Amazon answers some privacy concerns about new Silk browser
Privacy group EFF happy with some replies, but 'pretty serious' issues remain
Computerworld - Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group today.
The Electronic Frontier Foundation (EFF) said that discussions with Amazon have allayed some, though not all, of its worries about Silk.
"We're happy with a lot of things that we were initially nervous about," said Dan Auerbach, a staff technologist with EFF, in an interview today. "But there are still some pretty serious remaining privacy concerns."
Silk is based on the open-source WebKit engine -- the same that powers Google's Chrome and Apple's Safari -- and takes a different tack than rivals like those, Microsoft's Internet Explorer and Mozilla's Firefox. By default, Silk will connect to Amazon's cloud service, which will handle much of the work of composing Web pages, pre-rendering and pre-fetching content, and squeezing the size of page components. That, said Amazon, will speed up browsing and let low-powered processors like those in the Fire render sites faster than other mobile browsers and devices.
But routing user traffic that way prompted some security and privacy experts to question Amazon's move weeks ago.
EFF, which declined to comment in detail last month, today said it had had questions, too, and had asked Amazon numerous questions about Silk's behavior and what data the giant online retailer will collect.
High on the EFF's list was how Silk will handle encrypted traffic to sites using SSL (secure socket layer) certificates and the HTTPS protocol.
"They made it very clear that they absolutely aren't 'man-in-the-middling,'" said Auerbach, referring to a term that describes intercepting traffic between a browser and a destination website.
Amazon's director of Silk development, Jon Jenkins, told EFF that "secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon's EC2 servers," according to a blog Auerbach published earlier today.
"That was one of the main reasons why we asked [Amazon] questions," said Auerbach, "because their messaging on that was so unclear."
Last month, Amazon had said only, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL," a statement that some interpreted to mean that Amazon would use a man-in-the-middle SSL proxy to accelerate users' SSL browsing.
Silk will not accelerate SSL-encrypted browsing, said Auerbach, a win for users who may have been worried about Amazon seeing data used to log into secured sites, including banking, email and shopping websites.
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Five Reasons to Think Again about UC There's a lot of noise out there about Unified Communications. Here are five good questions to ask yourself and your prospective UC vendor.
- A Unify Perspective: Gartner's Magic Quadrants for Unified Communication and Corporate Telephony Affirm Unify's Leadership Unify's OpenScape UC and Voice portfolio has placed in the "Leaders" quadrant - the "magic" quadrant - with an especially strong position for...
- A Unify Perspective: Gartner's Engagement Initiative Report Affirms the New Way to Work A transformation of the enterprise that amplifies collective effort, energizes the business and dramatically improves business performance. Experience the new way of working.
- Harmonize Your Communications Experience: Are you leading a double life? Bring your own device. Embrace flexible work lifestyles. Be mobile. Welcome to the era of the anywhere worker.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts