Amazon Addresses Silk Tablet 'Optimized Browsing' Privacy Concerns

Amazon's response to the Electronic Frontier Foundation's inquiries should ease concerns that the Kindle Fire's Silk browser is invading users' privacy.

Amazon's first color tablet, the $199 Kindle Fire, will be available starting November 15. However, its custom browser, named Silk, has generated considerable discussion because of the way it achieves its claimed high performance.

Silk uses what Amazon calls a "split-architecture" that performs some of the Web page rendering locally on the Kindle Fire tablet itself while other network- and computational-intensive tasks as well as caching are performed on Amazon Web Services (AWS) cloud services. This means that Web pages are intercepted by Amazon's AWS servers, optimized for the Silk browser, and then sent to the Kindle Fire tablet. This led to the concern that Amazon would be tracking the Web-browsing habits of Kindle Fire users and possibly intercepting SSL-encrypted Web pages.

The Electronic Frontier Foundation (EFF) contacted Amazon to clarify how the Silk Web browser and AWS handled web pages enroute to Kindle Fire tablets.

The responses the EFF received from Amazon should put to rest the initial fears about the Silk browser. In fact, the Silk browser might be more secure to use with public hotspots than other browsers.

Amazon does not intercept, track, or process (accelerate) SSL-encrypted traffic. This means not only that Amazon is not looking at shopping, banking, and other sensitive financial Web interactions, but it is not looking at other Web sites that are (or can be) SSL encrypted, such as Gmail, Facebook, and Twitter.

Note that all Web traffic is encrypted by Amazon from its AWS servers to the Kindle Fire's Silk web browser. Amazon uses Google's SPDY (a short non-acronym way of spelling "speedy") Web-content network transport protocol in a persistent encrypted connection. This helps keep Web surfing in public hotspots safe from man-in-the-middle attacks, such as those popularized by the Firesheep attack tool.

Amazon also argues that its logging practices are reasonable from privacy and security points of view. Logged information is restricted to the URL being requested, the timestamps, and the token identifying a session. Logged data is kept for 30 days.

The EFF notes that Amazon does store website URLs on a per-browsing-session basis. The Silk browser has, however, the option to be placed in an "off-cloud" mode where all AWS-based interception and acceleration is turned off. This will, of course, result in slower Web browsing.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing