The Latest in IT Security

Amazon Kindle Fire launches, a second look at Silk privacy

15
Nov
2011

Amazon Kindle FirePeople who pre-ordered an Amazon Fire Android tablet began receiving their units today. There are many reviews out there, so if that is what you are looking for I will leave you to read them at Wired, ars technica or elsewhere.

Now that Amazon has launched the Kindle Fire I wanted to revisit the privacy concerns I raised when they announced that their embedded browser, Silk, would use the SPDY protocol to proxy web traffic through Amazon’s servers.

EFF logoFortunately after my criticism and many others, Amazon sat down with the Electronic Frontier Foundation (EFF) and other privacy watchdogs to answer some of our questions.

The EFF asked Amazon whether Silk, when in cloud mode, will intercept SSL connections and redirect them through Amazon’s infrastructure. Amazon insists that HTTPS connections will go direct from the tablet and not redirect through Amazon.

This is in direct contradiction to their Silk browser FAQ which clearly states “We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL.”

Perhaps the FAQ is out of date, hopefully what they told the EFF is true.

The second issue concerned the logging of your web surfing by Amazon and how your data was being retained.

Confidential sealAmazon insists they are only logging the URL, a timestamp and a session identifier token. Yet, their terms and conditions also say they are logging IP addresses and MAC addresses, only for troubleshooting purposes.

Which is it? Whether Amazon intends to disclose the MAC and IP address or not, by possessing it they could be compelled to disclose it without notification.

If you read the EFF’s post, it sounds like they may be keeping the browsing logs separate from the IPs and MACs, more clarification from Amazon would be helpful.

There is a silver lining in the Silk cloud. The SPDY protocol itself is SSL encrypted between your Amazon Kindle Fire tablet and the Amazon cloud.

This means you actually gain some privacy and security when using unecrypted public WiFi at the airport, cafe or hotel.

Each user will need to decide for themselves whether to enable or disable this technology. There are risks and benefits, like most choices in life, and the trust you have in Amazon will determine whether you choose to take advantage of the performance improvements.

Amazon’s statements to the EFF contradict their own poorly written FAQ and Terms and Conditions.

If they are sincere in the information they have provided the EFF, it would be great if they were to update these public documents so all of us can have a clear understanding of what information Amazon is collecting about our surfing.

Leave a reply


Categories

WEDNESDAY, DECEMBER 11, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments