Amazon answers some privacy concerns about new Silk browser
Privacy group EFF happy with some replies, but 'pretty serious' issues remain
Computerworld - Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group today.
The Electronic Frontier Foundation (EFF) said that discussions with Amazon have allayed some, though not all, of its worries about Silk.
"We're happy with a lot of things that we were initially nervous about," said Dan Auerbach, a staff technologist with EFF, in an interview today. "But there are still some pretty serious remaining privacy concerns."
Silk is based on the open-source WebKit engine -- the same that powers Google's Chrome and Apple's Safari -- and takes a different tack than rivals like those, Microsoft's Internet Explorer and Mozilla's Firefox. By default, Silk will connect to Amazon's cloud service, which will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components. That, said Amazon, will speed up browsing and let low-powered processors like those in the Fire render sites faster than other mobile browsers and devices.
But routing user traffic that way prompted some security and privacy experts to question Amazon's move weeks ago.
EFF, which declined to comment in detail last month, today said it had had questions, too, and had asked Amazon numerous questions about Silk's behavior and what data the giant online retailer will collect.
High on the EFF's list was how Silk will handle encrypted traffic to sites using SSL (secure socket layer) certificates and the HTTPS protocol.
"They made it very clear that they absolutely aren't 'man-in-the-middling,'" said Auerbach, referring to a term that describes intercepting traffic between a browser and a destination website.
Amazon's director of Silk development, Jon Jenkins, told EFF that "secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon's EC2 servers," according to a blog Auerbach published earlier today.
"That was one of the main reasons why we asked [Amazon] questions," said Auerbach, "because their messaging on that was so unclear."
Last month, Amazon had said only, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," a statement that some interpreted to mean that Amazon would use a man-in-the-middle SSL proxy to accelerate users' SSL browsing.
Silk will not accelerate SSL-encrypted browsing, said Auerbach, a win for users who may have been worried about Amazon seeing data used to log into secured sites, including banking, email and shopping websites.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!