As we count down to end of 2009, the emerging star of this year's holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon's Kindle to Barnes and Noble's forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music.

Unfortunately, e-reader technology also presents significant new threats to reader privacy. E-readers possess the ability to report back substantial information about their users' reading habits and locations to the corporations that sell them. And yet none of the major e-reader manufacturers have explained to consumers in clear unequivocal language what data is being collected about them and why.

As a first step towards addressing these problems, EFF has created a first draft of our Buyer's Guide to E-Book Privacy. We've examined the privacy policies for the major e-readers on the market to determine what information they reserve the right to collect and share.

(Updated Jan 6 2010: We've updated and corrected this guide. Please read the latest version instead.)

*Based on the proposed Google Books Privacy Policy. The policy is subject to change prior to final acceptance of the Google Books Settlement.
**The Nook will not ship until January 2010 and as yet has no publicly available product-specific Terms of Use or Privacy Policy. Results based on the general Barnes and Noble Privacy Policy.


For example, Google's new Google Book Search Project has the ability to track reading habits at an unprecedented level of granularity. In particular, according to the proposed Google Books Privacy Policy, web servers will automatically "log" each book and page you searched for and read, how long you viewed it for, and what book or page you continued onto next:

When you use Google Books, we receive log information similar to what we receive in Web Search. This includes: the query term or page request (which may include specific pages within a book you are browsing), Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

In addition, because users must have a Google Account in order to purchase and view books, Google maintains a dossier, via its Web History service, of all books purchased unless the user gives up the right to view a book he or she already "bought."

Physical e-reader devices pose similar threats to reader privacy. For example, the Kindle does not sell, but rather licenses, the books, magazines, and other materials offered for wireless download through its Kindle Store, which can only be used on a particular device. This implicitly requires Amazon to know what reading material a user has licensed at any given time.

Even more disturbing, however, is the broad latitude Amazon gives itself to keep track of how customers are using their device. From the Kindle License Agreement and Terms of Use:

Information Received. The Device Software will provide Amazon with data about your Device and its interaction with the Service [i.e. the wireless connection, purchases through the Kindle Store, etc.] (such as available memory, up-time, log files and signal strength) and information related to the content on your Device and your use of it (such as automatic bookmarking of the last page read and content deletions from the Device). Annotations, bookmarks, notes, highlights, or similar markings you make in your Device are backed up through the Service. Information we receive is subject to the Privacy Notice.

In other words, your Kindle will periodically send information about you to Amazon. But exactly what information is sent? Amazon's wording — "information related to the content on your Device and your use of it" — reads so broadly that it appears to allow Amazon to track all content that users put on the device, regardless of whether that content is purchased from Amazon. Some security researchers have indicated that the Kindle may even be tracking its users' GPS locations. Is this the future of reading?

Thankfully, there are some e-reader options that do not connect wirelessly, nor include any privacy or "terms of use" provisions that allow monitoring of what you put on the device or how you use it. Sony's Reader, for example, may collect information about what books you buy from its own eBook Store, yet the Reader also works with books purchased from other sources as well. Even safer still, popular e-reader software programs, such as open-source FBReader, allow users to download content from a number of sources onto a multitude of devices, including one's computer or mobile, without handing over all information about their reading habits to one source, or anyone for that matter.

Still, there are no perfect options this holiday season for the many shoppers who consider Internet-connectivity to be a must-have feature for their e-readers. Let's hope that by this time next year, e-reader manufacturers have stepped up to the challenge of taking their users' privacy seriously.