, but blame the government, not Amazon. I'm not sure there's even any evidence they really threatened to do anything. And as I said, they didn't leak users private information. In fact it didn't even succeed at shutting down Wikileaks, so it didn't really hurt anyone.
I would buy the argument that this is a performance change, had they not already shipped with it on before. Encryption on android is not usually a large bottleneck (measurable but not great) on such devices. I call BS on any claims of this being perf-motivated.
Your comment said "is not usually a large bottleneck (but it is measurable)" which implies that there is a performance impact. If they are trying to eek out as much performance as they can from an already terribly slow device then it stands that it could be for performance reasons.
Amazon's most recent line of Kindle Fire tablets are horribly slow products. They sacrificed their hardware in order to make a super cheap tablet (which in my opinion is a mistake because it leads to poor user experience). I'm sure this is an attempt to get a little extra performance from these products.
I actually have one of the $50 Fire tablets. Super slow for a tablet, yes, but fast enough to read Kindle books, watch Amazon Prime shows, or listen to music from Amazon. It's slow hardware, but it's just fast enough for its intended purpose.
I haven't poked at the underlying system at all, but I have noticed that giving these cheap tablets a fast SD card considerably improves the performance. It might be memory contention and the tablet using the card for swap, or simply putting applications onto the card is faster than the internal storage. I'm not sure, but it Works For Me.
People unfamiliar with full-device encryption on Android devices need to be aware of the following: until Marshmallow, it was SLOW. It was so bad that while Google recommended turning on encryption by default on Lollipop, they had to back off of the recommendation because full-disk encryption made the devices run like crap. [0] The reason suspected for this is that up to and including Lollipop, Android handsets did not support hardware-backed encryption/decryption, which meant it all had to be done in software.[1] This had the end result of putting huge overhead onto the device once FDE was turned on, and over time it would get slower and slower. Anecdotally, I tried encrypting my HTC One M7 a few years ago for security, and I eventually I had to factory wipe the damn thing because the overhead got so bad that I would periodically turn on the screen and it would take so long for the phone to respond that the auto-idle would turn the screen back off before I I was even presented with a lockscreen!
The M7's specs were nothing to scoff at in 2013. Given the incredibly limited specs of Amazon's tablets, however, I would not be surprised if encrypting them could slow them down further to the point of being unusable.
I discovered this a few days ago (https://news.ycombinator.com/item?id=11152640) on my Kindle Fire HD 6. I ran it quite happily with encryption under Fire OS 4, and upgrading actually required that I wipe the device. Amazingly, Fire OS 5 (without encryption) appears to run about the same, or maybe even a bit more slowly. The HD 6 actually has decent specs, so I'm speculating that this is mainly to improve performance on the newer $50 tablets that don't have the computational power of the older models.
Number 2, while conceivable, is probably not the reason given Qualcomm (and other chip makers) include hardware encryption support. Furthermore, this article indicates that encryption is "no longer supported," not that it is just turned off by default (which would be reasonable if performance was the issue).
Yeah, I can't believe someone held some of the Fire tablets in their hands and said out loud with a straight face, "Someone will not think this is trash."
Slow interface at a device or OS level is insta-garbage to me as a user.
Can't agree with you enough! I thought they would have learned their lesson with the Fire phone. As a owner of a company that makes games for tablets, the performance on the new line of devices was noticeably worse than the previous generation.
RE: #2, it's an optional feature which is not enabled by default. And you have to dig for it. I'm inclined to think that the people who dig for encryption on a book-themed tablet are more likely to understand the potential performance ramifications themselves.
It makes it harder to know what other devices and software to buy, though. If you (like some comments in here imply they do) assume that the entirety of Amazon is compromised, you'll have to stop using Netflix, since they're hosted at Amazon. You'll have to stop using Reddit, since they're at Amazon. You'll have to stop using almost all the popular apps, since they're most likely on Amazon. And if Amazon is compromised by an external attacker, you have to assume AWS is compromised as well.
It's more difficult to drop Amazon than you might think.
That's sort of misunderstanding the threat model. Data in the "cloud" has always been subject to surveillance and seizure. It's not covered by the "encryption" stored on your local device (except in specific ways for specific apps). No one is saying "drop amazon" in this context, because the stuff you're mentioning can't be secured by any user action, even in theory.
The issue with the FBI-vs-Apple encryption situation is that the device itself can be secured, at least in theory, if the user memorizes a strong key (pay no attention to the "secure enclave" style of key escrow authenticated with a PIN or fingerprint, that's snake oil and will always be backdoorable!) and the hardware doesn't intercept the key entry (which, yeah, is sort of a hole). And devices that refuse to implement any encryption at all, like Amazon's, need to be avoided.
That depends on how services use data -- if they encrypt every bit touching an EC2 instance, then the NSA only gets a whole lot of very-hard-to-crack files.
But I agree with the overall feeling. European developers already know (or should know) that the AWS model was tarnished by the PATRIOT Act pretty much since its inception, from a legal standpoint. If your data is handled by a US company, be it on US soil or anywhere else, the US government can get it at any time (without even the need to involve NSA-level skills) and nobody will be allowed to tell you. To be fair, in any other circumstance your data is just fair game for any NSA operation, so in practice you're basically screwed no matter what, but at least you can try to give them a challenge.
Obviously. But where is the difference? If the NSA is reading your texts through the physical phone hardware or reading them off the wire, it's the same thing. In fact it's scarier if there is an encryption backdoor on their software, since it could be read remotely much easier.
If Amazon hardware is compromised, there's no reason to assume their AWS platform isn't compromised. And that puts a backdoor in a lot of web applications.
There's a wide difference between my Netflix habits and every bit of personal data on my device, but that gap is probably closing as more sites use AWS
Considering Amazon's reputation and practices, I wouldn't be surprised if their system was broken or compromised, probably on purpose. Still, they're also forcing Kindle Keyboard users to upgrade their devices for them to keep functioning while giving them only weeks in which to do, something which this wouldn't explain. I own almost a dozen Amazon devices and I can honestly say, every single one was a waste of money. It's not that I didn't read books and use the tablets, but the way Amazon treats its customers is only slightly better than guards treat inmates in jail (and in some cases, worse). And now, it looks like they're pretty much going to stop working altogether. If Amazon wants to keep its customers, it should probably stop threatening them and closing their accounts over made up policies as well as stop bricking their devices (which is now imminent). But they simply just don't care.
I must admit, I am unsure how to properly encrypt phones anyway. Currently I am using a 4 digit PIN on my phone. Surely if an attacker had access to my phone, that would be trivial to crack. It seems unrealistic to use a lengthy PIN (10 digits or more?) to unlock my phone, because I have to do it so often.
What is a good solution? Perhaps sensitive applications have to encrypt their own data, so that I can access most of the phone functionality with the short PIN, but need a longer password to access certain data. No dice with the address book, though :-(
(I don't trust finger prints, because they seem tricky to keep secret - my latest phone also says that fingerprints may be less secure than a good PIN).
I don't know what kind of phone you have, but iOS has an option to automatically wipe the device after N code failures. Thus the whole San Bernadino phone situation.
Fingerprints are not trivial to obtain, and are even harder to reproduce.
I use a hyper-complicated password on my phone with TouchID, so I only have to enter it once when the phone is booted. After that, I'm on fingerprints. If I were coerced into unlocking my phone, I would just use the wrong finger a few times in order to trigger the requirement to re-enter the password.
> It seems unrealistic to use a lengthy PIN (10 digits or more?) to unlock my phone, because I have to do it so often.
My suggestion: Be an empiricist and run the experiment. I've been using strong 8+ character alphanumeric passwords on my devices for several years, and it’s rarely a bother.
Sometime ago, I even started using randomly generated complex passwords for my work account, and I was astonished by how effortless it is for me to memorize a new such password every 90 days.
As they say, your mileage may vary, but at least run the experiment, you might be surprised.
Interesting idea, although I am not sure which places I would trust enough. Even my home can be broken into. I'm actually working on getting all my data encrypted, even at home, because of the nightmare scenario of a thief getting all my data.
There's trusted devices as well. Maybe you could pick up a cheap bluetooth thing and only turn it on when you don't want to be bothered with passcodes.
Another alternative might be to look into Tasker. You might be able to write a script that will turn off the lock when you're at home and it's during this time range, for example.
It's an interesting approach if encryption is available as a 3rd party option. It means that they deflect liability; especially if the 3rd party is an easily installed app provided by a shell company.
> The company did not respond to a request for comment about its Fire OS encryption change.
It's clear these comments are going to be a wave of negative speculation but I find it hard to believe that Amazon has done this to make their devices easier to hack by the three letter agencies.
I would love to hear some kind of comment from anyone at Amazon who knows why they did this.
No. GovCloud is just a way for Amazon to sell cloud services to the US government. The US government would not be able to put services in the "public" clouds due to the massive amount of regulations involved, so Amazon offers them a private space that is separated from the rest. If the customer (in this case the US gov) is big enough, the overhead of complying with all the regulations/requirements imposed by the customer is worth it.
Of course this is purely speculation, but I see this sort of thing far more likely explanation than some nebulous collusion with NSA (Hanlon's razor etc)