Amazon’s Silk Browser Raises/Satisfies Privacy Concerns

Kindle FireAmazon’s new Kindle Fire tablet, introduced in late September, debuted the Silk browser as well. With the browser’s “cloud acceleration” mode routing traffic through Amazon’s servers, a few eyebrows were raised regarding user privacy. The Electronic Frontier Foundation took a closer look at the Silk browser to see just how it fares with protecting privacy.

The Silk browser uses a technology called “cloud acceleration mode” whose purpose is to speed up page downloads. To achieve this, web page requests are sent through Amazon’s servers with a persistent connection using the SPDY protocol and a parallel computing technique. It’s an unusual, but not unheard of, approach. And it’s on by default.

On the positive side, the EFF was pleased that Amazon does not intercept encrypted traffic. More and more websites are using HTTPS, the secured version of HTTP, and traffic to those sites is neither accelerated or tracked. HTTPS requests are sent directly to the origin’s servers and do not go through the Amazon EC2 servers. But that means they also don’t benefit from the acceleration technology. However, since so much traffic these days is going by way of HTTPS, Amazon has reason to make sure those pages load quickly as well.

The SPDY connection is another area of potential privacy concern in regards to what data it is captured and for how long. Amazon says it is only capturing three pieces of data: 1) the requested URL, 2) a time stamp, and 3) a token session identifier. They also said they keep this data for only 30 days. The EFF seemed reasonably satisfied that no identifying information was being tracked. SPDY also has the advantage of providing an encrypted connection directly to the Amazon servers. This provides some security when on an open wi-fi network and prevents your browsing from being spied upon.

There are some concerns, however. Amazon does store URLs you visit, and many URLs reached through search include the terms you used to find it. This can potentially provide a history of searches, and, potentially, provide user-identifiable information. But the way the data is collected, the search history is tied only to a browser session, and not connected over time. But it is also possible that user-specific information could be stored in Amazon’s EC2 cache.

Generally, the Silk browser fares pretty well with privacy concerns, and perhaps its best feature is the ability to turn off the cloud acceleration. The trade off between faster downloads of unsecured pages using Amazon’s servers or normal, albeit slower, browsing is your choice.