EFF Gets Straight Privacy Answers From Amazon About New "Silk" Tablet Browser

Amazon recently announced that the new Kindle Fire tablet will ship with a brand new browser called Silk. The Silk browser works in “cloud acceleration” mode by routing most webpage requests through servers controlled by Amazon. Following the announcement, security experts as well as lawmakers have raised privacy questions and concerns about Silk. After all, while in cloud acceleration mode, the user is trusting Amazon with an incredible amount of information. This is because Amazon is sitting in the middle of most communications between a user's Fire tablet on the one hand, and the website she chooses to visit on the other. This puts Amazon in a position to track a user's browsing habits and possibly sensitive content. As there were a lot of questions that the Silk announcement left unresolved, we decided to follow up with Amazon to learn more about the privacy implications. Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu. When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting. Regarding cloud acceleration mode, here is what we found out: Amazon does not intercept encrypted traffic, so your communications over HTTPS would not be accelerated or tracked.

Though we are happy about some of the ways the browser protects the end user's privacy, a couple of serious privacy concerns remain that are worth pointing out. First of all, Amazon stores URLs you visit, and these sometimes contain identifying information. Second, in addition to URLs, the content of the EC2 servers' cache might in some instances contain information that could identify an individual.