Skip the navigation

Amazon answers some privacy concerns about new Silk browser

Privacy group EFF happy with some replies, but 'pretty serious' issues remain

October 19, 2011 04:13 PM ET

Computerworld - Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group today.

The Electronic Frontier Foundation (EFF) said that discussions with Amazon have allayed some, though not all, of its worries about Silk.

"We're happy with a lot of things that we were initially nervous about," said Dan Auerbach, a staff technologist with EFF, in an interview today. "But there are still some pretty serious remaining privacy concerns."

Amazon introduced Silk -- the browser that will be built into the Kindle Fire tablet -- late last month. The Fire, which is being pre-sold by Amazon for $199, will start shipping in mid-November.

Silk is based on the open-source WebKit engine -- the same that powers Google's Chrome and Apple's Safari -- and takes a different tack than rivals like those, Microsoft's Internet Explorer and Mozilla's Firefox. By default, Silk will connect to Amazon's cloud service, which will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components. That, said Amazon, will speed up browsing and let low-powered processors like those in the Fire render sites faster than other mobile browsers and devices.

But routing user traffic that way prompted some security and privacy experts to question Amazon's move weeks ago.

EFF, which declined to comment in detail last month, today said it had had questions, too, and had asked Amazon numerous questions about Silk's behavior and what data the giant online retailer will collect.

High on the EFF's list was how Silk will handle encrypted traffic to sites using SSL (secure socket layer) certificates and the HTTPS protocol.

"They made it very clear that they absolutely aren't 'man-in-the-middling,'" said Auerbach, referring to a term that describes intercepting traffic between a browser and a destination website.

Amazon's director of Silk development, Jon Jenkins, told EFF that "secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon's EC2 servers," according to a blog Auerbach published earlier today.

"That was one of the main reasons why we asked [Amazon] questions," said Auerbach, "because their messaging on that was so unclear."

Last month, Amazon had said only, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," a statement that some interpreted to mean that Amazon would use a man-in-the-middle SSL proxy to accelerate users' SSL browsing.

Silk will not accelerate SSL-encrypted browsing, said Auerbach, a win for users who may have been worried about Amazon seeing data used to log into secured sites, including banking, email and shopping websites.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!