Amazon answers some privacy concerns about new Silk browser
Privacy group EFF happy with some replies, but 'pretty serious' issues remain
Computerworld - Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group today.
The Electronic Frontier Foundation (EFF) said that discussions with Amazon have allayed some, though not all, of its worries about Silk.
"We're happy with a lot of things that we were initially nervous about," said Dan Auerbach, a staff technologist with EFF, in an interview today. "But there are still some pretty serious remaining privacy concerns."
Silk is based on the open-source WebKit engine -- the same that powers Google's Chrome and Apple's Safari -- and takes a different tack than rivals like those, Microsoft's Internet Explorer and Mozilla's Firefox. By default, Silk will connect to Amazon's cloud service, which will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components. That, said Amazon, will speed up browsing and let low-powered processors like those in the Fire render sites faster than other mobile browsers and devices.
But routing user traffic that way prompted some security and privacy experts to question Amazon's move weeks ago.
EFF, which declined to comment in detail last month, today said it had had questions, too, and had asked Amazon numerous questions about Silk's behavior and what data the giant online retailer will collect.
High on the EFF's list was how Silk will handle encrypted traffic to sites using SSL (secure socket layer) certificates and the HTTPS protocol.
"They made it very clear that they absolutely aren't 'man-in-the-middling,'" said Auerbach, referring to a term that describes intercepting traffic between a browser and a destination website.
Amazon's director of Silk development, Jon Jenkins, told EFF that "secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon's EC2 servers," according to a blog Auerbach published earlier today.
"That was one of the main reasons why we asked [Amazon] questions," said Auerbach, "because their messaging on that was so unclear."
Last month, Amazon had said only, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," a statement that some interpreted to mean that Amazon would use a man-in-the-middle SSL proxy to accelerate users' SSL browsing.
Silk will not accelerate SSL-encrypted browsing, said Auerbach, a win for users who may have been worried about Amazon seeing data used to log into secured sites, including banking, email and shopping websites.
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- IDC MarketScape: Worldwide Client Virtualization Software 2013 Vendor Assessment IDC has placed Citrix in the 2013 IDC MarketScape Leaders Category once again noting that, "Citrix's position reflects the company's market leadership and...
- Infographic: Top Use Cases for Desktop Virtualization A wide range of business issues is driving IT toward desktop virtualization. One solution-Citrix XenDesktop with FlexCast technology-helps IT teams empower their entire...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!