A variety of privacy questions have arisen over Amazon’s new Silk Web browser. Even members of Congress have questioned the online giant over the data collection of its browser. Now, the Electronic Frontier Foundation reports that it has discussed the privacy issues with Amazon:
Amazon recently announced that the new Kindle Fire tablet will ship with a brand new browser called Silk. The Silk browser works in “cloud acceleration” mode by routing most webpage requests through servers controlled by Amazon. […]
Following the announcement, security experts as well as lawmakers have raised privacy questions and concerns about Silk. After all, while in cloud acceleration mode, the user is trusting Amazon with an incredible amount of information. This is because Amazon is sitting in the middle of most communications between a user’s Fire tablet on the one hand, and the website she chooses to visit on the other. This puts Amazon in a position to track a user’s browsing habits and possibly sensitive content. As there were a lot of questions that the Silk announcement left unresolved, we decided to follow up with Amazon to learn more about the privacy implications.
Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu. When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting. Regarding cloud acceleration mode, here is what we found out: […]
Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. […]
Though we are happy about some of the ways the browser protects the end user’s privacy, a couple of serious privacy concerns remain that are worth pointing out.
First of all, Amazon stores URLs you visit, and these sometimes contain identifying information. To pick a prominent example, there is an opportunity to identify people through their search history with some degree of accuracy. Indeed, given the common practice employed by search engines of putting query terms in the URL as parameters, Amazon will effectively have a database of user search histories across many different search engines. […] Second, in addition to URLs, the content of the EC2 servers’ cache might in some instances might contain information that could identify an individual.
Moreover, the data collected by Amazon provides a ripe source of users’ collective browsing habits, which could be an attractive target for law enforcement. For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration.