Home  /  Learn  /  Can ebooks be silently changed?

Field note · Verifiable publishing

Can Ebooks Be Silently Changed After You Buy Them? (2026)

Published July 4, 2026 · Vita Indarra

Short answer: yes. Ebook platforms can push updated editions to your device, publishers revise digital books routinely, and in one famous case copies were deleted outright — usually with no changelog, no diff, no receipt. Most updates are benign; the silence is the problem. Readers can't realistically verify their own DRM-locked copies — but a publisher's shipping record can be made verifiable. We built that: every edition we publish is fingerprinted and anchored to the Bitcoin blockchain — our current manifest is committed in block 956,591 — so not even we can quietly rewrite what we shipped.

The deletion that named the problem

In July 2009, Kindle owners woke up to find George Orwell's 1984 missing from their devices. Amazon had remotely deleted purchased copies over a rights dispute — refunding the price, and proving in one stroke that a digital "purchase" is a relationship, not a possession. Amazon apologized and changed its policy; the lesson stands anyway. The book you bought can change after you bought it, because it never fully left the seller's hands.

Silent revision is the norm, not the scandal

Deletion is rare. Revision is everyday. Digital editions get corrected, trimmed, expanded, and sometimes substantially rewritten; platforms deliver updated files to readers with little or no indication of what changed. And here's the honest part most coverage skips: this is usually good. A living edition that fixes its errors beats a frozen one that preserves them — our own books are updated this way, and we consider it a feature.

The problem is that the whole arrangement runs on trust with no receipt. What version do you hold? What changed between editions? Did the publisher's history really happen the way they now say it did? There is no standard answer. The record lives in the publisher's hands, and records that live in one party's hands can be rewritten by that party.

What a reader honestly can — and can't — verify

Let's not oversell. Kindle and most ebook platforms deliver DRM-protected, device-specific files. You cannot realistically fingerprint your own copy and compare it against anything — and any advice claiming otherwise is theater. Reader-side verification is, today, mostly closed.

What can be made verifiable is the publisher's side: a public record of exactly which edition files were shipped and when — fingerprinted, timestamped, and anchored somewhere nobody can edit. Not "trust us," but "check us."

The fix we built (and why we're showing our work)

Every current edition in our ten-book catalog is fingerprinted (SHA-256). The fingerprint manifest is published openly and timestamped on the Bitcoin blockchain via OpenTimestamps — as of this writing, committed in Bitcoin block 956,591. When editions change, a new manifest is anchored and the old ones stay up. The history becomes checkable by anyone, forever, including by people who don't trust us — which is the only kind of trust worth printing.

The honest limits, out loud: this proves existence and integrity of the record — what we shipped, and when. It does not prove the claims inside a book are true (our editorial standards carry that weight), and it doesn't open your DRM-locked copy. What it removes is the ability of the publisher — us — to quietly rewrite its own past. As far as we can tell, no other publisher does this yet. We think that will age strangely: in a world filling with generated text, provable publishing history is going to stop being optional. Verify ours yourself: the provenance page.

Frequently asked

Can Amazon really reach into my Kindle?

Yes — the 2009 1984 deletion proved it, and updated editions are delivered the same way. Rare for deletion, routine for updates.

Should I be worried about silent updates?

Mostly no — corrections are good. The gap is accountability: no receipt, no diff, no way to audit a publisher's account of its own history.

Can I check my own copy?

Under DRM, realistically no. The verifiable layer is the publisher's shipping record — if the publisher chooses to make it verifiable.

What does Bitcoin add over just publishing a list of hashes?

Time. A list on a website can be silently replaced; a hash committed in a Bitcoin block cannot be backdated or rewritten by anyone — including the publisher who made it.

Go deeper

The field guide behind this note

Receipts an auditor can check, records that can't be quietly rewritten, and why verification — not capability — is the real bottleneck of the AI age: that's the argument of The Verification Bottleneck, our field guide to human oversight of AI systems, written from a built, attacked oversight surface. Live on Amazon.

← More field notes