The Silk browser was only one of many revelations at Amazon's Kindle event last month, but it was a doozy. Expected to ship initially only on the Kindle Fire in November, Silk promises to learn how you browse and to predict where you're going to surf to next.
That kind of stickiness with your personal data left many security experts and some lawmakers uncomfortable. But the Electronic Frontier Foundation now says it believes Amazon will provide users with the tools to disentangle themselves.
The digital privacy rights group released a report yesterday analyzing several areas of concern it had with Silk, and how Amazon allayed them. The biggest problem for the organization was whether or not the "cloud acceleration" feature could be turned off, which Amazon confirmed to the group that it can. Cloud acceleration is active by default.
There were other problem areas, including secured traffic. Jon Jenkins, Amazon's director of Silk development, told the EFF that secure web page requests via SSL and HTTPS are not routed through Amazon's servers even when cloud acceleration is running. And as the report points out, an enormous number of Web sites force secure connections, so Amazon ought to have a vested interest in Silk resolving sites quickly even without cloud acceleration.
Amazon also told the EFF that Silk logs only three pieces of information regularly when using Google's SPDY protocol for faster connections to Web servers: the URL being requested, the time at which the request occurs, and a personal identification-free token used for identifying a session. Those logs are kept for 30 days.
Jenkins told the EFF that IP and MAC addresses are collected for technical troubleshooting, but are not associated with browsing history. He added that there is no way to connect logged information to a user's Amazon account, and that outgoing Amazon server (AWS) information isn't logged, either. Amazon said that it follows caching headers to prevent sensitive information from being sent over an unsecured connection.
The EFF noted that it still had some concerns about Silk. One of these is storing URLs visited, including search queries, which can sometimes contain identifying information. Another is Amazon's EC2 server cache, which could also contain information that could lead to uncovering a person's identity. A third is the potential for law enforcement to become interested in the collective browsing data of Amazon's users.
Even though the EFF concluded that the browser overall has enough privacy points to ensure that you won't be tracked all the time, people who are concerned about any of those last three issues--or about trusting Amazon in general to keep data safe--ought to turn off cloud acceleration when using Silk.