Mobile // Mobile Devices
News
10/24/2011
06:05 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Amazon Addresses Silk Tablet 'Optimized Browsing' Privacy Concerns

Amazon's response to the Electronic Frontier Foundation's inquiries should ease concerns that the Kindle Fire's Silk browser is invading users' privacy.

Amazon's first color tablet, the $199 Kindle Fire, will be available starting November 15. However, its custom browser, named Silk, has generated considerable discussion because of the way it achieves its claimed high performance.

Silk uses what Amazon calls a "split-architecture" that performs some of the Web page rendering locally on the Kindle Fire tablet itself while other network- and computational-intensive tasks as well as caching are performed on Amazon Web Services (AWS) cloud services. This means that Web pages are intercepted by Amazon's AWS servers, optimized for the Silk browser, and then sent to the Kindle Fire tablet. This led to the concern that Amazon would be tracking the Web-browsing habits of Kindle Fire users and possibly intercepting SSL-encrypted Web pages.

The Electronic Frontier Foundation (EFF) contacted Amazon to clarify how the Silk Web browser and AWS handled web pages enroute to Kindle Fire tablets.

The responses the EFF received from Amazon should put to rest the initial fears about the Silk browser. In fact, the Silk browser might be more secure to use with public hotspots than other browsers.

Amazon does not intercept, track, or process (accelerate) SSL-encrypted traffic. This means not only that Amazon is not looking at shopping, banking, and other sensitive financial Web interactions, but it is not looking at other Web sites that are (or can be) SSL encrypted, such as Gmail, Facebook, and Twitter.

Note that all Web traffic is encrypted by Amazon from its AWS servers to the Kindle Fire's Silk web browser. Amazon uses Google's SPDY (a short non-acronym way of spelling "speedy") Web-content network transport protocol in a persistent encrypted connection. This helps keep Web surfing in public hotspots safe from man-in-the-middle attacks, such as those popularized by the Firesheep attack tool.

Amazon also argues that its logging practices are reasonable from privacy and security points of view. Logged information is restricted to the URL being requested, the timestamps, and the token identifying a session. Logged data is kept for 30 days.

The EFF notes that Amazon does store website URLs on a per-browsing-session basis. The Silk browser has, however, the option to be placed in an "off-cloud" mode where all AWS-based interception and acceleration is turned off. This will, of course, result in slower Web browsing.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.