The Inquirer-Home

Amazon's Silk browser raises security and privacy concerns

Data retention and HTTPS proxy are seen as problems
Thu Sep 29 2011, 15:08

THE CLOUD-BASED WEB BROWSER developed by Amazon for its Kindle Fire tablet has worried privacy conscious users because of features that could endanger the confidentiality of their data.

Dubbed Amazon Silk, the web browser leverages the massive power and ultra-high speed connectivity of the company's Elastic Cloud Computing (EC2) service to significantly decrease page load times.

Amazon is very proud of this split browser architecture, even though it wasn't the first company to come up with the idea. Opera Mini works in pretty much same way and has been available since 2005.

And like Opera's lightweight mobile browser, Amazon's Silk also raises privacy and security concerns. For one, the company will record what web sites Silk users visit and this information can later be requested by law enforcement agencies.

Being based in the US, Amazon is subject to government requests under the US Patriot Act, which have low due process restrictions and can prevent the company from notifying targeted individuals. Users from other parts of the world, like those in the European Union, might not feel very comfortable knowing this.

"The content of web pages you visit using Amazon Silk passes through our servers and may be cached to improve performance on subsequent page loads," Amazon says in the Silk Terms & Conditions.

"Amazon Silk also temporarily logs web addresses known as uniform resource locators ('URLs') for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues. We generally do not keep this information for longer than 30 days," it adds.

Moreover, because its servers will act as a man-in-the-middle proxy for HTTPS requests, the company will be in a position to intercept secure communications. "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," the company notes in its FAQ.

Amazon Silk will come with an off-cloud mode, so people will at least have the option of not sharing sensitive data with Amazon, but since this will not be the default setting most average users will probably never use it.

Others have expressed concern about Amazon's ability to perform behavior tracking through Silk, for example by analyzing what ads users click on, what stores they shop in or what they search for.

"While most of us roll our eyes when confronted with long privacy policies and pages of legalese, privacy risks lurk around every corner. If you buy a Fire device, think carefully as to whether your privacy is worth trading for a few milliseconds faster web surfing experience," advises Chester Wisniewski, a senior security advisor at Sophos. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?