There are good people in the world. Ethical folk who are engineers and programmers, programme leads and operational staff. Often they are managed by those who play the angles. Who would rather the bad news never saw the light of day.

But when you're an SEC listed company, fined days prior by the US Department of Justice and the FTC for a smaller breach than the one you've just had walked in the door that now affects the legacy privacy of tens of millions of devices in the field then you have an absolute responsibility to communicate to your users.

In fact the DoJ ruling stated that Amazon was orded "notify users of its retention and deletion practices and controls;". Immediately two major vulnerabilities which impacted that ruling were on the desk of the Head of Security regarding retention of data and privacy and cached credentials allowing a device to become a trusted hardware token.

With the fourth major bug being the fact that software flaws in Cloudview and logging meant you were unable to deregister Kids Fire devices at all from the Web UI.

So what happens when someone blows the whistle when Amazon tried to cover all this up ???

Decent people do exist. Shame Amazon can't keep hold of them. Maybe they should send him a stock award and an apology.

So knowing for absolute fact that I am the subject of industrial scale stalking and hacking, the devices left with my ex wife being subject to the flaws and bugs relating to cached credentials and the Amazon Photo and Amazon Alexa lack of forced authentication (alongside an aged device logging bug) I was determined to engage with Amazon properly. Engaging with the Head of Security at Amazon and Ring in Seattle one on one. With live data supplied from Cloudwatch the immutable tamperproof platform that Amazon use to log all retail and operational activity.

I had no idea the storm that was about to break. But it's enough to put a Devizes girl in prison.

Amazon FireOS is a fork of stock Android. And what must be remembered it is it has to support a lot of software repo's and a lot of older libraries. However Amazon not licencing Android from Google and not partaking in the Play ecosystem is one matter. Amazon have only got to support a limited range of graphics chipsets and a limited range of hardware mainboards so it's NOT a lot of work. There are mainstream open source Linux distributions supporting PPC Intel ARM who have to do a lot more work than Amazon.

Amazon FireOS tablets have always been two to three distributions behind Google. Have always failed to have security standards aligned with Google. No file encryption or SD card encryption. No Knox equivalent etc. So you'd expect if you have older stable dev trees that you would take security and privacy seriously.

I proved categorically that Amazon did no such thing

In 2022/23 I discovered major discrepancies in the data I had been sent by Amazon regarding two tablets bought for my children in 2017. This followed a contentious toxic divorce and my suspicion that the tablets had been used by my ex-wife to stalk, monitor, eavesdrop and to gain unlawful access to documents, photos, audio, contact information and location information during 2018 to 2020.

But I couldn't work out how as I'd changed passwords religiously. I had two factor authentication.

It surely wasn't possible that an attack vector could be the two tablets, the cheapest plastic technology we owned.

Imagine my horror when I discovered four major bugs in FireOS and in the design and architecture of Fire operations.