I’m considering a Boox Note Air 4C for note-taking, Swedish handwriting OCR, and apps like ChatGPT, Notion, Obsidian and Readwise. I’ve read that Boox devices have questionable privacy (even Mozilla has flagged them), and it’s well documented that they’re not private out of the box.
My question is:
What’s the best way to mitigate the privacy issues without losing key functions like syncing (Dropbox/Google Drive), installing apps, and OCR?
Would things like avoiding Boox Cloud, using a VPN, or a firewall be enough? Or is there a better approach that doesn’t require heavy technical skills but still improves privacy?
The cynical take is that Boox is relative cheap, because it is subsidized by the (direct or indirect) sale of your private data in the same way Big Tech does. The solution of course is to never turn on the WiFi and Bluetooth and to never attach it to a connection with a working internet but that is what you want so…
You might get away with a whitelist/allowlist only internet connection routed via a VLAN but setting it up isnt so easy. It requires that you have a managed switch and proper router like OPNsense, pfSense or OpenWRT and set it up according.
If that is a bit too much of a hassle or too much additional equiptment for a certain setup then consider a more expensive eBook reader that respects your privacy more. I dont have one off the top of my head to recommend.
It looks like Mozilla removed the Boox review, presumably because they didn’t update it. In episode 259 of the The Privacy, Security, & OSINT Show, I remember Michael Bazzell explained why he still prefers Boox. The main takeaway is that their privacy policy isn’t good but it’s kinda besides the point.
He didn’t create an account or provide any contact information and only connected it to his network which routes everything through a VPN server. He says while using NextDNS he didn’t notice any shady connections, it just looks like it was checking for updates. This was all years ago in 2022 and could’ve changed by now, but it’s worth mentioning.
I’m not sure if you can sync with Dropbox and Google Drive while retaining a whole ton of privacy, I’d spend some time thinking of how you could achieve what you’re looking for in a more private way. Perhaps Proton Drive?
As for general advice, I think the easiest option might be to avoid signing into anything (I think Boox eReaders are full Android tablets, so you can install apps without Google) and use a VPN which allows for ad/tracker blocking such as Mullvad. Ideally you’d do something similar to Michael Bazzell where everything connected to your network is forced to go through a VPN, that way devices can’t circumvent anything, but it might be too much to setup just for an eReader.
You can also look for alternative eReaders which might be a bit better for privacy, from my memory they might be more expensive or suffer in size/features: