Amazon answers some privacy concerns about new Silk browser
Privacy group EFF happy with some replies, but 'pretty serious' issues remain
Computerworld - Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group today.
The Electronic Frontier Foundation (EFF) said that discussions with Amazon have allayed some, though not all, of its worries about Silk.
"We're happy with a lot of things that we were initially nervous about," said Dan Auerbach, a staff technologist with EFF, in an interview today. "But there are still some pretty serious remaining privacy concerns."
Silk is based on the open-source WebKit engine -- the same that powers Google's Chrome and Apple's Safari -- and takes a different tack than rivals like those, Microsoft's Internet Explorer and Mozilla's Firefox. By default, Silk will connect to Amazon's cloud service, which will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components. That, said Amazon, will speed up browsing and let low-powered processors like those in the Fire render sites faster than other mobile browsers and devices.
But routing user traffic that way prompted some security and privacy experts to question Amazon's move weeks ago.
EFF, which declined to comment in detail last month, today said it had had questions, too, and had asked Amazon numerous questions about Silk's behavior and what data the giant online retailer will collect.
High on the EFF's list was how Silk will handle encrypted traffic to sites using SSL (secure socket layer) certificates and the HTTPS protocol.
"They made it very clear that they absolutely aren't 'man-in-the-middling,'" said Auerbach, referring to a term that describes intercepting traffic between a browser and a destination website.
Amazon's director of Silk development, Jon Jenkins, told EFF that "secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon's EC2 servers," according to a blog Auerbach published earlier today.
"That was one of the main reasons why we asked [Amazon] questions," said Auerbach, "because their messaging on that was so unclear."
Last month, Amazon had said only, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," a statement that some interpreted to mean that Amazon would use a man-in-the-middle SSL proxy to accelerate users' SSL browsing.
Silk will not accelerate SSL-encrypted browsing, said Auerbach, a win for users who may have been worried about Amazon seeing data used to log into secured sites, including banking, email and shopping websites.
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- SBIC: Transforming Information Security This report combines perspectives on technologies with experience in strategy to help security teams navigate complex decisions regarding technology deployments while maximizing investments.
- InfoTech: Cloud File Sharing Organizations are increasingly turning to cloud file sharing solutions to meet end-user's needs for a lightweight and effective collaboration tool. In this report,...
- Rethinking Backup and Recovery As enterprises continue to transform their data centers, and virtualization plays an increasing role in their IT infrastructures, the way data is backed...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!